Kronos Malware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

On Tuesday, the cybersecurity firm published new research into the malware, saying that the latest Kronos variant, also known as Osiris, was discovered in July this year.

Three distinct, separate campaigns are already underway in Germany, Japan, and Poland which utilize the Trojan.

The primary infection vector is phishing campaigns and fraudulent emails, as well as exploit kits such as RIG. The malicious emails contain crafted Microsoft Word documents or RTF attachments with macros that drop and execute obfuscated VB stagers.

Kronos will harvest form values from unwitting victims that check their online accounts and may also conduct further keylogging to gain legitimate bank credentials. The latest configurations for the malicious script used is downloaded periodically from the C2 server.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Kronos malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware.

 

 

CVE-2018-15967

Threat Meter

 

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address an important vulnerability in Adobe Flash Player 30.0.0.154 and earlier versions. Successful exploitation could lead to information disclosure.

Source: Adobe

How do you protect yourself?

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product Version Platform Priority Availability
Adobe Flash Player Desktop Runtime 31.0.0.108 Windows, macOS 2 Flash Player Download Center

Flash Player Distribution

Adobe Flash Player for Google Chrome 31.0.0.108 Windows, macOS, Linux, and Chrome OS 2 Google Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 31.0.0.108 Windows 10 and 8.1 2 Microsoft Security Advisory
Adobe Flash Player Desktop Runtime 31.0.0.108 Linux 3 Flash Player Download Center

 

PyLocky Ransomware

Threat Meter

 

A concentrated spam campaign pushing ransomware is targeting businesses in Europe, encrypting files and demanding victims pay a ransom in order to retrieve them.

The new ransomware, which first appeared in July by researchers at Trend Micro shows that the ransomware is focused on targets in Europe, with France a particular target for the malware – by late August, almost two thirds of PyLocky spam was being sent to victims in France, along with a number sent to addresses associated with the New Calendoa, a French territory in the South Pacific.

Like many malware campaigns, the attacks begin with phishing emails designed to trick the victim into running a malicious payload. In this instance, message subject lines are focused around invoices and encourages the user to click on a link which drives them towards a URL used to deliver PyLocky.

The malicious URL contains a ZIP file which when run drops several C++ and Python libraries malware components along with the main ransomware executable ‘lockyfud.exe’ which is created using PyInstaller, a legitimate tool used to bundle Python applications into stand-alone executables.

Once a machine has been encrypted, PyLocker will display a ransom note claiming to be Locky ransomware and demands a ransom paid in cryptocurrency in order to “restore” the files – users are told that if they don’t pay, the ransom will double every 96 hours in what’s an effort to scare the victim into paying up sooner rather than later.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PyLocky ransomware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.