Threat is greatly reduced, but still present through variant versions
Although Apple "quickly reacted" to a threat emanating from China last month where altered, pirated versions of Xcode found to contain non-threatening spyware were in use that could have been used to launch a greater attack, variant versions of the XcodeGhost malware are still present, and have been found on servers in the US in the enterprise sector. The actual danger is greatly reduced, as the command-and-control networks have mostly been disabled, but there is still some potential risk.
Apple already working on patch, potential mischief would be limited in scope
A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.
Chinese malware was not malicious, but points out new vector of attack
Apple has now responded publicly to the XcodeGhost malware scare, explaining in a page on its Chinese website addressed to customers that even if they used apps affected by the issue, no personally-identifiable information was gathered. The company removed any affected apps, and explained the cause (iOS programs were built using compromised Chinese versions of Xcode downloaded from other sources), while offering developers a method of ensuring that their own installations of Xcode were valid.
Does no harm, but could be used by others to gain access to password database
The latest version of the adware toolbar malware known as Genieo now has the ability to access the OS X Keychain without user knowledge, thanks to privileges gained during the initial install where the user willingly uses their admin password. Though the program itself does not use the technique to cause any malicious harm on its own, the trick will likely be copied and used by others to possibly compromise the security of the OS X password manager. The technique exploits no hack or flaw, but abuses existing privileges.
Website can mimic malware report from software, thus obtaining admin password
Users of controversial utility software MacKeeper who are not up-to-date on the latest version are vulnerable to a serious security flaw that can trick users into passing their admin passwords onto attackers, thus leaving the Mac vulnerable to a complete remote takeover. Though the problem has been fixed in version 3.4.1 of the much-maligned "cleanup" utility, the flaw is being actively exploited in the wild by attackers preying on users who have not updated.
Contentious utility ignored Apple guidelines, created zero-day exploit
Controversial software package MacKeeper -- long a sore spot with veteran users due to its aggressive and fear-based advertising, reputation for causing more problems than it might solve, and deliberate difficulty and obfuscation when users want to remove it -- has often been labelled junkware, extortionware, trickware, or even a form of malware in its own right, despite the company's protestations. A security researcher has now found, however, that the program contains a critical security flaw that leaves users vulnerable to attack.
CoinVault victims can use tool to decrypt files encrypted by ransomware
Victims of one strain of "ransomware" may be able to get their data back. A collaboration between the Netherlands Police's National High Tech Crime Unit (NHTCU) and security company Kaspersky, a tool has been created that can be used to decrypt data encrypted by the CoinVault malware, potentially saving many users from paying a random or having to rebuild their data if backups failed.
Toolbar removable by deleting in the browser extension menu
Oracle's Java Update 8 Update 40 for OS X has an unexpected surprise for installers. The update instructions note that the company has "partnered with companies that offer various products" and will install the borderline-malware Ask.com toolbar into unsuspecting OS X users' systems.
More than 100 banks reportedly affected by hackers since 2013
Hackers have stolen more than $300 million from financial institutions around the world, according to a report from Kaspersky Lab provided to the New York Times. More than 100 banks in over 30 countries have allegedly been the victims of a malware-based attack, which began in 2013, though it appears the criminals behind it employed more sophisticated techniques than other malware intrusions, such as that of Target.
Avast discovers Android app malware that triggers days after initial installation
Millions of Android users are at risk from malicious apps offered for download on Google Play, an antivirus firm has revealed. A card game called Durak downloaded between 5 million and 10 million times, an IQ test, and a history app are all said by an Avast researcher to include malware which can trick users into paying for services or buying apps they do not need.
Requires physical access, but works on OS X, Windows, Linux
A new USB microcontroller -- roughly the size of a small thumb drive -- has been demonstrated as a proof-of-concept device that leverages a serious and unfixable vulnerability in USB easily take over and install malware on any unlocked computer. Though it requires physical access or tricking the user into inserting the controller into a USB port, the device has worrying implications for any computer left unattended for more than a minute -- the time it takes for the device to gain admin access, change network settings, install a backdoor and remove any obvious sign of intrusion.
Un-jailbroken iOS devices safe from attack; Android, Windows smartphones at most risk
Beginning in Russia and spreading quickly to other countries, a new variation on the formerly-dormant Red October malware has been detected by security firms such as Blue Coat and Kaspersky this week. The new version -- which is notably targeting smartphones of diplomats, military leaders and business executives -- contains a level of sophistication in the function and code that suggests a rogue state, which would have the resources to assemble the talent, is backing the attack.
Malware gave 'unauthorized person' access to plaintext information for at least 39 days
In a statement, electronic payment gateway provider Charge Anywhere announced that it had discovered "malware that had not been previously detected by any anti-virus program" in their system. The discovery was made after an unnamed party requested the company investigate some unauthorized transactions that appeared to be made legitimately.
FBI gives guidance to major US corporations, including who to notify during attack
While not specifically naming any names, the FBI has warned that a major cyberattack has taken place against US businesses in the last two weeks. The advisory, likely given in the wake of the enormous Sony breach, gives some details about the tools used in the assault, and provides advice to the businesses on how to respond to the package, which includes informing the FBI.
Company achieves revenue growth after breach fallout, full impact still unknown
Home improvement retailer Home Depot is still locked into a battle over the security breach it reported in September that put 56 million credit cards at risk. However, the fight is no longer against cyber criminals, but rather consumers affected by the breach and government agencies. To date, the retailer is involved in "at least 44 civil lawsuits" in the US and Canada.
Encourages customers to download from trusted sources, notes software warnings
Rebutting advice from the Department of Homeland Security and other sources that have sought to sow fear in users with regards to the "Masque" malware attack, Apple late on Thursday issued a statement saying it is unaware of any actual cases of the malware attacking iOS users. The statement comes on the heels of fast action by the iPhone maker to stop a similar attack dubbed "Wirelurker," in which a now-revoked Enterprise Provisioning certificate was being used to spread potential malware. Apple has not specified if it has fixed the flaw the Masque malware exploits.
Can affect non-jailbroken iOS devices; currently distributed through unofficial Chinese store
A new malware threat to iOS has been discovered that can invade the normally well-protected mobile system through a flaw in OS X and USB that allows packages to be installed through enterprise provisioning. Called "WireLurker," the malicious OS X application (once installed) will monitor for new iOS package installs, and then exploits a weakness in USB to install malware into the target iOS device. Once it is installed, the iOS malware tries to harvest personal data like contacts.
DoD, other secure networks unaffected, claims White House official
Late Tuesday, the White House information technology department detected what it calls "unusual activity" on an unclassified network used by employees. While administration officials claim that there were no indications that classified networks had been penetrated, Electronista has learned that the entire IT suite for the Executive Office of the President (EOP), classified and not, is being swept and examined for malware suspected to be from a foreign source.
CryptoWall 2.0 ransomware discovered being pushed by malicious advertisements
A new ransomware attack has been taking place, infecting victims by spreading malware via advertising networks on major sites, a report claims. Appearing on a number of high-profile websites, the malicious advertising pushed the CryptoWall 2.0 ransomware using Flash exploits, encrypting the victim's local storage and demanding a fee to decrypt it before a payment deadline elapses.
Kmart offering identity theft protection, credit monitoring
Sears-owned retailer Kmart has declared that it has suffered a massive data breach. The company said late Friday that a malware attack that began harvesting data from it its point-of-sale computer systems in early September was "new form of malware" and "similar to a computer virus." Few details have been released by Kmart, but the company warns that it could include every shopper between September 1 and Thursday, October 9. Online shoppers were not impacted by the breach.
Malware entry vector not yet identified; may capitalize on jailbreak compromise
In an almost unheard-of claim, Lacoon Mobile Security has said that it has discovered a new spyware attack that targets both iOS and Android devices and which appears to be aimed specifically at Hong Kong pro-democracy protesters. Lacoon says it made the discovery while investigating the Android version, but did not clarify how the malware might be installed, or overcome the security built into iOS that has, thus far, kept it largely immune to serious malware or viruses.
Assault detected July 30, all stores purged by September 5.
Sandwich chain Jimmy John's has reported a security breach, exposing information from customers of 216 locations. According to the chain, the company discovered at the end of July that an unknown assailant stole credentials from a vendor, and accessed the point-of-sale system. This action installed data-collecting malware at some locations between June 16 and September 5 of this year, with most infestations cleared out before the middle of August. The company reports that the security problem has been addressed, and it is once again safe to use credit cards at all stores.
Security steps, including terminal removal, outlined, malware evaded detection
More information on the breach of home improvement retailer Home Depot was announced today. While the company still says that only stores in North America are affected by the breach, it now adds that the information from 56 million unique payment cards was at risk. The company provided further insight into the steps taken since the breach, including adding stronger encryption, after the malware from terminals was completely removed.
Malware injected by raffle link sells items in Steam inventory, trades to specific account
Security firm F-Secure was recently alerted to a wave of malware targeting the Twitch game streaming audience as a way to turn a quick buck. The target of the Windows-based malware infection isn't aimed at stealing credit card information or joining into an click-through advertising botnet, but rather selling items of value that are associated with a Steam account.
Breach confirmed for April forward as investigation continues, no evidence of PIN theft
An initial investigation by Home Depot into an intrusion of its payment data systems has revealed that its systems were indeed breached. The home improvement retailer began looking into the breach of its systems after it noticed irregular activity and subsequent sale of its customer data last week. Home Depot was apparently hit by the same malware responsible for the breach of Target's systems.
Security firms says malvertising hit sites such as Java, DeviantArt and Photobucket
A "malvertising" campaign made the rounds last week hitting at least eight high-profile websites according to security firm Fox-IT. The firma noticed that the sites were redirecting their visits to other places, allowing it to discover that sites were using vulnerabilities in software like Java and Flash to inject malicious programs. The purpose of the "malvertising" was to infect machines with botnet malware involved in boosting advertisement clicks.
Stores in 24 states affected by breach, spanned up to seven months in some cases
The UPS Store chain of delivery and packaging facilities has reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff," according to the New York Times.
Malware strikes un-updated Synology NAS units
Synology product users affected by the SynoLocker attack may have lost their files to the cryptoware. Representatives from Synology have informed Electronista that at this time, they are unable to provide assistance recovering data that has been forcibly encrypted by the malware.
Evolving malicious tool adopts service model, grows increasingly complex
The market for malware tools is expanding, including the purchase of pre-made tools for a hefty fee from underground developers. One such tool aimed at Android, iBanking, promises to conduct a number of malicious actions including intercepting text messages, stealing phone information, pulling geolocation data and constructing botnets with infected devices. All it would cost to obtain the program is $5,000, even after its source code leaked earlier in the year.
Facebook introduces free downloads of anti-malware software
Facebook has announced that it has added downloadable anti-malware software to its abuse detection and prevention systems. Provided in conjunction with F-Secure and Trend Micro, Facebook's new service is aimed at Windows users with infected devices. A pop-up notification appears upon signing into Facebook on an infected device; the app sends scan notifications within Facebook, and when the scanning is completed, the software uninstalls.
Verify Apps updated to check for Android malware regularly after installation
Google is attempting to improve the security of Android, by changing the way it monitors apps on mobile devices. The Verify Apps service, which protects smartphones and tablets by checking the apps for malware at the time of installation and warning over potentially harmful software, will be updated to provide constant on-device monitoring of apps after the installation.
Media attention succeeds where developer reports failed
Thanks to media attention, Apple has now pulled an adware- and malware-laced fake "Tor browser" app from the App Store, months after it was first reported to be a fraud. The Tor project team has repeatedly complained about the fake app since December, as it was neither submitted by the team nor in any way official, but only when iOS news sites like this one picked up on the story did Apple take action.
Malware identified before it sent any customer data outside Target
Reports are circulating that Target knew of its "Black Friday" data breach much earlier than it said it did. Allegedly, the company was alerted by security firm FireEye that there was a potential problem as early as November 30, but no action was taken. Additionally, auditors discovered that Target had disabled features of its security suite that could have removed the infection, prior to it purloining millions of sets of customer's payment method data.
NSA shifting from personal hack to 'industrial scale' widespread attacks
Recently-examined Snowden-leaked documents have shown that the NSA is looking at significantly growing its ability to install malware on a large scale, using automated systems and falsified websites. The documents detail efforts to fake a Facebook server, with the targeted population infected upon visitation of the spoof site.
Remote access tool Dendroid injects malware code into APK files
A HTTP new remote access toolkit (RAT) that is cause for concern has surfaced, according to anti-virus/anti-malware program maker Symantec, which makes turning legitimate Android apps into malware easier than before. The program, Dendroid (tagged as Android.Dendoroid by the security company), offers an easy-to-use commercial solution to inject malicious code for trojan access into APK files for placement on Android marketplaces, bypassing security checks.
Now being spread through Bitcoin programs found on download.com
The newly-detected OS X malware dubbed "OSX/CoinThief.A," a "trojan horse" that disguises itself as a copy of a legitimate app, has spread to other Bitcoin applications. SecureMac, an anti-virus software seller, discovered the original implementation of the malware disguised as a pre-compiled version of an open-source Bitcoin tool. It has now been seen pretending to be other Bitcoin apps, some of which are available on Download.com.
Trojan horse Flashback botnet returns, Intego VirusBarrier includes protection
The Flashback botnet -- a malware attack which first appeared in 2011 -- has been noted as being still a threat in 2014, according to Intego. Beginning January 2, Intego studied command and control domains, and its sinkhole servers recorded all connections from Macs where Flashback is still active, trying to contact the command and control servers. This research, as of Tuesday, counted 14,248 unique identifiers of Flashback variants.
Claims 'real-world' security testing by users makes it better
In the face of security studies that show that more than 90 percent of new mobile malware is found on the Android platform, Google's Chairman Eric Schmidt raised eyebrows and drew laughter at a Gartner symposium and IT expo by refuting a presenter's statement that the platform has serious security and fragmentation issues, claiming both that Android is "more secure than the iPhone," and that access to Google Play eliminates the issue of Android fragmentation.
More uniform cross-platform interface, offers iOS, Android security
Webroot has launched the latest versions of its SecureAnywhere range of home computer security suites. The new Webroot SecureAnywhere Antivirus, Internet Security Plus, and Internet Security Complete adds new detection technology for protecting against new malware and phishing attacks, along with a redesigned interface for easier monitoring.
Apple's iOS seen to have 0.7 percent of threats targeting it
A memo written by the US Department of Justice and the Department of Homeland Security last year found that around 79 percent of mobile malware is designed to attack vulnerabilities in Android, with another 19 percent exploiting flaws in the discontinued but still widespread Symbian. Apple's iOS was seen to be threatened by 0.7 percent, while system such as Windows Mobile and BlackBerry drew only 0.3 percent of threats.
More questions raised about Apple app approval process
The security of Apple’s App Store approval process has had its credibility challenged following revelations that it approved an app that was submitted by researchers with remotely assembled malware hidden in its code. According to Technology Review, the team from Georgia Tech monitored the app throughout the approval process and found that Apple only ran the app for a few seconds before approving it. This did give Apple the time to detect the malicious code which subsequently assembled into malware that could steal personal information, device IDs, photos as well as send texts and emails.
Exploits, malware, tools purchased by FBI for remote surveillance hacks
The Federal Bureau of Investigation is able to listen into and record conversations through microphones connected to computers, as well as through Android smartphones, according to a report. The bureau is said to have used hacking tools, including spyware and other malware, that it has purchased from individuals and hacker collectives to gain access to mobile devices, in order to eavesdrop.
Already in iOS 7 beta; hack demonstrated earlier today
Apple says it has already fixed an obscure security flaw that could have allowed hackers to access data on an iOS device through the use of a specially-designed custom USB device that looks like a charger but in fact contains a tiny Linux-powered computer designed to insert malware. The fix is already present in the most recent iOS 7 beta and will be incorporated into the OS when it is released to the public this fall, the company says, and involves notifying users whenever they connect to another computer, even through the power adapter.
Until XProtect updated, only cure is to reset browser
US Government-sponsored report claims China biggest offender
The US Commission on the Theft of American Intellectual Property has released a report, calling for the use of malware and root kits to enforce US corporate-owned copyrights and media. As proposed, the report calls for the infringing file to be "rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account."
App dumps screenshots into a folder, command and control servers inactive
A new semi-functional malware has been found for OSX. Discovered on a computer at the Oslo Freedom Forum by researcher Jacob Appelbaum, the OSX/KitM.A is a backdoor application which launches on boot and captures screenshots on a regular basis, which are then dumped in a folder.
Trojan horse points to non-functional webpage, part of sound file
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.
BlackBerry, iOS, Windows Mobile have fewest and most innocuous threats
(Updated with Phil Schiller Twitter post) For years, Mac owners have gently rebuffed the myth that the Mac is so resistant to viruses because of "security through obscurity." No, they'd say, it's because the OS is better hardened against threats. Now the malware discussion has moved on to mobile, and that case is being debated anew: the most popular and one of the fastest-fading current cellphone OSes are responsible for a whopping 89 percent of all mobile device malware, while three of the most well-known smartphone platforms -- iOS, Blackberry and Windows Mobile -- have the fewest issues.
Exploits affect both platforms, one targets the Mac specifically
Adobe has issued a patch to update Flash on both the Mac and Windows platform in order to fix two new vulnerabilities already being exploited "in the wild" to spread malware. One of the targeted attacks using the exploit works equally well against Mac users as it does against Windows users. Visitors are tricked into downloading and opening MS Word files that contain malicious Flash content, while the other vulnerability users a similar technique but only affects Windows users.
Users of infected machines warned about malware
Microsoft and Symantec have shut down the Bamital botnet, after obtaining a court order to seize the network's controlling servers. The network, dedicated to redirecting users of computers infected with malware to incorrect search results and online advertisements, is estimated to have earned around $1 million per year for it's operators.