Trojan | Breaking Cybersecurity News | The Hacker News

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. " On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised." "We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments ." said in a post on the Opera Security Blog. Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. Opera plans to roll out a new version of its

The notorious Zeus Trojan , a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances. Trend Micro experts spotted another new variant of  ZBOT Malware which is capable of spreading  itself automatically via USB Flash Drives or removable drives. According to report , this particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document and when user opens this file using Adobe Reader, it triggers an exploit . Malware also has an auto update module, so that it can download and run an updated copy of itself. To self propagate, it creates a hidden folder with a copy of itself inside the USB drive with a shortcut pointing to the hidden ZBOT copy. Another variant of ZeuS #Malware spotted, with new feature of spreading itself automati

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

A new piece of sophisticated Android malware has been discovered by security researchers at Kaspersky Labs . Dubbed as Backdoor . AndroidOS . Obad . a , it is the most sophisticated piece of Android malware ever seen. It exploits multiple vulnerabilities , blocks uninstall attempts, attempts to gain root access, and can execute a host of remote commands. It include complex obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices . There are two previously unknown Android vulnerabilities exploited by Obad . It can gain administrator privileges, making it virtually impossible for a user to delete it off a device. Another flaw in the Android OS relates to the processing of the AndroidManifest.xml file. This file exists in every Android application and is used to describe the application's structure, define its laun

A new type of Android malware that can intercept text messages and forwarding to hackers is discovered by  the Russian firm Doctor Web . This is a very serious threat to users, because using this malware attackers can easily get two factor authentication code of your Email or bank accounts. The malware, dubbed as Android.Pincer.2.origin , is the second form of the original Android.Pincer  malware and is distributed as security certificates that the user must install. Upon launching Android.Pincer.2.origin , the user will see a fake notification about the certificate's successful installation but after that, the Trojan will not perform any noticeable activities for a while.  Android.Pincer.2.origin connects to a server and send text messages in addition to the other information as the smartphone model, serial, IMEI and phone number and the Android version is used. To malware then receive instructions from commands in the following format:  start_sms_forwarding [telephone number]

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when logging into a UK online banking session. The Ramnit worm was discovered in 2010, but in 2011 researchers spotted a new strain that had incorporated source code from the notorious Zeus banking trojan. Cyber criminals are stepping up their use of social engineering techniques to bypass increasingly security-aware users of online banking and e-commerce sites.   The malware reportedly avoids detection by going into an idle sleep mode until its intended victim logs into their online bank account, at which point it activates and presents them with a fraudulent phishing message. Ramnit circumvented the OTP feature at the target bank using a 'Man in the Browser' attack to in

Russian anti-virus company Doctor Web reports that a new Mac OS X adware Trojan spreading itself via crafted movie trailer pages that prompt users to install a browser plugin. Basically, an adware is any software package which automatically renders advertisements in order to generate revenue for its author. Dubbed as ' Trojan.Yontoo.1 ', Attackers have provided a number of alternative ways to spread the threat. The Trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator. When victim visits the site, the dialogue only imitates the traditional plate and specially designed by hackers to enter a potential victim of misleading. After pressing the « Install the plug-in » victim is redirected to the site to download malware. When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube. after the user presses ' Continue ', instead of the promised program, the

One of the best 3rd party Android Mobile Keyboard called ' SwiftKey ' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, " anyone pirating Swiftkey is taking a serious risk " developer said to ' The Hacker News '. He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs. " Cracked copies of PC and iPhone apps can have malware as well of course but on both those platforms most software is compiled to machine code. Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK. " he explained. He developed a keylogger from SwiftKey( APK Download ), a mali

A new malware threat for the Mac has been discovered that attempting to set up a secure connection for a remote hacker to connect through and grab private information. Dubbed " Pintsized " that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts. This backdoor Trojan can be used to conduct distributed denial of service (DDoS) attacks, or it can be used to install additional Trojans or other forms of malicious software. Since the connection between the hacker and the machine is encrypted, it becomes very hard for the Trojan to be detected or traced. The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection.  Trojan stays hidden by disguising itself as a file that is used for networked printers in Mac OS X. The location of the malware has been traced to this particular directory. This tactic conceals the Trojan and makes a moni

The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeare's "The Merchant of Venice". Shylock is one of the most advanced Trojans  currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly. According to security researchers from CSIS Security Group , the Skype infection is based on a malicious plugin called msg.gsm and allows the malware to send messages and transfer files, clean messages and transfers from Skype history and even bypass the Skype warning for connecting to servers. Beside the new ability to spread through Skype, Shylock can also spread through local shares and removable drives. Infection by the Trojan allows hackers to ste

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it's not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone. This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware. Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched. When it receives a DDoS attack command, the malware starts to send data packets to the sp

Trojan.Stabuniq geographic distribution by unique IP address Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq , the malware has been collecting information from infected systems potentially for the preparation of a more damaging attack. According to researchers , roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York. The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit . Such toolkits are commonly used to silently install malware on Web users' computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player , Adobe Reader , or Java. These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account information. Once in