#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Trojan | Breaking Cybersecurity News | The Hacker News

Category — Trojan
AOL Advertising Network Abused to Distribute Malware

AOL Advertising Network Abused to Distribute Malware

Jan 07, 2015
Security researchers have uncovered a malvertising campaign used to distribute malware to visitors of The Huffington Post website, as well as several other sites, through malicious advertisements served over the AOL  advertising  network . At the end of last year, Cyphort Labs, security firm specialized in detecting malware threats, came across some malicious advertisements that were being served on the United States and Canadian versions of the popular news website The Huffington Post . The malicious advertisements eventually redirected visitors of the news website to other websites hosting exploit kits, in order to attack victims' computers and install malware. Researchers discovered that the malvertising campaign originates with ads being served by AOL's Advertising.com network. Once clicked, users are redirected through a series of redirects, some of which used HTTPS encrypted connections, to a page that served either the Neutrino Exploit Kit or the Sweet Orange E
After Takedown, GameOver Zeus Banking Trojan Returns Again

After Takedown, GameOver Zeus Banking Trojan Returns Again

Jul 12, 2014
A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

Jun 28, 2014
The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors. Until now, we have seen banking Trojans affecting devices and steal users' financial credentials in order to run them out of their money. But nowadays, malware authors are adopting more sophisticated techniques in an effort to target as many victims as possible. BANKING MALWARE WITH NETWORK SNIFFING Security researchers from the Anti-virus firm Trend Micro have discovered a new variant of banking malware that not only steals users' information from the device it has infected but, has ability to " sniff " network activity in an effort to compromise the devices of same network users as well. The banking malware, dubbed as EMOTET spreads rapidly through spammed emails that masquerade itself as a bank transfers and shipping invoices. The spammed email comes along with an attached link that users easily click, considering that t
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Jun 13, 2014
A new and relatively rare Zeus Trojan  program has found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim's computer. Researchers at RSA Security's FraudAction team have discovered this new and critical threat, dubbed as ' Pandemiya ', which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies. The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus . But, Pandemiya is something by far the most isolated and dangerous piece of malware
New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

May 24, 2014
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers. BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions. Now the latest one is the ' Nemanj
FBI raids BlackShades RAT Malware Customers in Europe and Australia

FBI raids BlackShades RAT Malware Customers in Europe and Australia

May 16, 2014
When it comes to crime, whether it's an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement authorities to arrest a particular group of cyber criminals and Hackers. The FBI has targeted the customers of a popular Remote Administration Tool (RAT) called ' blackshades ', which allows them to connect and manage thousands of remotely infected computers over the Internet. WHAT IS BLACKSHADES RAT?? ' Blackshades ' is a remote administration tool (RAT) which allows an attacker to control several clients from around the world.  Blackshades  malware   is fully equipped with Drive-by attacks, Java exploits, keylogger and it allows an attacker to steal usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst
LOL, Jar File Malware Just Goes Viral Through Facebook Messages

LOL, Jar File Malware Just Goes Viral Through Facebook Messages

May 14, 2014
If you came across any suspicious Facebook message with ' LOL ' text or a fake Image file send by any of your Facebook friend, avoid clicking it. A Trojan horse is currently circulating in wild through the Facebook social network that could steal your Facebook account data and Credentials. Security researchers spotted  this malware campaign first in the beginning of March this year, where the Trojan spreads itself through the Facebook's Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named " IMG_xxxx.zip ". In Past two weeks, many of our readers informed us that they received similar ZIP files from their trusted Facebook friends. The Hacker News team also noticed that despite after several warnings in media, once again the malware campaign just goes viral like any other video scam , but this time directly through users' inbox-to-inbox. HOW DOES
Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money

Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money

May 11, 2014
Before Ransomware, Click fraud was one of the popular and efficient ways for cybercriminals to make money and with the explosive growth in the size of the online threats it is still making its way on the Internet. " Click-Fraud " is the practice of deceptively clicking on search ads with the intention of either increasing third-party website revenues or exhausting an advertiser's budget. Besides the search results, we all have seen advertisements placed in the search engine's WebPage. If the visitor clicks the Ad, the advertiser has to pay a fee to the search engine. A problem that has arisen with pay-per-click is results in Click-Fraud. The term " fraud " is used because in either case, the advertiser is paying for a click without receiving any true value. Of course, the number of clicks has to be large enough in order to gain a considerable amount of money, and in order to do that an attacker can use an automated script or malicious program to simulate multiple clicks b
ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

Apr 21, 2014
ZeuS , or Zbot is one of the oldest families of financial malware , it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads. Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.  FREE! FREE! ZeuS BRINGS ROOTKIT UPDATE Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries. The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infecte
Most Sophisticated Android Bootkit Malware ever Detected; Infected Millions of Devices

Most Sophisticated Android Bootkit Malware ever Detected; Infected Millions of Devices

Apr 03, 2014
Hardly two month ago we reported about the first widely spread Android Bootkit malware , dubbed as ' Oldboot.A ', which infected more than 500,000 Smartphone users worldwide with Android operating system in last eight months, especially in China. Oldboot is a piece of Android malware that's designed to re-infect Mobile devices even after a thorough cleanup. It resides in the memory of infected devices;  It modify the devices' boot partition and booting script file to launch system service and extract malicious application during the early stage of system's booting. Yet another alarming report about Oldboot malware has been released by the Chinese Security Researchers from ' 360 Mobile Security '. They have discovered a new variant of the Oldboot family, dubbed as ' Oldboot.B ', designed exactly as Oldboot.A, but new variant has advance stealth techniques. Especially, the defense against with antivirus software, malware analyzer, and automatic a
Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

Mar 18, 2014
In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH b ackdoor trojan and  credential stealer  named Linux/Ebury ,  that allows  unauthorized access of an affected computer to the remote attackers. Antivirus Firm ESET's Reseacher team has been tracking and  investigating the operation behind Linux/Ebury and today team  uncovers the details [ Report PDF ] of a massive,  sophisticated and organized  malware campaign called ' Operation Windigo ', infected more than 500,000 computers and 25,000 dedicated servers. ' We discovered an infrastructure used for malicious activities that is all hosted on compromised servers. We were also able to find a link between different malware components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group. '  ESET reported. Malware used in Operation Windigo: Linux/Ebury –  an OpenSSH backdoor use
First Tor-Based Android Malware Spotted in the Wild

First Tor-Based Android Malware Spotted in the Wild

Feb 25, 2014
We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.  Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted  the world's first Tor-Based Malware for Android Operating system. The Android Malware dubbed as ' Backdoor. AndroidOS .Torec.a ', using Tor hidden service protocol for stealth communication with Command-and-Control servers. Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called ' Orbot ', thus eliminating the threat of the botnet being de
Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

Jan 31, 2014
After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale (POS) system has become a new target for the cyber criminals. Despite the BlackPOS malware of Point of Sale (POS) system that comes out as the major cause of these data breaches, malware writers are upgrading and developing more Trojans to target POS system. In December, the security researchers at anti-virus firm Kaspersky Lab discovered a Tor-based banking trojan , dubbed " ChewBacca ", that was initially categorized as a Financial trojan, but recently security researchers at RSA have uncovered that 'ChewBacca' is also capable of stealing credit card details from point of sale systems. ' ChewBacca ', a relatively new and private Trojan, used in the 11 countries as a POS malware is behind the electronic theft. ChewBacca communicat
ICEPOL Ransomware Servers seized by Romanian Police that infected 260,000 Computers

ICEPOL Ransomware Servers seized by Romanian Police that infected 260,000 Computers

Jan 30, 2014
After Financial and Banking Malwares, Ransomware has become the first choice of money motivated cybercriminals. A new Ransomware Trojan known as ICEPOL has been one of those widespread malware which has been successfully installed approximately 267,786 times worldwide and 42,400 in the USA alone over a five month period, analyzed by the security firm BitDefender . The ICEPOL Trojan categorized as Ransomware that locks your PC and demand for a ransom amount to unlock it. The Malware was using a previously known vulnerability in Java software i.e. CVE-2013-0422 to infect the systems. The malware threatened the user with accusations of illegal piracy or ' porn-related activity ' and requires money for exemption from punishment that pretends to be from the 'police'. " The ICEPOL Trojan extorted victims who downloaded it by sending them a message in any one of 25 languages purporting to be from police accusing them of downloading copyrighted material
Rakabulle, Advance File Binder from DarkComet RAT Developer

Rakabulle, Advance File Binder from DarkComet RAT Developer

Jan 17, 2014
I hope you all still remember the famous and powerful Remote Administration Tool (RAT) called ' Dark Comet ', developed by a French computer geek ' Jean-Pierre Lesueur ', also known as ' DarkCoderSc '. However, He had closed the Dark Comet project, when the Syrian government found to be using it to track down and to spy on their people. After that  DarkCoderSc  started working under a new banner ' Phrozen Software ' to develop many new security softwares and penetration testing tools. Just yesterday, Jean-Pierre and his team-mate Fabio Pinto  from French University, have released a new tool called ' Rakabulle ', a file binder with some cool features for penetration testers and malware researchers. File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be exe
Expert Insights / Articles Videos
Cybersecurity Resources