#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Trojan | Breaking Cybersecurity News | The Hacker News

Category — Trojan
Kaspersky: NSA Worker's Computer Was Already Infected With Malware

Kaspersky: NSA Worker's Computer Was Already Infected With Malware

Nov 17, 2017
Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware. Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware. According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC. The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader. Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classi
How Just Opening A Malicious PowerPoint File Could Compromise Your PC

How Just Opening A Malicious PowerPoint File Could Compromise Your PC

Aug 14, 2017
A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office . The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry. Researchers believe this attack involves the use of a sender address disguised as a legitimate ema
Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

Oct 31, 2024Identity Security / Browser Security
In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data breaches, account takeovers, and credential theft. The "Enterprise Identity Threat Report 2024" ( download here ) is based on exclusive data available only to the LayerX Browser Security platform. This data derives from LayerX's unique visibility into every user action in the browser, across industries. It provides a detailed analysis of emerging risks and uncovered hidden threats. To register to a live webinar to cover the key findings in this report, Click here . Below is a deeper dive into some of the report's most critical findings: 1. The Greatest Risk Comes from 2% of Users Security profe
This Android Hacking Group is making $500,000 per day

This Android Hacking Group is making $500,000 per day

Jul 02, 2016
Own an Android smartphone? Hackers can secretly install malicious apps, games, and pop-up adverts on your smartphone remotely in order to make large sums of money. Security researchers at Cheetah Mobile have uncovered one of the world's largest and most prolific Trojan families, infecting millions of Android devices around the world. Dubbed Hummer , the notorious mobile trojan stealthily installs malicious apps, games, or even porn apps onto victim's phones and yields its creators more than $500,000 (£375,252) on a daily basis. First discovered in 2014 by Cheetah Mobile, Hummer gained traction in early 2016 when the Trojan family was infecting "nearly 1.4 Million devices daily at its peak" with 63,000 infections occurring daily in China, according to researchers at Cheetah Mobile Security Research Lab. "This Trojan continually pops up ads on victims' phones, which is extremely annoying," researchers wrote in a blog post. "It also pushe
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
Russia arrests 50 hackers who stole $25 million from Banks

Russia arrests 50 hackers who stole $25 million from Banks

Jun 03, 2016
Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole
Whistleblowers' Lawyer Finds Malware On Hard Disk Planted By Police

Whistleblowers' Lawyer Finds Malware On Hard Disk Planted By Police

Apr 16, 2015
An Arkansas lawyer representing three police whistleblowers has claimed that the law enforcement officials at the Fort Smith Police Department (FSPD) tried to infect his computer with Trojan viruses in order to spy on their legal opponents. What's the issue? A lawyer Matthew Campbell of the Pinnacle Law Firm in North Little Rock is representing Don Paul Bales, Rick Entmeier, and Wendall Sampson, current and former officers of the Fort Smith Police Department in the lawsuit since January 2014. The three whistleblowers exposed some frauds within the corrupt department, and, therefore, the police have illegally investigated them. " Since July 2013, the plaintiffs have been the target of nearly two dozen various investigations , Campbell told the Northwest Arkansas Democrat Gazette. " [This range] from accusations that they misspent FSPD funds to allegations that they were impugning the FSPD on Facebook. " What happened? Campbell provided a blank ha
AOL Advertising Network Abused to Distribute Malware

AOL Advertising Network Abused to Distribute Malware

Jan 07, 2015
Security researchers have uncovered a malvertising campaign used to distribute malware to visitors of The Huffington Post website, as well as several other sites, through malicious advertisements served over the AOL  advertising  network . At the end of last year, Cyphort Labs, security firm specialized in detecting malware threats, came across some malicious advertisements that were being served on the United States and Canadian versions of the popular news website The Huffington Post . The malicious advertisements eventually redirected visitors of the news website to other websites hosting exploit kits, in order to attack victims' computers and install malware. Researchers discovered that the malvertising campaign originates with ads being served by AOL's Advertising.com network. Once clicked, users are redirected through a series of redirects, some of which used HTTPS encrypted connections, to a page that served either the Neutrino Exploit Kit or the Sweet Orange E
After Takedown, GameOver Zeus Banking Trojan Returns Again

After Takedown, GameOver Zeus Banking Trojan Returns Again

Jul 12, 2014
A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which
New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

Jun 28, 2014
The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors. Until now, we have seen banking Trojans affecting devices and steal users' financial credentials in order to run them out of their money. But nowadays, malware authors are adopting more sophisticated techniques in an effort to target as many victims as possible. BANKING MALWARE WITH NETWORK SNIFFING Security researchers from the Anti-virus firm Trend Micro have discovered a new variant of banking malware that not only steals users' information from the device it has infected but, has ability to " sniff " network activity in an effort to compromise the devices of same network users as well. The banking malware, dubbed as EMOTET spreads rapidly through spammed emails that masquerade itself as a bank transfers and shipping invoices. The spammed email comes along with an attached link that users easily click, considering that t
Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Jun 13, 2014
A new and relatively rare Zeus Trojan  program has found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim's computer. Researchers at RSA Security's FraudAction team have discovered this new and critical threat, dubbed as ' Pandemiya ', which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies. The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus . But, Pandemiya is something by far the most isolated and dangerous piece of malware
New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

May 24, 2014
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers. BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions. Now the latest one is the ' Nemanj
FBI raids BlackShades RAT Malware Customers in Europe and Australia

FBI raids BlackShades RAT Malware Customers in Europe and Australia

May 16, 2014
When it comes to crime, whether it's an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement authorities to arrest a particular group of cyber criminals and Hackers. The FBI has targeted the customers of a popular Remote Administration Tool (RAT) called ' blackshades ', which allows them to connect and manage thousands of remotely infected computers over the Internet. WHAT IS BLACKSHADES RAT?? ' Blackshades ' is a remote administration tool (RAT) which allows an attacker to control several clients from around the world.  Blackshades  malware   is fully equipped with Drive-by attacks, Java exploits, keylogger and it allows an attacker to steal usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst
LOL, Jar File Malware Just Goes Viral Through Facebook Messages

LOL, Jar File Malware Just Goes Viral Through Facebook Messages

May 14, 2014
If you came across any suspicious Facebook message with ' LOL ' text or a fake Image file send by any of your Facebook friend, avoid clicking it. A Trojan horse is currently circulating in wild through the Facebook social network that could steal your Facebook account data and Credentials. Security researchers spotted  this malware campaign first in the beginning of March this year, where the Trojan spreads itself through the Facebook's Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named " IMG_xxxx.zip ". In Past two weeks, many of our readers informed us that they received similar ZIP files from their trusted Facebook friends. The Hacker News team also noticed that despite after several warnings in media, once again the malware campaign just goes viral like any other video scam , but this time directly through users' inbox-to-inbox. HOW DOES
Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money

Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money

May 11, 2014
Before Ransomware, Click fraud was one of the popular and efficient ways for cybercriminals to make money and with the explosive growth in the size of the online threats it is still making its way on the Internet. " Click-Fraud " is the practice of deceptively clicking on search ads with the intention of either increasing third-party website revenues or exhausting an advertiser's budget. Besides the search results, we all have seen advertisements placed in the search engine's WebPage. If the visitor clicks the Ad, the advertiser has to pay a fee to the search engine. A problem that has arisen with pay-per-click is results in Click-Fraud. The term " fraud " is used because in either case, the advertiser is paying for a click without receiving any true value. Of course, the number of clicks has to be large enough in order to gain a considerable amount of money, and in order to do that an attacker can use an automated script or malicious program to simulate multiple clicks b
ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

Apr 21, 2014
ZeuS , or Zbot is one of the oldest families of financial malware , it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads. Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.  FREE! FREE! ZeuS BRINGS ROOTKIT UPDATE Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries. The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infecte
Most Sophisticated Android Bootkit Malware ever Detected; Infected Millions of Devices

Most Sophisticated Android Bootkit Malware ever Detected; Infected Millions of Devices

Apr 03, 2014
Hardly two month ago we reported about the first widely spread Android Bootkit malware , dubbed as ' Oldboot.A ', which infected more than 500,000 Smartphone users worldwide with Android operating system in last eight months, especially in China. Oldboot is a piece of Android malware that's designed to re-infect Mobile devices even after a thorough cleanup. It resides in the memory of infected devices;  It modify the devices' boot partition and booting script file to launch system service and extract malicious application during the early stage of system's booting. Yet another alarming report about Oldboot malware has been released by the Chinese Security Researchers from ' 360 Mobile Security '. They have discovered a new variant of the Oldboot family, dubbed as ' Oldboot.B ', designed exactly as Oldboot.A, but new variant has advance stealth techniques. Especially, the defense against with antivirus software, malware analyzer, and automatic a
Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

Mar 18, 2014
In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH b ackdoor trojan and  credential stealer  named Linux/Ebury ,  that allows  unauthorized access of an affected computer to the remote attackers. Antivirus Firm ESET's Reseacher team has been tracking and  investigating the operation behind Linux/Ebury and today team  uncovers the details [ Report PDF ] of a massive,  sophisticated and organized  malware campaign called ' Operation Windigo ', infected more than 500,000 computers and 25,000 dedicated servers. ' We discovered an infrastructure used for malicious activities that is all hosted on compromised servers. We were also able to find a link between different malware components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group. '  ESET reported. Malware used in Operation Windigo: Linux/Ebury –  an OpenSSH backdoor use
Expert Insights / Articles Videos
Cybersecurity Resources