The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Search results for malicious software

Microsoft Windows Malicious Software Removal Tool - Download !

Microsoft Windows Malicious Software Removal Tool - Download !

April 28, 2011Mohit Kumar
Microsoft Windows Malicious Software Removal Tool - Download ! The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, WIndows 7, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder. To download the x64 version of Malicious Software Removal Tool, click here . This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product. Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on
Malicious Software Packages Found On Arch Linux User Repository

Malicious Software Packages Found On Arch Linux User Repository

July 11, 2018Swati Khandelwal
Yet another incident which showcases that you should not explicitly trust user-controlled software repositories. One of the most popular Linux distros Arch Linux has pulled as many as three user-maintained software repository AUR packages after it was found hosting malicious code. Arch Linux is an independently developed, general-purpose GNU/Linux distribution composed predominantly of free and open-source software, and supports community involvement. Besides official repositories like Arch Build System (ABS), Arch Linux users can also download software packages from several other repositories, including AUR (Arch User Repository), a community-driven repository created and managed by Arch Linux users. Since AUR packages are user-produced content, Arch maintainers always suggest Linux users to carefully check all files, especially PKGBUILD and any .install file for malicious commands. However, this AUR repository has recently been found hosting malware code in several inst
Where To Buy Your Tools From Hackers ?

Where To Buy Your Tools From Hackers ?

January 21, 2011Mohit Kumar
Software that facilitates the attack by beginners online scammers and the future is big business anarchists, says Karlin Lillington The suites are equipped with new software with all the trappings of modern software now offers: cloud computing hosting, software as a service (SaaS) functions, outsourcing, digital certificates, licenses to prevent piracy, software modules, and provided services and support packages. But the difference between these programs - listed in the Internet Relay Chat rooms, instant chat (IRC) and private online forums - and what it could buy public providers is that they offer more software piracy increasingly sophisticated for simple - young hackers with little ability to write their own computer code. "Lessons learned from large companies legitimate software - such as development practices, techniques and anti-piracy, support and prices - are regularly repeated in the informal economy, in order to increase efficiency and profits, says the safety re
CCleaner Attack Timeline—Here's How Hackers Infected 2.3 Million PCs

CCleaner Attack Timeline—Here's How Hackers Infected 2.3 Million PCs

April 18, 2018Swati Khandelwal
Last year, the popular system cleanup software CCleaner suffered a massive supply-chain malware attack of all times, wherein hackers compromised the company's servers for more than a month and replaced the original version of the software with the malicious one. The malware attack infected over 2.3 million users who downloaded or updated their CCleaner app between August and September last year from the official website with the backdoored version of the software. Now, it turns out that the hackers managed to infiltrate the company's network almost five months before they first replaced the official CCleaner build with the backdoored version, revealed Avast executive VP and CTO Ondrej Vlcek at the RSA security conference in San Francisco on Tuesday. 6-Months Timeline of CCleaner Supply Chain Attack Vlcek shared a brief timeline of the last year's incident that came out to be the worst nightmare for the company, detailing how and when unknown hackers breached Pi
Warning: Malicious version of FTP Software FileZilla stealing users' Credentials

Warning: Malicious version of FTP Software FileZilla stealing users' Credentials

January 29, 2014Unknown
Malware code can be very small, and the impact can be very severe! The Antivirus firm AVAST spotted a malicious version of the open source FTP (File Transfer Protocol) software ' FileZilla ' out in the wild. The software is open source, but has been modified by the hackers that steal users' credentials, offered on various hacked sites for download with banner or text ads. Once installed, the software's appearance and functionalities are equal to the original version, so a user cannot distinguish between the fake or real one, and the malware version of the “ .exe ” file is just slightly smaller than the real one. " The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system registry, communication or changes in application GUI ." The only difference is that the malware version use 2.46.3-Unicode and the official installer use v2.45-Unicode , as
This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike

This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike

October 20, 2015Swati Khandelwal
Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome , in a way that you will not notice any difference while browsing. The new adware software, dubbed " eFast Browser ," works by installing and running itself in place of Google Chrome The adware does all kinds of malicious activities that we have seen quite often over the years: Generates pop-up, coupon, pop-under and other similar ads on your screen Placing other advertisements into your web pages Redirects you to malicious websites containing bogus contents Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft. What's Nefariously Intriguing About this Adware? The thing that makes this Adware different from others is that instead of taking contr
Warning — Bitcoin Users Could Be Targeted by State-Sponsored Hackers

Warning — Bitcoin Users Could Be Targeted by State-Sponsored Hackers

August 19, 2016Mohit Kumar
Another day, another bad news for Bitcoin users. A leading Bitcoin information site is warning users that an upcoming version of the Blockchain consolidation software and Bitcoin wallets could most likely be targeted by "state-sponsored attackers." Recently, one of the world's most popular cryptocurrency exchanges, Bitfinex, suffered a major hack that resulted in a loss of around $72 Million worth of Bitcoins . Now, Bitcoin.org, the website that hosts downloads for Bitcoin Core, posted a message on its website on Wednesday warning users that the next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. Specifically, Chinese bitcoin users and services are encouraged to be vigilant " due to the origin of the attackers. " Bitcoin.org doesn't believe it has sufficient resources to defend against the attack.
Backdoor Found in Popular Server Management Software used by Hundreds of Companies

Backdoor Found in Popular Server Management Software used by Hundreds of Companies

August 16, 2017Swati Khandelwal
Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. Recently, cyber crooks managed to infiltrate the update mechanism for a popular server management software package and altered it to include an advanced backdoor, which lasts for at least 17 days until researchers discovered it. Dubbed ShadowPad , the secret backdoor gave attackers complete control over networks hidden behind legit cryptographically signed software sold by NetSarang —used by hundreds of banks, media firms, energy companies, and pharmaceutical firms, telecommunication providers, transportation and logistics and other industries—for 17 days starting last month. Important Note — If you are using any of the affected product (listed below), we highly recommend you stop using it until you update them. Hacker Injected Backdoor Through Software Update Mechanism
Adobe patches 2nd Flash Player Zero-day Vulnerability

Adobe patches 2nd Flash Player Zero-day Vulnerability

January 25, 2015Mohit Kumar
Ready to patch your Adobe Flash software now. Adobe has patched one after one two zero-day vulnerabilities in its Adobe Flash that are being actively exploited by the cyber criminals. PATCH FOR FIRST ZERO-DAY On Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as CVE-2015-0310 , that was also exploited by Angler malicious toolkit. PATCH FOR SECOND ZERO-DAY Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability , tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. The vulnerability is " being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, " Adobe said in a security advisory . The com
Microsoft Seized No-IP Domains, Millions of Dynamic DNS Service Users Suffer Outage

Microsoft Seized No-IP Domains, Millions of Dynamic DNS Service Users Suffer Outage

July 01, 2014Mohit Kumar
In an effort to crackdown on cyber crimes, Microsoft has taken a legal action against a malware network what it thought is responsible for more than 7.4 million infections of Windows PCs across the globe. Millions of legitimate servers that rely on Dynamic Domain Name Service (DDNS) from No-IP.com, owned by Vitalwerks Internet Solutions were blacked out on Monday after Microsoft seized their 23 domain names that were being used by malware developed in the Middle East and Africa. No-IP FOR MALWARE OPERATORS The Dynamic Domain Name Service (DDNS) from No-IP.com works by mapping users' dynamic IP addresses to a customized No-IP sub-domain like yourhost.no-ip.org or yourhost.no-ip.biz. This mechanism allows users to connect to a system with dynamic IP address using a static No-IP sub-domain. No doubt its a useful service, but Nevada-based No-IP Dynamic DNS (DDNS) service subdomains have been abused by creators of malware for infecting millions of computers with ma
Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

September 15, 2017Swati Khandelwal
Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them. These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users. Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in fre
Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce

April 10, 2015Swati Khandelwal
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims’ banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What’s a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker’s "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks
Alleged BlackShades Malware Co-Author pleads not Guilty

Alleged BlackShades Malware Co-Author pleads not Guilty

May 31, 2014Swati Khandelwal
A Swedish man accused of being involved in the creation of the malicious software used to infect over half a million systems in more than dozens of countries, has pleaded not guilty in New York on Thursday to computer hacking charges brought against him. Alex Yucel, 24, who is the co-author of the Blackshades Remote Access Trojan (RAT), owned and operate an organization called Blackshades, which sold the notorious software to the other people and hackers across the country for prices ranging from $40 to $50. This allowed the hackers to remotely control the victims’ computers and to steal keystrokes, passwords and access to victims’ private files, according to the authorities. Blackshades malware is designed to steal victims’ usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst cases, the malicious software program even allows hackers to take remote control of users’ computer and webcam to take photos or v
Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

June 21, 2019Swati Khandelwal
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs , the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell's SupportAssist application for business PCs (version 2.0) and home PCs (version 3.2.1 and all prior versions). Dell SupportAssist, formerly known as Dell System Detect, checks the health of your system's hardware and software, alerting customers to take appropriate action to resolve them. To do so, it runs on your computer with SYSTEM-level permissions. With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device d
[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

July 05, 2017Mohit Kumar
Ukrainian National Police has released a video showing officers raiding company of M.E.Doc accounting software makers, whose systems have been linked to outbreak of Petya (NotPetya) ransomware that recently infected computers of several major companies worldwide. On 4th July, masked police officers from Ukrainian anti-cybercrime unit — carrying shotguns and assault rifles — raided the software development firm “ Intellect Service, ” in the capital city Kyiv and seized their servers, which were reportedly compromised by hackers to spread (ExPetr, PetrWrap, Petya, NotPetya) ransomware. Researchers from ESET security firm have found a very stealthy malicious code in the M.E.Doc software update which was injected by an unknown hacker or group of hackers in mid-April by exploiting a vulnerability. The malicious software upgrade, designed to install a backdoor and give unauthorized remote access to attackers, was then delivered as an update to nearly 1 million computers belonging
Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

February 26, 2018Swati Khandelwal
If you have installed world's most popular torrent download software, μTorrent, then you should download its latest version for Windows as soon as possible. Google's security researcher at Project Zero discovered a serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows' and newly launched 'μTorrent Web' that allows users to download and stream torrents directly into their web browser. μTorrent Classic and μTorrent Web apps run in the background on the Windows machine and start a locally hosted HTTP RPC server on ports 10000 and 19575, respectively, using which users can access its interfaces over any web browser. However, Project Zero researcher Tavis Ormandy found that several issues with these RPC servers could allow remote attackers to take control of the torrent download software with little user interaction. According to Ormandy, uTorrent apps are vulnerable to a hacking technique called the "domain name s
Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

September 23, 2014Wang Wei
A new surge of malware has been discovered which goes on to infect hundreds of thousands of computers worldwide and allegedly steals users’ social and banking site credentials. Few days back, a list of 5 million combinations of Gmail addresses and passwords were leaked online. The search engine giant, Google said that Gmail credentials didn’t come from the security breaches of its system, rather the credentials had been stolen by phishing campaigns and unauthorized access to user accounts. Just now, we come across another similar incident where cyber criminals are using a malware which has already compromised thousands of Windows users worldwide in an effort to steal their Social Media account, Online account and Banking account Credentials. A Greek Security Researcher recently discovered a malware sample via a spam campaign (caught in a corporate honeypot), targeting large number of computers users rapidly. He investigated and posted a detailed technical analyses of
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.