Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest

139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest

Florida state cop says he can't remember why he bought mobile stalking app

Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest

A newly discovered strain of Android malware contains never-seen surveillance features

A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.

Read the rest

Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years

An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest

Opera browser now includes cryptojacking protection

"Cryptojacking" is the latest trend in malware; by some estimates, there are at least 2,500 sites that illicitly run Javascript in your browser to secretly mine cryptocurrency.

So the browser pushback has begun. Opera just announced its latest release includes anti-mining measures:

Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency.

Brave, Brendan Eich's new startup browser, also implemented this type of blocking earlier this year. I hope this trend continues; there are lots of plugins that block cryptocurrency mining, but it'll only become mainstream if it's built as a default into mainstream browsers. Read the rest

Israeli firm Cyberbit illegally spied on behalf of Ethiopia's despots, then stored all their stolen data on an unencrypted, world-readable website

Researchers from the University of Toronto's amazing Citizen Lab (previously) have published a new report detailing the latest tactics from the autocratic government of Ethiopia, "the world's first turnkey surveillance state" whose human rights abuses have been entirely enabled with software and expertise purchased on the open market, largely from companies in western countries like Finfisher and Hacking Team. Read the rest

Free keylogger: cheap keyboard records what you do and uploads it to the internet

Whatever you do, don't buy the MantisTek GK2 ($30), because it has a keylogger built in that sends data to a server in "the cloud," i.e. a computer you neither own nor control. It's hosted by retailer Alibaba, but operated by parties unknown.

The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.

The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”

If you want a one-click method, you can also download the free GlassWire netwo

No! Remove the malware. Throw the keyboard in the trash. Read the rest

Canadian spy agency releases its top anti-malware tool as free software.

The Canadian Communications Security Establishment -- the most secretive of Canada's spy agencies -- has released the sourcecode for Assemblyline, a "Swiss Army Knife for malware analysis" that rolls up several malware analysis tools into a single unit, which can scan files for known malware and also assign a score to files indicating the likeliness that the file has a previously unseen form of malware. Read the rest

Equifax is serving malware to visitors

On Wednesday, security researcher Randy Abrams visited the Equifax site to contest bad information in his credit report and was attacked by malicious software that tried to get him to download a fake Flash updater that was a vector for an obscure piece of malware called Adware.Eorezo. Read the rest

Pirate Bay and Showtime using unwitting visitors' computers to mine cryptocurrency

The BitTorrent search engine The Pirate Bay and the video site Showtime were found to be infecting users' computers with cryptocurrency mining code. This is a sneaky way to use people's computers and electricity to make money.

From The Guardian:

BitTorrent search engine The Pirate Bay, and US video streaming service Showtime, are two sites that were discovered to be sending mining code to users. The former owned up, posting in mid-September that the code was “just a test” and that the experiment was being done with a view to removing all adverts from the site.

The latter removed the code on Monday, shortly after a user noticed it and specialist press began reporting. But it has yet to answer questions on why the code was there from the Guardian and other media organisations.

Cryptocurrencies, such as bitcoin and its successors, are backed by a system of “miners”, who race to be the first to solve tricky computing problems in exchange for a reward for doing so. The rewards are large – the bitcoin network, for instance, gives away coins worth $7m to miners every day – but to be in with a chance, miners need to gather an extraordinarily large amount of computing power.

Not only is it expensive to buy those computers, it also consumes a huge amount of electricity to run them. As a result, the most profitable mining companies often have access to cheap energy, or some other efficiency boost - one firm, based in Iceland, saves money by letting the country’s naturally cold climate cool its computers.

Read the rest

FTC settles with Lenovo over selling laptops deliberately infected with Superfish spyware

The Federal Trade Commission has announced a settlement with Lenovo over the 2015 revelation that the company pre-installed malware called "Superfish" on its low-end models, which allowed the company to spy on its customers, and also left those customers vulnerable to attacks from third parties, who could exploit Superfish's weakened security. Read the rest

Unknown hackers have gained near-total control over some US power generation companies

Hacker takeovers of power infrastructure have been seen in Ukraine (where they are reliably attributed to Russian state actors), but now the US power-grid has been compromised by hackers of unknown origin, who have "switch-flipping" control -- that is, they can just turn it all off. Read the rest

Our technology is haunted by demons controlled by transhuman life-forms

In my latest Locus column, "Demon-Haunted World," I propose that the Internet of Cheating Things -- gadgets that try to trick us into arranging our affairs to the benefit of corporate shareholders, to our own detriment -- is bringing us back to the Dark Ages, when alchemists believed that the universe rearranged itself to prevent them from knowing the divine secrets of its workings. Read the rest

You can hijack a gene sequencer by hiding malware in a DNA sample

Today at the Usenix Security conference, a group of University of Washington researchers will present a paper showing how they wrote a piece of malware that attacks common gene-sequencing devices and encoded it into a strand of DNA: gene sequencers that read the malware are corrupted by it, giving control to the attackers. Read the rest

Malware sucks: crappy code makes it easy to hack hackers

Common Remote Access Trojan (RAT) tools -- which allow hackers to remotely control hijacked computers, from the cameras and mics to the hard-drive and keyboard -- are very badly written and it's easy to hijack computers running the "command and control" components that malicious hackers use to control RATted systems. Read the rest

More posts