As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest
Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest
When Grey Heron surfaced this month selling anti-Signal and anti-Telegram surveillance tools at a UK trade show for cyber-arms-dealers, sharp-eyed journalists at Motherboard immediately noticed that the company's spokesman was last seen fronting for Hacking Team, a disgraced Italian cyber-arms-dealer that provided surveillance weapons to some of the world's cruelest dictators. Read the rest
Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest
Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest
Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest
This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest
Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest
A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.
An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest
"Cryptojacking" is the latest trend in malware; by some estimates, there are at least 2,500 sites that illicitly run Javascript in your browser to secretly mine cryptocurrency.
So the browser pushback has begun. Opera just announced its latest release includes anti-mining measures:
Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency.
Brave, Brendan Eich's new startup browser, also implemented this type of blocking earlier this year. I hope this trend continues; there are lots of plugins that block cryptocurrency mining, but it'll only become mainstream if it's built as a default into mainstream browsers. Read the rest
Researchers from the University of Toronto's amazing Citizen Lab (previously) have published a new report detailing the latest tactics from the autocratic government of Ethiopia, "the world's first turnkey surveillance state" whose human rights abuses have been entirely enabled with software and expertise purchased on the open market, largely from companies in western countries like Finfisher and Hacking Team. Read the rest
Whatever you do, don't buy the MantisTek GK2 ($30), because it has a keylogger built in that sends data to a server in "the cloud," i.e. a computer you neither own nor control. It's hosted by retailer Alibaba, but operated by parties unknown.
The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.
The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”
If you want a one-click method, you can also download the free GlassWire netwo
No! Remove the malware. Throw the keyboard in the trash. Read the rest
The Canadian Communications Security Establishment -- the most secretive of Canada's spy agencies -- has released the sourcecode for Assemblyline, a "Swiss Army Knife for malware analysis" that rolls up several malware analysis tools into a single unit, which can scan files for known malware and also assign a score to files indicating the likeliness that the file has a previously unseen form of malware. Read the rest
On Wednesday, security researcher Randy Abrams visited the Equifax site to contest bad information in his credit report and was attacked by malicious software that tried to get him to download a fake Flash updater that was a vector for an obscure piece of malware called Adware.Eorezo. Read the rest
The BitTorrent search engine The Pirate Bay and the video site Showtime were found to be infecting users' computers with cryptocurrency mining code. This is a sneaky way to use people's computers and electricity to make money.
From The Guardian:
Read the restBitTorrent search engine The Pirate Bay, and US video streaming service Showtime, are two sites that were discovered to be sending mining code to users. The former owned up, posting in mid-September that the code was “just a test” and that the experiment was being done with a view to removing all adverts from the site.
The latter removed the code on Monday, shortly after a user noticed it and specialist press began reporting. But it has yet to answer questions on why the code was there from the Guardian and other media organisations.
Cryptocurrencies, such as bitcoin and its successors, are backed by a system of “miners”, who race to be the first to solve tricky computing problems in exchange for a reward for doing so. The rewards are large – the bitcoin network, for instance, gives away coins worth $7m to miners every day – but to be in with a chance, miners need to gather an extraordinarily large amount of computing power.
Not only is it expensive to buy those computers, it also consumes a huge amount of electricity to run them. As a result, the most profitable mining companies often have access to cheap energy, or some other efficiency boost - one firm, based in Iceland, saves money by letting the country’s naturally cold climate cool its computers.
The Federal Trade Commission has announced a settlement with Lenovo over the 2015 revelation that the company pre-installed malware called "Superfish" on its low-end models, which allowed the company to spy on its customers, and also left those customers vulnerable to attacks from third parties, who could exploit Superfish's weakened security. Read the rest
