FBI says to reboot your router ASAP to avoid Russia malware VPNFilter

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

FBI sinkholes a key domain used by the malware that infected 500,000 home routers, declares partial victory and Russian attribution

VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a region by triggering this). Read the rest

500,000 home routers have been infected with VPNFilter, malware that steals data and bricks devices

VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers. Read the rest

A new strain of IoT malware can survive a reboot

As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest

Security researchers can turn Alexa into a transcribing, always-on listening device

Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest

Cyber-arms-dealer Grey Heron really, really doesn't want you to know about the connections between them and the disgraced Hacking Team

When Grey Heron surfaced this month selling anti-Signal and anti-Telegram surveillance tools at a UK trade show for cyber-arms-dealers, sharp-eyed journalists at Motherboard immediately noticed that the company's spokesman was last seen fronting for Hacking Team, a disgraced Italian cyber-arms-dealer that provided surveillance weapons to some of the world's cruelest dictators. Read the rest

A new government malware company, fronted by Hacking Team's old spokesjerk, says it can spy on Signal and Telegram

Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest

Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest

139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest

Florida state cop says he can't remember why he bought mobile stalking app

Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest

A newly discovered strain of Android malware contains never-seen surveillance features

A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.

Read the rest

Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years

An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest

Opera browser now includes cryptojacking protection

"Cryptojacking" is the latest trend in malware; by some estimates, there are at least 2,500 sites that illicitly run Javascript in your browser to secretly mine cryptocurrency.

So the browser pushback has begun. Opera just announced its latest release includes anti-mining measures:

Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency.

Brave, Brendan Eich's new startup browser, also implemented this type of blocking earlier this year. I hope this trend continues; there are lots of plugins that block cryptocurrency mining, but it'll only become mainstream if it's built as a default into mainstream browsers. Read the rest

Israeli firm Cyberbit illegally spied on behalf of Ethiopia's despots, then stored all their stolen data on an unencrypted, world-readable website

Researchers from the University of Toronto's amazing Citizen Lab (previously) have published a new report detailing the latest tactics from the autocratic government of Ethiopia, "the world's first turnkey surveillance state" whose human rights abuses have been entirely enabled with software and expertise purchased on the open market, largely from companies in western countries like Finfisher and Hacking Team. Read the rest

Free keylogger: cheap keyboard records what you do and uploads it to the internet

Whatever you do, don't buy the MantisTek GK2 ($30), because it has a keylogger built in that sends data to a server in "the cloud," i.e. a computer you neither own nor control. It's hosted by retailer Alibaba, but operated by parties unknown.

The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.

The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”

If you want a one-click method, you can also download the free GlassWire netwo

No! Remove the malware. Throw the keyboard in the trash. Read the rest

Canadian spy agency releases its top anti-malware tool as free software.

The Canadian Communications Security Establishment -- the most secretive of Canada's spy agencies -- has released the sourcecode for Assemblyline, a "Swiss Army Knife for malware analysis" that rolls up several malware analysis tools into a single unit, which can scan files for known malware and also assign a score to files indicating the likeliness that the file has a previously unseen form of malware. Read the rest

More posts