Charger Malware Calls and Raises the Risk on Google Play

 
Several weeks ago, Check Point Mobile Threat Prevention detected and quarantined the Android device of an unsuspecting customer employee who downloaded and installed a 0day mobile ransomware from Google Play dubbed “Charger.” This incident demonstrates how malware can be a dangerous threat to your business, and how advanced behavioral detection fills mobile security gaps attackers use to penetrate entire networks.   Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding ...

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

What’s the Proteus Botnet and how does it work?

 
  The Proteus botnet emerged toward the end of November 2016.  Only a few samples of it were found in the wild and, at the moment, it doesn’t seem to have a widespread campaign.  So, what does it do? It launches a multi-layered attack on an infected machine where it runs several processes aimed at coin mining, credential theft, and keylogging.  In addition, the bot can perform on its own; it offers the cybercriminal to send commands over HTTP to download malicious executables and execute them.   In some samples, the botnet disguises itself as a Google Chrome executable. The functionality of the botnet is highly reliant on its C&C (command and control) server, ...

Malware Takes a Christmas Break in December’s Global Threat Index

 
Global malware attacks decreased by 8% in December compared with the previous month, with the popular Locky ransomware recording a huge 81% decrease per week, according to the latest monthly Global Threat Index from Check Point’s Threat Intelligence Research Team. This isn’t an invitation to businesses to sit back and relax, however. Our team predicts that this lull really is due to malicious cybercriminals taking a Christmas break – and, following the same trends last year, when December recorded a 9% drop in the number of malware attacks worldwide, we expect attack volumes to bounce back in January.   The Global Threat Index tracks malware attacks against ...

SWIFT Attacks Require Swift Investigations

 
Gadi Naveh, Advanced Threat Prevention Evangelist and Tamara Leiderfarb, SandBlast Agent Technology Leader. SWIFT, the global financial messaging system, issued an alert message regarding new customer’s compromised environments by sophisticated adaptive attackers in an attempt to send fraudulent payment instructions. This resulted in February this year, when a successful attack of over $1 billion transactions were made from Bangladesh’s central bank resulted in $81 million in unrecoverable losses. This added to several other SWIFT heists disclosed and suspected.   Some research suggests that these attacks connect them to previous high yielding actors such as the Carabanak ...

The Right Security Architecture

 
When it comes to maintaining the best security, size doesn’t matter. Big or small, the dynamics of how companies secure their data have evolved as the security landscape has changed. In the past, security was focused on the perimeter, but today, it must be pervasive: everywhere, in everything and must move from simple access control at the perimeter to application and user awareness and full layer-7 threat prevention at multiple points throughout the environment.   The Right Security Architecture The right architecture creates a framework for a stable security platform. By implementing the correct architecture, you eliminate single points of failure providing the necessarily ...

Looking for a New Employee? Beware of a New Ransomware Campaign

 
Despite trying to brand itself as a new malware, GoldenEye, the latest Petya variant, is very similar to older versions and differs mostly in its “golden” motif. The most prominent change, however, is how the campaign spreads the ransomware. The current campaign used to distribute GoldenEye has a job application theme. It is therefore aimed at companies’ Human Resources departments, due to the fact they usually cannot avoid opening emails and attachments from strangers, a common malware infection method. HR-Targeted Ransomware The new campaign targets German speakers and mimics a job application. The email contains a brief message supposedly from a job applicant and ...