Swearing Trojan Continues to Rage, Even After Authors’ Arrest

 
Researchers with Tencent Security recently disclosed details about Swearing Trojan, a mobile banking malware that attacked users in China. Swearing Trojan’s name comes from Chinese swear words found inside the malware’s code. The malware infected a wide spread of Android users in China, stealing their bank credentials and other sensitive personal information. Similar to mobile banking Trojans discovered previously, Swearing Trojan can steal personal data and it can bypass 2-factory authentication (2FA) security. Banking apps use two-factor authentication as a way to secure access by sending a one-time code to the user via SMS in addition to having a user enter his or her password. By ...

Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

Three Key Takeaways from WikiLeaks’ Release of CIA Documents

 
The latest revelations by WikiLeaks, collectively called the “Vault 7 Leak”, have caused quite a commotion in the security world, reinvigorating myths that were previously viewed as theoretical. There are already several lessons to be learned from WikiLeaks’ most recent data dump, and we offer you three top takeaways from the initial document disclosure.   1. Every connected device can be hacked The publication details exploitation techniques for all sorts of electronic devices: from PCs and laptops, to mobile devices, and even to Smart TVs and connected cars. While these techniques are not groundbreaking, the sheer scope of hackable devices revealed in the CIA trove is ...

The Skinner adware rears its ugly head on Google Play

 
A new member of the ever growing adware-found-on-Google-Play-list has been found. Previous members include Viking Horde, DressCode and CallJam, among many others. The malware, dubbed "Skinner", was embedded inside an app which provides game related features. The app was downloaded by over 10,000 users, and managed to hide on Google Play for over two months. Skinner tracks the user's location and actions, and can execute code from its Command and Control server without the user's permission. The app was removed from the play store after we contacted the Google security team. While Adware are a common threat to users, Skinner displayed new elaborate tactics used to evade detection and ...

2016 H2 Global and Regional Threat Intelligence Trends

 
Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to evolve, bypassing existing security solutions, and tailoring attacks against the largest companies in the world. The devices we use every day are now subject to compromise and can be leveraged for attacks. Even the recent U.S. elections were targeted with significant attacks. The Check Point 2016 H2 Global Threat Intelligence Trends report provides you with the best overview of the cyber landscape; threats, data breaches, trends, attacks and predictions, based on data ...

Android: the Perils of Popularity

 
Despite the long lines you see stretching from stores when a new iPhone comes out, Android phones rule. According to IDC, Android’s market share hovers at over 80 percent while iOS has a market share in the teens. Android’s popularity — and vulnerability to attacks — arise from Google’s decision to make Android an open OS. Being an open OS lets many manufacturers make devices that can run Android. However this leads to OS fragmentation when several vendors each release several models over several years resulting in thousands of active versions of Android. This wouldn’t be a big deal except each version has software vulnerabilities that must be patched. At best, it can take ...

Hummingbad Overtaken as Leading Mobile Malware in January’s Global Threat Impact Index

 
 Hummingbad has been overtaken as the leading mobile malware for the first time since February 2016, according to the new January Global Threat Impact Index from our Threat Intelligence Research Team. Hummingbad was replaced at the top of the ‘most wanted mobile malware’ by Triada, a modular backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes.  In total, mobile malware accounted for 9% of all recognized attacks while the Index ranked Kelihos, a botnet used in bitcoin theft, as the most prevalent malware family overall, with 5% of organizations globally being impacted by it. Overall the top 10 malware ...

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

Looking for a New Employee? Beware of a New Ransomware Campaign

 
Despite trying to brand itself as a new malware, GoldenEye, the latest Petya variant, is very similar to older versions and differs mostly in its “golden” motif. The most prominent change, however, is how the campaign spreads the ransomware. The current campaign used to distribute GoldenEye has a job application theme. It is therefore aimed at companies’ Human Resources departments, due to the fact they usually cannot avoid opening emails and attachments from strangers, a common malware infection method. HR-Targeted Ransomware The new campaign targets German speakers and mimics a job application. The email contains a brief message supposedly from a job applicant and ...

An In-depth Look at the Gooligan Malware Campaign

 
Check Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30. The report discusses the ins and outs of how more than one million Google accounts were breached, potentially exposing messages, documents, photos, and other sensitive data. A new variant of the Android malware found by Check Point researchers in the SnapPea app in 2015, Gooligan roots devices and steals email addresses and authentication tokens stored on the device. With this information, an attacker can access a user's Google account data within Google Play, Google Photos, Gmail, Google ...