Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

The Skinner adware rears its ugly head on Google Play

 
A new member of the ever growing adware-found-on-Google-Play-list has been found. Previous members include Viking Horde, DressCode and CallJam, among many others. The malware, dubbed "Skinner", was embedded inside an app which provides game related features. The app was downloaded by over 10,000 users, and managed to hide on Google Play for over two months. Skinner tracks the user's location and actions, and can execute code from its Command and Control server without the user's permission. The app was removed from the play store after we contacted the Google security team. While Adware are a common threat to users, Skinner displayed new elaborate tactics used to evade detection and ...

2016 H2 Global and Regional Threat Intelligence Trends

 
Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to evolve, bypassing existing security solutions, and tailoring attacks against the largest companies in the world. The devices we use every day are now subject to compromise and can be leveraged for attacks. Even the recent U.S. elections were targeted with significant attacks. The Check Point 2016 H2 Global Threat Intelligence Trends report provides you with the best overview of the cyber landscape; threats, data breaches, trends, attacks and predictions, based on data ...

Charger Malware Calls and Raises the Risk on Google Play

 
Several weeks ago, Check Point Mobile Threat Prevention detected and quarantined the Android device of an unsuspecting customer employee who downloaded and installed a 0day mobile ransomware from Google Play dubbed “Charger.” This incident demonstrates how malware can be a dangerous threat to your business, and how advanced behavioral detection fills mobile security gaps attackers use to penetrate entire networks.   Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding ...

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

Join Check Point at SecTor to learn how to go beyond traditional security with advanced threat prevention

 
Next week, Check Point will be at SecTor, Canada’s premier IT security education conference. The conference brings the world’s brightest (and darkest) minds together to identify, discuss, dissect and debate the latest digital threats facing corporations today. The conference has assembled a line-up of industry experts who will share some of the most engaging, educational and thought-provoking security sessions in the industry.   With the threat landscape rapidly evolving, advanced malware and zero day threats will leave your traditional security approaches in the dust. Legacy security architectures and tools will expose your infrastructure to cyber risks and challenges never ...

DIY Attribution, Classification, and In-depth Analysis of Mobile Malware

 
The security research community has been dealing with malware attribution and classification for decades. The benefits of this process for PC-based malware are myriad and well known. Check Point has followed the same process for multiple malware campaigns during the last year, including Volatile Cedar, Rocket-Kitten, and the Nuclear Exploit Kit. In fact, the PC malware research field is so mature that many security-savvy enterprises now have their own internal teams of cyberanalysts. These teams conduct in-depth malware research as part of their incident response and threat intelligence duties with a focus on their organization’s specific needs, domains, and adversaries. However, ...

From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign

 
For five months, Check Point mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components. Download our report “From HummingBad to Worse” ...

Hack In The Box: Mobile Attackers Are Listening In

 
While most mobile attacks require some level of interaction with the user, Man-in-The-Middle (MiTM) attacks can achieve their goal without the user ever knowing they occurred. This type of attacks allows attackers to eavesdrop, intercept and alter traffic between your device and any other counterpart. There are several ways by which hackers can execute such attacks, the most prominent of which is using a spoofed hotspot. Many attackers establish fake hotspots with names similar to legitimate hotspot names, for example, “Starbucks Coffee” instead of “Starbucks.” Unaware, the user connects to the malicious hotspot. Once the user tries to connect to the server, the hacker uses his ...

In The Wild: Never a Dull Moment with Mobile Malware

 
Mobile malware learns fast. Every time new security measures come along, malware somehow manages to find a way to overcome them. This week we bring you such a story, with further details about Viking Horde, a botnet found by Check Point on Google Play. The malware is capable of bypassing even Android’s latest OS security mechanisms. Meet the Vikings: Part III The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be a launchpad for attacks like DDoS, spam messages, and more. Viking Horde managed to bypass Google Play malware scans masquerading as five different apps so far. The research ...