malware Archives - Page 11 of 19

Malware Found in Illegal Downloads of Spider-Man Film

cryptojacking, firewall, malware, mining malware, moreno, Ophtek, torrentscryptojacking, firewall, malware, mining malware, moreno, Ophtek, torrentsOphtek, LLC

Jan 2022

Hackers have decided to cash in on the popularity of Spider-Man by infecting copies of his latest movie with cryptocurrency mining malware.

Going to the movies is an expensive activity these days and, as a result, many people are turning to illegal torrents. These torrents are shared by hundreds of different people, each sharing the entire film as a file, with downloaders able to download parts of the file from these multiple sources. It may sound like the perfect answer to paying and queuing at the movies, but it’s an act which infringes copyright and is 100% illegal. And, of course, there’s the little matter of malware being bundled into these torrents. Nonetheless, it’s estimated that around 28 million users download and share illegal files every day.

Illegal downloads are here to stay, so it’s important that you understand the dangers they carry in terms of cybersecurity. And the Spider-Man example is the perfect place to start.

Using Spider-Man to Spread Malware

The latest Spider-Man movie is ‘Spider-Man: No Way Home’ and it was released to theatres in December 2021. Within days of the movie’s premiere, poor quality copies – often filmed from within a theatre – started appearing on torrent sites such as The Pirate Bay. However, there were also torrents available which contained a nasty surprise. Several torrents which claimed to be of No Way Home contained a file with the name of ‘spiderman_net_putidmoi.torrent.exe’ – ‘net_putidmoi’ being Russian for No Way Home.

But far from presenting you with a copy of the new Spider-Man movie, activating this file would launch cryptocurrency mining malware. The malware automatically added exceptions to Windows Defender in order to avoid detection on the infected system. With this concealment in place, the malware could then harvest the PCs processing power to mine a cryptocurrency known as Monero. While mining cryptocurrency is legal, the hijacking of PCs to power this process is highly illegal and dangerous.

How Do You Avoid These Types of Infection?

The malware involved in the Spider-Man hack has not been shown to compromise any personal information. But it will slow your PC down. And a more dangerous piece of malware could easily start compromising your data. Therefore, it’s essential that you avoid falling victim to malware hidden in torrents. The best way to stay safe is:

Don’t Download Torrents: the simplest way to avoid malware within illegal torrents is to avoid downloading them. It’s much safer for your PC (and your criminal record) to visit official sources and pay the required amount for songs, software and movies.

Always Use a Firewall: Although the Spider-Man malware is clever enough to write exceptions into Windows Defender, many similar strains of malware are not as clever. And that’s why it’s crucial that you always run a firewall, these can instantly stop malware operating on your PC.

Investigate Sluggish PC Activity: if your PC is regularly grinding to a halt and struggling to complete simple processes, there’s a good chance it’s been hijacked. Restarting your PC in Safe Mode and running anti-malware software is the best way to start ruling out an infection.

For more ways to secure and optimize your business technology, contact your local IT professionals.

E-Commerce Servers Targeted by NginRAT Malware

Hackers, malware, NginRat Malware, Ophtek, Securityhackers, malware, NginRat Malware, Ophtek, securityOphtek, LLC

Dec 2021

Hackers are attracted to big, successful targets. And, online, you don’t get much bigger than e-commerce, so that’s where the NginRAT malware comes in.

The e-commerce industry is one of the most lucrative sectors online. Not surprisingly, hackers have been targeting this industry since the earliest online transactions took place. As the e-commerce landscape has provided such a long running target, hackers have developed their attack methods significantly in this niche. And this means that it’s getting harder and harder to protect against them. NginRAT is the latest development in this area, and it’s already launched attacks against e-commerce servers in the US, France and Germany.

The threat of NginRAT is very real and it’s one which demands your attention. Therefore, it’s important that you know what you’re dealing with and what you can do about it. And that’s why we’re going to take a closer look at it today.

What is the NginRAT Malware?

The name NginRAT may sound unusual, but the naming procedure employed here is relatively simple:

Ngin: This part of the name refers to the Nginx servers where NginRAT hides in order to avoid detection.

RAT: The second part of the NginRAT name stands for Remote Access Trojan. This means it is a malware strain which uses back door access to provide remote access to an infected machine.

NginRAT, itself, is actually delivered to victims through another piece of malware known as CronRAT. Once NginRAT has been deployed on a host server, it begins modifying the functionality of this host in order to hijack the Nginx application. This not only allows NginRAT to remain cloaked from security tools, but also lets it inject itself into Nginx web server use. From here, NginRAT is in a position where it can record user data. Now, as Nginx servers are typically used in e-commerce, this means that the hackers can steal sensitive data such as credit card details.

Can You Detect and Remove NginRAT?

The NginRAT is considered a sophisticated piece of malware and it’s unlikely that your average anti-malware tool is going to detect it. However, while it may be sophisticated, it’s far from unbeatable. Security researchers have discovered that it uses two specific variables to launch itself within Nginx servers: LD_PRELOAD and LD_L1BRARY_PATH. For the average PC user, identifying these variables will be beyond their scope. But an IT professional should be able to isolate these processes and begin a removal process.

Final Thoughts

If your organization is involved in the world of e-commerce, then it pays to be vigilant against malware such as NginRAT. The potential damage that a RAT can cause is immeasurable. Aside from the financial repercussions for yourselves and your customers, there is also the reputational damage to contend with. Unfortunately, tackling the NginRAT malware is far from easy. Investing in server monitoring services will not act as a comprehensive band-aid, but it will improve your chances of detecting any malicious activity. For more ways to secure and optimize your business technology, contact your local IT professionals.

Malware Links Are Being Spread Through YouTube

antivirus software, malicious links, malicious websites, malware, Ophtek, Updates, YouTubeAntivirus software, malicious links, malicious websites, malware, Ophtek, updates, youtubeOphtek, LLC

Nov 2021

YouTube is one of the most popular destinations online thanks to the entertainment it offers. But where there are lots of people, there are always hackers.

Close to 43% of internet users visit YouTube at least once a month, so this is a significant amount of traffic. Accordingly, this presents hackers with a huge audience to target. Hacking YouTube directly is difficult, so hackers are unlikely to succeed in embedding malware into videos. However, you can embed URLs into video descriptions. These are usually used to redirect the viewer to a destination that is related to the contents of the video. For example, a video advertising a brand’s product may include a link to that product in the video description. But the truth is, this link could take you anywhere.

Spreading Malware on YouTube

Using malicious links on YouTube is nothing new, but security researchers have noted that this technique has been growing in popularity recently. In particular, two specific Trojans have been detected: Raccoon Stealer and RedLine. One of the main reasons that hackers have been targeting YouTube is down to the Google accounts they have already stolen. Setting up a YouTube channel requires you to have a Google account, so it makes sense for hackers to take advantage of YouTube.

The fake YouTube channels are then used to host videos related to topics such as VPNs, malware removal and cryptocurrency. Each video will center around a particular call-to-action, most likely involving the download of a tool e.g. a malware removal application. Viewers will be encouraged to download this from the link in the video description. These links appear to either use a bit.ly or taplink.cc address to redirect users to malicious websites. The users are then instructed to download the relevant tool. Unfortunately, all it will download is malware.

This malware is used to scan PCs for login credentials, cryptocurrency wallets and credit card details before transmitting it to a remote server. The hacker behind the attack can then harvest this data and continue to steal further data from the victim.

Remaining Vigilant Online

The number of threats we face daily seems to be rising daily and it may feel that being vigilant online is an exhausting job. However, it’s crucial for your safety that you remember the basics of online security:

Be Wary of All Online Links: Even the biggest and most secure websites are at risk of being compromised. YouTube is one of the most popular sites online and yet it still houses hackers in plain view. Therefore, the likelihood of coming across malicious links online is highly likely. Therefore, verify all links before clicking them. A good way to do this is by highlighting the link, copying it and then posting it into Google to see if it brings up any red flags.

Always Use Antivirus Software: It’s likely, at some point, that you will fall for an infected link at some point. But this doesn’t mean you should remain at the mercy of the malware. You can limit the damage caused by malware by always using antivirus software. This will automatically scan your PC throughout the day and identify any malware. In many cases it will even check all downloaded files and scan them before opening.

Install All Updates: Many strains of malware will rely on your PC being home to vulnerabilities in software and hardware. However, by regularly installing upgrades and patches, you can ensure that these holes are plugged to prevent hackers getting a foothold. Make sure that you set all updates to automatic to give yourself maximum coverage in terms of protection.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fake Amnesty International Campaign Delivers Malware

Fake Amnesty Int'l website, malicious websites, malware, Ophtek, Pegasus spyware, Sarwent malwarefake websites, malicious websites, malware, Ophtek, pegasus spyware, sarwent malwareOphtek, LLC

Oct 2021

The Pegasus spyware has made headlines around the world, but it appears that the anxieties around Pegasus are being used to spread further malware.

The sophistication behind the Pegasus spyware and the near impossibility of detecting, let alone removing, it has proved to be a fearsome combination. Naturally, many users are becoming increasingly concerned that they could fall victim to it. While Pegasus is only being used to target high ranking individuals, the fact that the technology is available means that no one is safe. Concerns are running high and people are desperate to protect themselves.

This anxiety is now being targeted by hackers who have designed a malicious website which, far from offering protection, is packed full of malware.

The Malicious Website

The website in question has been set up to resemble that of the global humanitarian group Amnesty International. Hosted on this fake website is an application which claims to be an antivirus program capable of protecting users from Pegasus. However, this application is nothing more than a sham. Instead, users will find that they are downloading a strain of malware known as Sarwent. Active since 2014, the Sarwent malware may look like antivirus software, but it’s more concerned with setting up backdoor access, stealing data and accessing users’ desktops.

This version of Sarwent appears to have had its source code tinkered with to make it more effective. It immediately records information about the infected user – such as operating system, system structure and whether antivirus software is installed – and then begins receiving commands from a remote system. Hackers are gifted the opportunity to download further malware, transmit confidential nature to external users and take control of users’ PCs. The attacks have been detected globally with the US, UK, Russia and India all being affected.

Avoiding the Threat of Sarwent

The strategies and methods of attack employed by Sarwent have the potential to cause major damage. While it may not be quite as dangerous as Pegasus, it represents a significant headache to anyone who falls victim to it. You can avoid these IT disruptions by implementing these best practices:

Don’t Download from Unknown Sources: Malicious websites on the internet run into tens of millions and act as major security risks. Allowing employees to download software from unknown sources is a dangerous privilege to have in place. As the fake Amnesty International website has demonstrated, it’s easy to be manipulated into downloading dangerous software. Minimize the availability of download privileges within your organization to maximize security.

Learn How to Identify Malicious Websites: Key to avoiding malicious downloads is by understanding how to identify a malicious website. Always read URLs carefully to confirm whether it is the website it claims to be – spelling mistakes are a classic giveaway. Always hover your mouse over any embedded links to verify where the link will actually send you to. And, remember, if it sounds too good to be true then it probably is. Pegasus is a sophisticated spyware tool and is unlikely to be solved by a basic antivirus app.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Form of Malware is Sneakily Avoiding Detection

anti malware, Cyber Security, malware, OpenSUpdater, Ophtek, PC Security, PhishingAnti- malware, Cyber Security, malware, Ophtek, OpthSUpdater, PC Security, phishingOphtek, LLC

Sep 2021

Anti-malware tools provide a firm level of defense against hackers, but what happens when the malware can bypass detection tools?

Around 300,000 new pieces of malware are created daily, so it’s important that we can protect ourselves against this constant threat. Anti-malware tools such as Kaspersky and even in-built Windows security systems are crucial for providing this protection. Accordingly, you should find that your systems remain protected for most of the time. However, hackers are industrious individuals and are constantly looking to evolve their techniques. As a result of this ongoing adaptation, it appears that hackers have found a way around current detection methods.

The threat comes in the form of the OpenSUpdater and is one that you need to take seriously.

What is OpenSUpdater?

Digital signatures are used online to demonstrate that code is legitimate and accepted by Windows security checks. They are an important part of online security, but this has made them a viable target for hackers. In the case of OpenSUpdater, their online code samples are carrying manipulated security certificates which, despite these manipulations, are passed as authentic by Windows. More importantly, security tools which use OpenSSL decoding are unable to detect these malicious changes.

OpenSUpdater is free to bypass security measures and avoid being labelled as malware which is quarantined and deleted. The malware’s main method of attack is through riskware campaigns. This involves injecting malicious ads into the browsers of those infected and downloading further malware. The majority of targets so far have been found in the US and the malware typically bundled in with illegal downloads such as cracked software.

How Can You Protect Against OpenSUpdater?

This latest malware threat was detected by Google’s security researchers and has since been reported to Microsoft. A specific fix has not been announced yet, but hopefully something will be implemented shortly. In the meantime, however, it’s vital that you take steps to protect yourself. In particular, make sure you focus on the following:

Minimize User Privileges: There’s no real need for employees to be downloading software onto their workstations. All the tools they need should be readily available. However, some employees are likely to be tempted by things they see online, particularly the promise of quick fixes. The best way to reduce the risk of downloading malware is by eliminating download privileges for all but the IT team.

Educate on Phishing Techniques: Phishing is a dangerous hacking technique which uses email to push social engineering attacks. By instilling a threat of urgency to act upon an email’s call to action – such as ‘click here to download a vital security tool’ – hackers are able to deceive victims into downloading all kinds of malware. Thankfully, through continued training, your employees should be able to recognize phishing emails quickly and hit the delete button even quicker.

Do Not Abandon Detection Tools: Despite the ability of OpenSUpdater to bypass detection tools, this does not mean that these tools should be resigned to the scrapheap. They still play an essential role in providing digital security options and should remain in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 9 10 11 12 13 … 19 Next »

Category Archives: malware