glassrat trojan

We all know that trojan viruses are the masters of stealth when infecting systems, but the GlassRAT Trojan may just be the stealthiest trojan yet.

We’re constantly advised to be on our guard against ‘zero day vulnerabilities’ which are brand new viruses that attack software before the vendor is aware of a breach. However, what many of us aren’t aware of is the threat of zero detection malware threats.

In the case of the GlassRAT Trojan, it’s been stealthily operating since 2012, so that’s over three years of security carnage it’s been able to quietly carry out. Obviously, this new form of security threat is something you need to be aware of, so let’s take a look at it.

What is GlassRAT?

The GlassRAT Trojan appears to be undetectable by most antivirus programs and this is due to it being signed with a seemingly legit digital certificate. However, the digital certificate is far from legit as it looks as though it’s been ‘borrowed’ from a separate Chinese software company.

The Trojan seems to have been targeting Chinese nationals working at multinational companies and infiltrates security systems with its digital certificate. The ‘dropper’, which delivers the Trojan via a fake Flash installation, erases itself from the system once it has installed its malware.

The malware is then clever enough to avoid detection by standard security scans and proceeds to carry out the following cybercrimes:

  • Transfer unauthorized files
  • Steal data
  • Transmit information about the victim’s system

Given that GlassRAT has been operating for three years without trace it represents a significant threat to data security.

Who’s Behind  the GlassRAT Trojan?

It’s suspected that GlassRAT originated in China due to its targeting of Chinese nationals and the stolen Chinese digital certificate, but this is purely speculation at present and, perhaps, seems a little too obvious.

From the limited information available, it may be possible to link the GlassRAT activities with previous malware attacks. Previous cyber-attacks on Mongolian and Philippine authorities used two domains which are also connected with GlassRAT, so investigations continue to look into this as a possibility.

However, at present, the creators of GlassRAT are still at large and it’s fair to say they have had plenty of time to cover their tracks.

How Do You Combat Threats Such as GlassRAT?

18312140_l

The enigmatic nature of the GlassRAT trojan certainly makes it a difficult beast to protect against. However, businesses can help their security efforts by ensuring they follow basic security procedures such as:

  • Monitoring all incoming files
  • Training staff on the dangers of unknown attachments.

Although GlassRAT is very difficult to detect, it’s not impossible. By arranging detailed network forensics to be carried out on your systems, zero detection malware threats can be uncovered. This approach will highlight any suspicious activity to identify any particularly deceptive malware.

The question, though, that remains is: just what else is stealthily lurking on our systems and putting vast quantities of data at risk?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


larger-15-ROUTERS-WiFi-generic2

Malware is generally viewed as a nasty virus which causes nothing but chaos. However, a new piece of malware called Linux.Wifatch seems to improve security.

Usually the preserve of security breaches and data privacy concerns, malware is mostly in the news for disrupting commercial and domestic PC activity. Naturally, it’s an area where everyone needs to be on their guard to protect their data.

However, what if there were a new type of malware which bucked the trend and actually protected you from other forms of malware? It would be pretty special, right? And, it looks like it’s already here in the form of Linux.Wifatch, so let’s take a look at exactly how it works.

How Has Linux.Wifatch Found a Niche?

Internet routers are wonderful little devices, but the majority of users are notoriously sloppy when it comes to safeguarding them. You see, people are eager to get it out of the box and connected to the net as soon as possible, so they don’t even consider adjusting the default password or admin settings.

And it’s this neglect towards security that has allowed hackers easy access to countless networks in the past. In fact, November 2014 saw a huge security breach in Vietnam where millions of broadband routers had their traffic hijacked to mask online cyber crime being carried out by hackers.

Linux.Wifatch, however, looks to be a unique remedy to this potential threat.

What is Linux.Wifatch?

virus-de-computador

Linux.Wifatch is an intriguing piece of code which – as per most malware – sneaks into your system in a rather underhand manner. In the case of Linux.Wifatch it’s believed that it breaches your router by way of the telnet protocol – this software helps test connections to servers.

However, once it’s made its way into your router, it does the decent thing and closes the connection it’s got through on to prevent any more malware sneaking in. Not content with closing the doors, Linux.Wifatch will then prompt the router administrator to then change the router password. And it’s final chivalrous act is to set off in search of other malware in the router to destroy.

Is Linux.Wifatch All Good?

It may sound like a friendly virus, but don’t forget that Linux.Wifatch is still malware and the ‘mal’ stands for malicious! Sure, it provides some protection to your router, but it simply shouldn’t be there in the first place.

1afca28

And Linux.Wifatch itself actually has a number of backdoors built into it to allow the author of the virus to use your router as they please.

With the virus spreading globally and affecting tens of thousands of users, it’s creating a lot of panic that this seemingly ‘white hat’ piece of software could suddenly turn nasty. So, in my opinion, the uncertainty surrounding Linux.Wifatch means a much better solution is to take your router security seriously from day 1 to prevent any security breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


trouver-et-suprimer-malware-keyraider-infoidevice

Users running Apple’s iOS software may have been exposed to a nasty piece of malware which threatens to steal user data and make unauthorized app purchases.

This malicious software has been dubbed ‘KeyRaider’ and has been responsible for uploading sensitive user information to a central server. This type of data theft is alarming enough, but affected users are also having to contend with KeyRaider purchasing apps without authorization.

The KeyRaider infection, so far, only appears to affect Apple devices which have gone through the ‘jailbreak’ process, but up to 225,000 accounts have been compromised as a result.

How did KeyRaider Start?

Jailbreaking an Apple device involves removing hardware restrictions enforced by iOS and is a fairly common practice for Apple users who are tech savvy. The aim of jailbreaking is to give more control over how the device runs and to enhance functionality.

9544245659_899baface2_z

Now, a whole industry has sprung up around jailbreaking in order to really highlight what an Apple device can do and to show off developers’ coding skills. And at least one amateur developer has decided to exploit this desire by creating jailbreak tweaks which hide a nasty surprise.

Once these tweaks are installed on an Apple device the system becomes compromised and puts the user at risk of a serious infringement of their security.

The Malicious Tweaks in Full

Two jailbreak tweaks in particular have been identified for putting users at risk of contracting the KeyRaider malware and they are:

  • iappstore – This jailbreak tweak promises to allow jailbroken devices to download paid apps from the App Store without spending a single cent.
  • iappinbuy – Many apps require users to make in-app purchases to enhance that app’s experience e.g. unlocking extra features in games. And this particular tweak pledges to circumnavigate the payment.

Despite many Apple users doubting the authenticity of these tweaks, they were downloaded over 20,000 times. And every single download puts users’ personal data at risk.

What Type of Data Is Being Stolen?

KeyRaider appears to be stealing three types of data from users under the following categories:

  • Usernames, passwords and the Apple devices ‘global unique identifier’
  • Push notification service certificates and private keys
  • App Store purchase logs

These three forms of data carry very powerful user information which is allowing KeyRaider to create high levels of panic particularly due to the financial edge.

How to Protect your Apple Device

sunset_ios_8_wallpaper-copy-1160x725

The simplest piece of advice we can give you is NOT to jailbreak your Apple device. They’re pretty amazing bits of kit as they are, so some things are better off left alone. However, I appreciate that many people want that little bit extra, so we advise the following:

  • Do NOT download the iappstore or iappinbuy app.
  • Avoid downloading anything from Cydia Substrate which is like the App Store, but for jailbroken devices – this is where the malicious tweaks first surfaced.
  • If something sounds too good to be true – such as not paying for paid apps – then it probably isn’t worth installing.

By following this advice you will safeguard your Apple device from disruptive malware such as KeyRaider.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


study-reveals-xiaomi-huawei-lenovo-phones-contain-malware-by-default

It’s not just PCs that are at threat of malicious software (malware), smartphones are fast becoming the prime target for malware, but how has this happened?

First of all, what exactly is malware? Essentially, it’s a nasty string of code or a program which enters software with the main aim of stealing data, taking control of your system or flooding your device with irritating ads.

And you only have to look at the rise of the smartphone to understand exactly why it’s such an attractive prospect for installing software. More people now use their smartphone to access the internet than they do their laptop and this has led to the following issues:

  • Even the most advanced PC user does not fully understand smartphone security as it involves different software and operating systems
  • The average smartphone user is not even aware that their phones can be hacked or monitored

However, the latest malware scandal to hit the smartphone world involves three Chinese smartphone manufacturers (Lenovo, Xiaomi and Huawei) actually preloading their phones with malware. Not exactly the most honest strategy for reassuring users that their data is safe, is it?!

Uncovering the Scandal

881665_NpAdvMainFea

Smartphone malware has been a growing concern for some time, so the German security firm G Data decided it was time to asses the landscape.

And their study reported some shocking findings.

Smartphone malware epidemics are now so common that they’re being discovered roughly every 14 seconds. That means by the time you’ve finished reading this article around 15 smartphone malware epidemics will have erupted. This is very troubling news for every smartphone owner who values their security.

Many brands have been implicated in the scandal, but the most prominent and weighty accusations have been leveled at Lenovo, Xiaomi and Huawei.

Who’s to Blame?

Obviously, once a scandal as hot as this lands, the accused are quick to clear their name and the brands affected have claimed that whilst the malware does exist, it has been installed on their phones by third-party middlemen.

Xiaomi has gone on to comment that this will only occur when purchasing their smartphones through unauthorized dealers. Now, whilst this does sound plausible it’s not ringing true with a number of consumers.

Many consumers feel that the brands involved in the scandal are knowingly involved in the scandal and are, in fact, making a quick buck from allowing this malware to be installed on their smartphones. It doesn’t help that Lenovo has recently been implicated in a bloatware scandal with their laptops, so the level of distrust for such large brands is widespread.

However, actually proving that the manufacturers behind the malware install is incredibly difficult. The malware itself actually clings on to other innocent apps, much like a parasite, and even if these apps are installed it then heads straight to the smartphone’s firmware. This makes it very difficult to pinpoint exactly how the malware got on the smartphone.

The Future of Smartphone Malware

android-malware-01

G Data has conceded that they probably haven’t uncovered the full extent of pre-installed smartphone malware, so many other brands and models could be infected before they’re even turned on for the first time.

This is quite concerning for the huge number of smartphone users which seems to be growing larger by the day. Understanding that your smartphone is at risk is therefore essential in this day and age. And avoiding unauthorized dealers should be an absolute given to limit your chances of falling prey to malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Phishing

Do you know how to spot a phishing email? Phishing emails are not only a nuisance, but can also lead to theft. Our guide will show you how to spot them.

The term “phishing” is likened to the word fishing, which sounds almost the same and is used with the same notion to reel in some information such as a username/password or to hook you into taking some action via an unsolicited email. The aim of a phishing email is to “phish” a user by having them fall for the bait without initially realizing it.

Convincing phishing emails work well for the originator without raising too much suspicion to the end user.  So how does one avoid this? First, let’s understand the damage a phishing email can generate before we delve into how to spot one.

What harm can phishing emails cause?

There are two major risks that can result from opening up links or attachments from phishing emails.

  1. Many email authors aim to trick users into believing that they’ve been contacted by a legitimate company that may prompt them to visit a link which can lead to a fake website. This site may be a copy-cat site of a legitimate one, for instance a banking site, complete with a login screen. The spoof site then captures and records login credentials which can be used again by the originator of the dummy site.
  2. The email itself may pretend to pose as the legitimate company, such as a bank, prompting their targets to take action through their link. Usual email wording triggers the user to prompt some action such as “your account is suspended”, “update your information”, or even that an account has had “unauthorized access”. Anything which triggers panic or confusion is enough to get a user to follow through the phishing email’s instruction.

Such scams can lead users to give away their credentials, passwords, and private information, which can be used to steal their identity and money.

Many phishing emails also attempt to infect systems with malware. This is a common entry point for a large majority of infections at companies leading to infecting one’s computer system and network with nasty malware. The worst case scenario includes the malware holding a user’s data hostage in exchange for a ransom.

How to spot phishing scams

Below are usual signs of phishing email to watch out for.

  • Unrecognized sender. This is usually a big giveaway. If you don’t recognize the sender, treat it with suspicion. Even if the recipient appears with the same domain, always question this as clever phishing attacks can use the same company domain to trick users.
  • Unexpected emails. Unless you’re expecting an email from a company i.e. a delivery shipment notification, or a lottery win, treat this with suspicion. If unsure about a delivery shipment, contact the official company – acquiring their contact details through their official website.
  • Prompts to open up attachments. Avoid clicking any links or opening attachments.
  • Odd looking website addresses. Another clue to phishing emails are links in the email having suspicious website addresses, which can redirect you to a dodgy website.
  • Odd looking or out of place emails. If you’re able to look at the sender’s details, see what email address it displays. Most of the time their email domains will not match the company they claim to be from. For instance, an email claiming to be from your bank could have @yahoo.com domain. This is an obvious giveaway!
  • Impersonating institutions and companies. As mentioned earlier, be suspicious of so-called emails posing to be Banks, the IRS, Social Security Office and so forth. They rarely contact users through email. If in doubt, contact them directly and not through any telephone numbers given in the message.
  • Poorly written English and grammar. Many phishing emails contain poorly structured sentences and grammatical mistakes which sound like they’ve been written by a ten year old or a non-native English speaker.

Anatomy of Phishing-1

If ever you’re in doubt, don’t hesitate to notify your IT administrator who can help to block as many phishing emails as possible. Even if some manage to filter through, which does happen, put this guide into practice.

For more ways to secure your business systems and networks, contact your local IT professionals.

Read More