April 7, Help Net Security – (International) New crypto-ransomware “quarantines” files, downloads info-stealer. Security researchers at Trend Micro discovered a new piece of crypto-ransomware dubbed CryptVault that uses open-source GnuPG to create RSA-1024 public and private key pairs that encrypt files to make them resemble files quarantined by an anti-virus solution, before asking for ransom and downloading and executing Browser Password Dump to extract passwords stored by Web browsers. Attackers spread the malware by tricking users into running malicious Javascript file attachments. Source
April 7, Softpedia – (International) Dell System Detect flagged as a risk by antivirus product. Malwarebytes added Dell’s System Detect tool to its list of potentially unwanted applications (PUP) due to a serious remote code execution vulnerability in older versions that attackers could exploit by initiating requests from Web sites containing a “dell” string to download and launch files following an easily bypassed authentication process. Dell mitigated the vulnerability in an update released during the week of March 30. Source
April 6, Softpedia – (International) Angler Exploit Kit now relies on more successful infection tactics. Security researchers from Zscaler’s Threat Lab identified an evolution in the Angler Exploit Kit (EK) in which attackers are utilizing 302 Cushioning and domain shadowing as infection vectors, in addition to typical malvertising that targets users with outdated browser plug-ins. Researchers believe that the malware dropped by Angler EK in recent attacks was a Carberp family banking trojan. Source
April 7, Softpedia – (International) Word documents with scrambled text deliver banking trojan in the background. Security researchers from Cisco’s Talos research group discovered a new variant of the Dridex banking trojan being delivered via incomprehensible malware-laden Microsoft Word documents that trick users into enabling macros before using PowerShell to download and execute the trojan from a hard-coded IP address. The malware campaign lasted for less than 5 hours before antivirus solutions responded. Source