October 7, Securityweek – (International) Malicious Android adware infects devices in 20 countries. Security researchers from FireEye were monitoring a new malicious adware campaign dubbed Kemoge that has affected Android devices in 20 countries, in which the malware serves ads to an infected device, extracts exploits to root phones, and employs multiple persistence mechanisms. The malware is packaged with popular Android apps uploaded to third-party stores. Source
October 7, Softpedia – (International) Zero-day exploit found in Avast antivirus. Security researchers from Google’s Project Zero discovered a zero-day exploit in Avast antivirus software in which an attacker could leverage a faulty method used for parsing X.509 certificates in secure connections to execute code on an affected system. Avast has since patched the vulnerability. Source
October 7, Softpedia – (International) Major ransomware campaign disrupted, attackers lose potential revenues of $34M. Researchers from Cisco shut down a massive ransomware campaign accounting for 50 percent of all ransomware deployments via the Angler exploit kit (EK) that would have allowed the campaign’s operators to collect over $34 million. The cyber-criminals used a network of 147 proxy servers bought from Limestone Networks via stolen credit cards to deliver the largest ransomware delivery platform ever noticed in the wild. Source
October 7, Help Net Security – (International) Previously unknown Moker RAT is the latest APT threat. Security researchers from enSilo discovered a new Remote Access Trojan (RAT) dubbed Moker that takes over targeted systems by creating a new user account before opening an RDP channel to gain remote control, and tampers with sensitive system and security files and settings. The malware comes with a complete feature set and achieves system privileges, and may also be controlled locally. Source
October 7, The Register – (International) Remote code exec hijack hole found in Huawei 4G USB modems. Security researchers from Positive Technologies discovered cross-site scripting (XSS) and stack overflow vulnerabilities in Huawei E3272 USB 4G modem that could allow attackers to conduct remote execution and denial-of-service (DoS) attacks and hijack connected computers. Huawei released patches addressing the vulnerabilities. Source
October 6, Securityweek – (International) Winnti spies use bootkit for persistence, distributing backdoors. Security researchers from Kaspersky Lab discovered that the advanced persistent threat (APT) group Winnti has been using an attack platform dubbed “HDRoot” as a bootkit disguised to look like Microsoft’s Net.exe utility while protected by VMProtect software, delivering two backdoors. The group previously targeted gaming companies in the U.S. and worldwide. Source