The Zscaler ThreatLabZ team is continually hunting new threats, analyzing them, and sharing their findings in blogs and reports on the Zscaler site. What follows are the most read and shared blogs of 2018. Android apps infected with Windows malware reemerge By Gaurav Shinde This blog explores apps available on Google Play that were infected with malicious iFrames. Though the malware posed no immediate threat to users, its discovery highlights the fact that infections can be propagated across different platforms. This vector can be leveraged by a clever attacker to serve second-level malicious payloads, depending on the type of device platform visiting the URL. Read more. The latest cloud hosting service to serve malware By Dhanalakshmi Cloud services are under attack because they enable bad actors to open inexpensive hosting accounts for hiding malicious content in the cloud-based domains of well-known brands. The ThreatLabZ team discovered that a popular managed cloud hosting service provider has been serving phishing attacks and other malware in the wild as far back as February 2018. Read more. Meltdown and Spectre vulnerabilities: What you need to know By Deepen Desai With the ability to allow attackers to gain unauthorized access to sensitive information in system memory, Meltdown and Spectre represent a new class of microarchitectural attacks that use processor chip performance optimization features to exploit built-in security mechanisms. This blog provides an analysis of the vulnerabilities as well as mitigation information. Read more. Cryptominers and stealers – malware edition By Atinderpal Singh and Rajdeepsinh Dodia Due to their decentralized nature, cryptocurrencies are impossible to control or censor by any single authority—and that makes them attractive to cybercriminals. With more than 4,000 cryptocurrencies on the market rising in both value and popularity, we’ve seen a rise in the use of malware that targets bitcoins or altcoins for financial gain. This blog provides insight into various cryptominers and stealer variants. Read more. DarkCloud Bootkit By Nirmal Singh Following on its report about cryptomining and wallet stealing techniques, this blog provides a technical analysis of yet another type of cryptominer malware that uses a bootkit and other kernel-level shellcode for persistence. Read more. Spam campaigns leveraging .tk domains By Mohd Sadique ThreatLabZ identified a campaign using the “.tk” top-level domain, which started with compromised sites that redirect users to either fake blog sites to generate ad revenue or fake tech support sites that claim to remove viruses. We estimated at the time that at least USD 20K per month in revenue was being generated from the fraudulent ad activities alone. Read more. Magecart campaign remains active By Rubin Azad Magecart is a notorious hacker group that has been responsible for large-scale attacks on the e-commerce sites of well-known brands. In this blog, we examine the campaign’s recent activity and its methods for skimming credit and debit card information for financial gain. Read more. CVE-2017-8570 and CVE-2018-0802 exploits being used to spread LokiBot By Mohd Sadique This blog provides an overview of the use of malicious RTF documents that leverage the CVE-2017-8570 and CVE-2018-0802 vulnerability exploits to install malicious payloads on victims’ machines. The team shares its analysis of a campaign leveraging these two exploits to deliver LokiBot. Read more. Ubiquitous SEO poisoning URLs By Jim Wang SEO poisoning is an attack method that involves creating web pages packed with trending keywords in an effort to get a higher ranking in search results. SEO poisoning is also a way to redirect users to unwanted applications, phishing, exploit kits and malware, porn, advertisements, and so on. This blog includes examples and analysis of the techniques in use. Read more. RuMMS malware is back…with enhancements By Shivang Desai The ThreatLabZ team came across a nasty piece of malware hosted on a fake MMS website called mmsprivate[.]site. The site lures victims with what seem to be private photos, inviting them to take a closer look. Upon accepting the offer, victims fall prey to a malicious Android Package Kit (APK) that downloads onto their phones and spies on them. Read more.
*** This is a Security Bloggers Network syndicated blog from Research Blog authored by [email protected]. Read the original post at: https://www.zscaler.com/blogs/research/top-10-threatlabz-blogs-2018