Seventeen Android Nasties Spotted in Google Play, Total Over 550K Downloads

Seventeen Android Nasties Spotted in Google Play, Total Over 550K Downloads

Bitdefender researchers recently found 17 Google Play apps that, once installed, start hiding their presence on the user’s device and constantly display aggressive ads. While not malicious per se, the tactics they use to smuggle themselves into Google Play and dodge Google’s vetting system are traditionally associated with malware. Waiting ... Read More

Researchers Find RDP Abuse Exposes New Fileless-Type Tactic

|
Recent investigations by Bitdefender security researchers revealed an attack tactic that could be considered fileless, from an endpoint perspective. Abusing the RDP protocol, in the sense that attackers already have legitimate RDP (Remote Desktop Protocol) credentials, means they can set up a share on their machine that acts as a ... Read More
Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining

Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining

The Mirai botnet that made headlines in 2016 for taking out infrastructure through large-scale network attacks has become a reference point in the security industry for the damage that large IoT botnets can inflict. Since its source code was published and made available to anyone interested in building their own ... Read More
RDP Abuse and Swiss Army Knife Tool Used to Pillage, Encrypt and Manipulate Data

RDP Abuse and Swiss Army Knife Tool Used to Pillage, Encrypt and Manipulate Data

Bitdefender researchers recently found threat actors abusing a legitimate feature in the RDP service to act as a fileless attack technique, dropping a multi-purpose off-the-shelf tool for device fingerprinting and for planting malware payloads ranging from ransomware and cryptocurrency miners to information and clipboard stealers. The attack vector involves the ... Read More

The Underworld Economy

|
Imagine a world in which you could simply click onto a website to buy drugs, weapons, fake IDs, malicious software and ‘how to’ guides for building AK47s. In just a button press, you could own just about any illegal item you can think of. In the realm of the dark ... Read More
Dozens of Apps Still Dodging Google’s Vetting System

Dozens of Apps Still Dodging Google’s Vetting System

Bitdefender researchers recently analyzed 25 apps that made it into Google Play, at least for a time, packing aggressive adware SDKs that bombarded users with ads and avoided removal by hiding their presence. Cumulatively, the apps were apparently downloaded almost 700,000 times by Google Play users. While Google has gone ... Read More
Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally

Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally

Bitdefender researchers recently found and analyzed a worm-cryptominer combo that uses a series of exploits to move laterally and compromise victims. What makes it interest is that it pauses the resource-intensive cryptomining process if it finds popular games running on the victim’s machine. The investigation revealed that the worm-cryptominer has ... Read More
New Homograph Phishing Attack Impersonates Bank of Valletta, Leverages Valid TLS Certificate

New Homograph Phishing Attack Impersonates Bank of Valletta, Leverages Valid TLS Certificate

Bitdefender researchers recently uncovered a new IDN (internationalized domain name) homograph phishing attack in which attackers impersonate the Bank of Valletta, Malta. Bitdefender’s Deep Learning technologies, trained specifically to spot this type of homograph attack, quickly flagged the website for phishing. They triggered an investigation from our teams to better ... Read More
Adware-Packed Fake Apps Still Making Their Way to Google Play

Adware-Packed Fake Apps Still Making Their Way to Google Play

Adware is nothing new, nor will it go away any time soon, especially since it’s a legitimate means for app developers to generate revenue. When it comes to Android, “borderline legitimate” is the tagline that developers commonly abuse to smuggle seemingly legitimate applications into official marketplaces, such as Google Play ... Read More
Astaroth Trojan Resurfaces, Targets Brazil through Fileless Campaign

Astaroth Trojan Resurfaces, Targets Brazil through Fileless Campaign

During routine detection monitoring from our Advanced Threat Control technology, Bitdefender researchers found an interesting spike in malware activity that involved using Microsoft binaries in the infection process, as well as GitHub and Google Drive for delivering payloads. After analyzing the detection details, we identified this activity as a resurgence ... Read More