The Underworld Economy

|
Imagine a world in which you could simply click onto a website to buy drugs, weapons, fake IDs, malicious software and ‘how to’ guides for building AK47s. In just a button press, you could own just about any illegal item you can think of. In the realm of the dark ... Read More
Dozens of Apps Still Dodging Google’s Vetting System

Dozens of Apps Still Dodging Google’s Vetting System

Bitdefender researchers recently analyzed 25 apps that made it into Google Play, at least for a time, packing aggressive adware SDKs that bombarded users with ads and avoided removal by hiding their presence. Cumulatively, the apps were apparently downloaded almost 700,000 times by Google Play users. While Google has gone ... Read More
Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally

Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally

Bitdefender researchers recently found and analyzed a worm-cryptominer combo that uses a series of exploits to move laterally and compromise victims. What makes it interest is that it pauses the resource-intensive cryptomining process if it finds popular games running on the victim’s machine. The investigation revealed that the worm-cryptominer has ... Read More
New Homograph Phishing Attack Impersonates Bank of Valletta, Leverages Valid TLS Certificate

New Homograph Phishing Attack Impersonates Bank of Valletta, Leverages Valid TLS Certificate

Bitdefender researchers recently uncovered a new IDN (internationalized domain name) homograph phishing attack in which attackers impersonate the Bank of Valletta, Malta. Bitdefender’s Deep Learning technologies, trained specifically to spot this type of homograph attack, quickly flagged the website for phishing. They triggered an investigation from our teams to better ... Read More
Adware-Packed Fake Apps Still Making Their Way to Google Play

Adware-Packed Fake Apps Still Making Their Way to Google Play

Adware is nothing new, nor will it go away any time soon, especially since it’s a legitimate means for app developers to generate revenue. When it comes to Android, “borderline legitimate” is the tagline that developers commonly abuse to smuggle seemingly legitimate applications into official marketplaces, such as Google Play ... Read More
Astaroth Trojan Resurfaces, Targets Brazil through Fileless Campaign

Astaroth Trojan Resurfaces, Targets Brazil through Fileless Campaign

During routine detection monitoring from our Advanced Threat Control technology, Bitdefender researchers found an interesting spike in malware activity that involved using Microsoft binaries in the infection process, as well as GitHub and Google Drive for delivering payloads. After analyzing the detection details, we identified this activity as a resurgence ... Read More
An APT Blueprint: Gaining New Visibility into Financial Threats

An APT Blueprint: Gaining New Visibility into Financial Threats

This new Bitdefender forensic investigation reveals a complete attack timeline and behavior of a notorious financial cybercriminal group, known as Carbanak. In mid-2018, Bitdefender researchers investigated a targeted attack on an Eastern European financial institution, gaining new insights and creating a complete event timeline showing how the infamous group Carbanak ... Read More

What Happens on the Endpoint Stays on the Endpoint

| | Security Awareness
When attacks bypass endpoint security, it can often take months for enterprises to discover them. Some security reports even estimate that it requires U.S. companies an average of 191 days to detect... Go on to the site to read the full article ... Read More
Triout Android Spyware Framework Makes a Comeback, Abusing App with 50 Million Downloads

Triout Android Spyware Framework Makes a Comeback, Abusing App with 50 Million Downloads

In August 2018, Bitdefender researchers stumbled across an Android malware framework, dubbed Triout, which packed massive surveillance capabilities. Bundled with a legitimate application ripped from the official Google Play marketplace, the spyware framework can hide its existence on the device, record phone calls, log incoming text messages, record videos, take ... Read More
PHP PEAR Site Hacked; Tainted Package Available for Months

PHP PEAR Site Hacked; Tainted Package Available for Months

The official PHP Extension and Application Repository (PEAR) website has been shut down after an apparent hack caused the original PHP PEAR package manager to be replaced by attackers with a tainted version. The framework developers have taken the website offline after noticing that the original PHP PEAR package manager ... Read More