Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains. The campaign, called Realstatistics, has tainted thousands of sites built on both Joomla! and WordPress content management systems. Researchers with security company Sucuri observed the campaign injecting bogus analytics code, including the url...

For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files. “To make it more difficult for administrators, this release no longer uses...

The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say. In a an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify...

An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted from sources on the web. Cymmetria Research, which discovered the APT...

Researchers have linked a variant of the Pirrit adware for Mac OS X to an Israeli online marketing company called TargetingEdge that is still in stealth mode. Amit Serper, lead Linux and Mac OS X researcher at Cybereason, said that script he wrote to remove the original version of Pirrit from compromised machines had recently...

The remote access Trojan Adwind has resurfaced and as of last weekend, is being used in spam emails targeting Danish companies, researchers said. In emails purporting to be order requests coming from either spoofed or fake return addresses, attackers are spreading malicious .jar, or Java archive files. Assuming a user clicks through and opens the file, Adwind’s...

Think hackers use advanced malware and mysterious tools once they have infiltrated a network? According to security startup LightCyber, most attackers use the same mainstream security tools the good guys use, only for lateral movement, network mapping and remote control of endpoints. Of course, tactics for penetrating the network include tried-and-true techniques such as malware,...

The pseudo-Darkleech campaign is one of the most notorious and ongoing attacks of recent years, making use of major exploit kits to deliver primarily different strains of ransomware. The campaign has been a bit of chameleon since it was disclosed in March 2015 by researchers at Sucuri. The latest bit of its shape shifting involves...

The same group of cybercriminals behind a strain of iOS malware uncovered last year have apparently diversified and now dabble in Android malware. The group, dubbed Yingmob, has been running a malware campaign named HummingBad that controls 10 million Android devices globally and rakes in $300,000 a month, researchers said on Friday. According to researchers...

Ransomware called Zepto is raising concerns with security experts because of its close ties to the more mature and prolific Locky ransomware. Zepto was spotted about a month ago, but a recent wave of spam containing Zepto-laced attachments detected on June 27 is heightening fears of widespread infections. “We are watching Zepto very carefully. It’s...