Mitigating fraud has long been an uphill battle for the online advertising world and numbers released Tuesday indicate it’s been a pricey one. The industry is poised to lose a combined $7.2 billion worldwide this year thanks to bogus ad fraud bots, according to a study carried out this past summer by the Association of National...

Apple has had two cracks at patching a vulnerability that allows malicious apps to bypass its OS X Gatekeeper security feature, and twice has taken a shortcut approach to the fix, said the researcher who reported the flaw. The latest measure to address this was released on Thursday and it appears Apple again took steps to...

Researchers have uncovered a new remote access Trojan (RAT) that can evade sandbox analysis, is adept at carrying out espionage, and is being used in targeted threat operations. Named Trochilus, the malware is part of a multi-pronged malware operation that researchers at Arbor Networks are calling the Seven Pointed Dagger (.PDF). The cluster also includes malware such as PlugX, the 9002...

The Brain Test mobile malware family has once again been evicted from Google Play. Known for piggy-backing on fully functioning mobile applications, the malware’s various iterations try to root Android devices, download malicious APKs and inflate the Google Play ratings of other apps written by the same group of Chinese developers. Worse yet is Brain...

Crimeware services are nothing new. Criminals for years have advertised on the underground not only malware, but management services and support for banking Trojans, exploit kits and more. Researchers this week turned up a new ransomware-as-a-service operation that pushes the first ransomware coded entirely in JavaScript. Ransom32 is available for download on a Tor hidden...

Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year. Rather than intrusions permeating our IT systems and stealing our data, attacks got a bit more personal in 2015. Not only were privacy and civil liberties put at...

Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a self-signed root cert that generates certs for HTTPS connections, replacing...

A strain of point-of-sale malware that began making the rounds on underground markets late last month is easy to use, but less sophisticated than initial reports suggested. According to researchers at Talos, Cisco’s research division, Pro PoS is mostly built on Alina, another type of POS malware which had its source code leaked earlier this...

A new run of Spy Banker banking malware infections has been targeting Portuguese-speaking victims in Brazil. While Spy Banker is an old threat, dating back to 2009 according to some security companies, the latest wrinkle attackers are taking is a new one. The campaign, spotted by researchers at Zscaler, spreads primarily over social media—Facebook for...

A coalition of law enforcement agencies worked together recently to disrupt Dorkbot, a botnet that’s managed to infect more than one million machines in 190 countries during the last year. Researchers with Microsoft’s Malware Protection Center announced the news via a post on the MMPC blog. Two divisions within Microsoft, the Malware Protection Center and the Digital Crimes Unit, worked with ESET...