Cybercriminals do not sit idly by and continue to organize malicious campaigns that pursue different goals. Last week, it became known at once about several such operations, including campaigns to distribute a powerful rootkit for Android the malware Zyklon. After the New Year’s calm. Obth these and many more vulnerabilities were discovered this week, leading toa a truely legendary amount of work for patches to get to work on.
At the beginning of last week, researchers from Kaspersky Lab announced the discovery of a powerful spyware for Android devices, named by Skygofree on one of the domain names used in the campaign. The software has exceptional capabilities, such as obtaining superuser rights with multiple exploits, a complex payload structure, and also a previously unknown sound recording function in predefined locations. All detected LC campaigns for the distribution of Skygofree were conducted exclusively in Italy, and its victims were only Italian users. According to experts, the creator of a malicious program may be an Italian company specializing in the development of tracking tools.
Researchers from Trend Micro revealed details of a large-scale campaign to distribute malicious software for Android devices that abducts Facebook users’ credentials and aggressively displays advertisements. The malware, called GhostTeam by one of the lines found in the code, was distributed through the Google Play Store and could be downloaded by hundreds of thousands of unsuspecting users.
In the second half of last year, researchers in the field of cyber security described a number of vulnerabilities in the package of Microsoft Office, which cybercriminals immediately put to the test. FireEye specialists identified a campaign for the distribution of the backdoor Zyklon, in which criminals exploit three problems at once: CVE-2017-8759 in the .NET Framework, CVE-2017-11882 in the Microsoft Equation Formula Editor, and Dynamic Data Exchange (DDE). The malicious program can record keystrokes, collect passwords, and download and install additional plug-ins for crypto currency mining and password recovery.
The human rights organization Electronic Frontier Foundation and the cyber security company Lookout published a joint report that shed light on the activities of the Dark Caracal group that stole hundreds of gigabytes of data from victims around the world with phishing campaigns and simple malware. The targets of attacks by Lebanese hackers were officials, military, employees of utility companies, financial institutions, industrial companies, as well as defense contractors. The grouping used both well-known malicious programs for Windows OS, and special spyware FinFisher. Hackers also developed their own malware for Android, called Pallas.
After the holiday break, the botnets Satori and Necurs resumed their activity, both of which are involved in activities related to crypto currency. A new version of malicious software Satori infects equipment for crypto currency mining with Claymore software installed and replaces the owner’s purse pool and address with the address and the attacker’s pool. As for Necurs, last week the botnet was seen spreading a huge amount of spam within the fraudulent pump-and-dump scheme that promotes the little-known SwissCoin crypto currency.
The past week has not been without theft of funds from the next crypto-currency service. This time, the victim was the service BlackWallet.co, which provides web-purses for the crypto currency Stellar Lumen (XLM). Unknown hacked the DNS server BlackWallet and stole more than $ 400 thousand from users’ accounts.
The Norwegian police security service (Politiets sikkerhetstjeneste, PST) suspected hackers working for foreign intelligence services in hacking the computer network of the regional health department in early January of this year. The department did not specify whether the attackers managed to gain access to data on the state of health of citizens or other confidential information.