Search This Blog

Showing posts with label Trojan Horse. Show all posts

Flashback Mac Trojan exploits Java vulnerability or uses Social Engineering Attack

Security firm Intego is warning about a new version of Flashback Trojan that aims to steal victim's online banking details.

This new Trojan try to exploit one of two Java vulnerabilities in order to infect the Mac user's system.  If these vulnerabilities are patched and the system has updated version of Java, then it tries to trick users into accepting a fake digital certificate(Social Engineering Attack),

In order to avoid detection, Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac .  It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.

"Flashback.G injects code into web browsers and other applications that access a network, and in many cases causes them to crash. It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension. "Intego wrote on its security blog.

The goal of this malware appears to be to steal usernames and passwords for high-value sites such as Bank websties, Paypal and other sites. Intego said the malicious code injected into the running application causes them to become unstable and often will crash.

Security Tips:
  • Update your Java to the latest version
  • Intego says many Macs are getting infected by the social engineering trick of the bogus certificate purporting to be signed by Apple, as shown in the screenshot above. If you see this, don’t trust it, and cancel the process.
  • Install Intego VirusBarrier X6(detects all other variant of this Trojan)

SMS Trojans target users from a number of European countries and Canada

Denis @Kaspersky Lab discovered a SMS Trojan that target users from a number of European countries and Canada.  According to the messages found on Internet forums, the first infections were reported in early September.

One of the Victim downloaded an application to monitor his own messages, calls and traffic. After launching this application , it displayed message that it was not compatible with the user’s Android version. And then the user’s mobile account was emptied.  This app turned up to be an SMS Trojan which sends 4 SMS messages to premium rate numbers. Kaspersky detect it as "Trojan-SMS.AndroidOS.Foncy" malware.

The main menu of smartphone after the infection:

This Trojan is distributed via a file hosting website with the name "SuiConFo.apk".

There are 2 main malicious classes of this Trojan: ‘MagicSMSActivity.class’ and ‘SMSReceiver.class’. The first is mainly responsible for sending SMS messages, while the second is used to hide incoming messages from specific numbers.

"Unfortunately, today SMS Trojans are one the easiest ways for cybercriminals to make easy money fast. Malicious use of premium rate SMS services is spreading around the world, and I’m pretty sure it’s not going to stop any time soon. We’ll keep you posted. " said Denis

Tsunami backdoor Trojan Horse for Mac OS X, port of Troj/Kaiten

Sophos researchers discovered a new Trojan Horse named as "Tsunami" that infects Mac OS X.  Researchers said it appears to be a port of Troj/Kaiten( a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions)

An attacker can get access to infected system and launch DDOS Attack(Distributed Denial of service).

Sophos Anti virus included this OSX/Tsunami-A in virus Definitions, So it can detect these malwares. Don't forget to update your Antivirus.