Security Roundup: Labor Day Edition
Neutrino to Jimmy, a Malware Evolution. A few months ago, Kaspersky provided an analysis of a banking trojan calledNeutrino, and this week they dive into its evoluton, which they call Jimmy. The malware strain has evolved from straight up banking card stealing, to being able to load remote modules to perform a number of tasks, including cryptocurrency mining and web traffic injection.
Kaspersky reports on Russian hacking toolkit. This week, Kaspersky also revealed the existence of Whitebear, a hacking toolkit apparently in use by the Russian speaking Turla group to target embassies and other diplomatic related targets. There is some speculation around why Kaspersky, a Russian company, would release information around this toolkit. Is it already burned? Has it been neutralized? Are they attempting to distance themselves from the Kremlin? Don your tinfoil hats and read on.
*DDoS Providers Collaborate to Identify and Neutralize Botnet *. A large number of security companies, including direct competitors, collaborated this year to take down a botnet by the name of ‘WireX’. WireX was actually a mobile botnet, caused by ~300 malicious apps in the android store, and believed to be installed on at least 70k devices. Google has since removed the malicious apps and has been cleaning up client devices.
Malware making made easy. In other Android news, a new ransomware toolkit has been released that allows anyone to create an Android ransomware app in just a few clicks. Expect future stories of more app store removals in the future.
IoT Credential Leak. A number of IoT device credentials was discovered online last week, totalling at most ~8K unique hosts. Researchers have determined that fewer than 2K were still accessible, which is a miniscule amount that may be added to a botnet, but still cause for concern for whoever owns the devices. Also of interest is that the list allegedly consisted of 144 credential combos, up from the 60 that were initially used by Mirai. This discovery prompted security researchers to put an insecure device on the internet and observe what happens, resulting in the device being exploited approximately once every 2 minutes over the course of 44 hours.
RAT Provided For Free. A RAT builder named Cobain made the rounds underground recently, as it was being offered for free. This turned out to be due to the fact that the builder itself had a backdoor. This is another example of “when something is free, you are the product.”
711 million record spam list makes the rounds. You may have heard about the massive spam list this week, composed of 711 million records. Troy Hung, in his usual style, breaks down what is in the dataset and what it means.