AVGater Uses Vulnerability To Infect PCs using Installed Antivirus

Florian Bogner, a security auditor from Austria has discovered a vulnerability in many popular antivirus titles that allows a hacker to use the AV quarantine folder to infect a more sensitive area of a computer such as C:\Windows.

Using a phishing email, a hacker can then use a Windows feature called NTFS file junction point to restore malware that the antivirus software already moved into quarantine.

Bogner has contacted popular Antivirus companies like Trend Micro, Kaspersky and Malwarebytes and they have already released updates.

For individuals, it is advised to immediately update Antivirus software and for businesses, it’s advised to disable the ability to restore quarantined files.

Please follow and like us:

Android Users – Marcher Malware Is A Significant Threat

Raiffeisen Meine Bank, BankAustria, and Sparkasse customers have been targeted by a banking Trojan named Marcher which launched as a phishing email pretending to be from the victim’s bank. Once the link on the email is clicked, it takes the recipient to a fake website that requests PIN numbers and account information. Then a popup asks the user to install the bank’s “security app” which is actually Marcher.

Normally, a phishing scam like this isn’t newsworthy anymore but this is different because it targets specific banking customers and bundles the attack with the malware infection.

Once installed, Marcher asks for permissions to every aspect of the android device, like SMS, networking, address books and more and it also asks for the victim to re enter credit card numbers for apps that require purchases such as Google Play.

Android users are advised to make sure that they keep their devices updated as well as avoid clicking on email links and installing apps from those links.

Please follow and like us:

ONI or Devil Malware Hits Japanese Businesses

We have seen so many new strains of ransomware like WannaCry, GoldenEye, CryptoLocker, Petya and Bad Rabbit (to name a few) that it’s beginning to become a full time job just to keep up with this new strain of computer virus/ malware.

This new strain of ransomware (we’ll just call it Devil to make things simple) began searching through the network to gain control of key machines like servers using a Trojan virus variation. The targeted servers that did not have this Microsoft security update were then infected but this particular malware code did not activate right away but remained hidden. Then, after lying dormant, the ransomware struck and encrypted all machines that it touched.

While this new malware was most likely created for monetary gain, there is much debate in the cyber security world about this, with questions arising about Devil possibly being created simply as a cyber attack. One clue has been found inside the code of Devil when researchers found bits of the Russian language. This has led researchers to believe that Devil originated in Russia and may have been designed to simply damage it’s targets.

Please follow and like us: