Raspberry Pi Detects Malware Using Electromagnetic Waves

A team of researchers from the Research Institute of Computer Science and Random Systems (IRISA) has developed a malware detection system using a Raspberry Pi that scans devices for specific electromagnetic (EM) waves. The group consists of Annelie Heuser, Matthieu Mastio, Duy-Phuc Pham, and Damien Marion .

Because the Pi focuses on the EM field, users don’t need to install anything on the target device. Instead, everything is handled via physical, external forces and is outside any software-level control potential malware has on a given machine.

The Raspberry Pi is trained with both safe and malicious data sets to help

Read More

Trojanized dnSpy app drops malware cocktail on researchers, devs

Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy .NET application to install cryptocurrency stealers, remote access trojans, and miners.

dnSpy is a popular debugger and .NET assembly editor used to debug, modify, and decompile .NET programs. Cybersecurity researchers commonly use this program when analyzing .NET malware and software.

While the software is no longer actively developed by the initial developers, the original source code and a new actively developed version is available on GitHub to be cloned and modified by anyone.

Malicious dnSpy delivers a cocktail of malware

Read More

Firmware attack can drop persistent malware in hidden SSD area

Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of the user and security solutions.

The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by SSD makers these days for performance optimization on NAND flash-based storage systems.

Hardware-level attacks offer ultimate persistence and stealth. Sophisticated actors have worked hard to implement such concepts against HDDs in the past, hiding malicious code in unreachable disk sectors.

How flex capacity

Read More

Android malware warning: Over 500,000 users have been infected after downloading this app from Google Play

Over half a million Android users have installed an app used to deliver Joker malware after downloading it from the Google Play store.

Cybersecurity researchers at Pradeo identified the malware, which Google has now removed from its official Android app marketplace. Before its removal, the app, called ‘Color Message’, was downloaded by more than 500,000 Android users.

Advertised as an app that allowed users to personalise their default SMS messages, Color Message was a front to deliver Joker, one of the most prolific forms of Android malware.

SEE: A winning strategy for cybersecurity (ZDNet special report) 

Once installed,

Read More

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.

This hacking group, also known as APT-C-41 and Promethium, was previously seen distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018, so this technique is not new.

The recent lure involves Notepad++, a very popular free text and source code editor for Windows used in a wide range of organizations.

The discovery of the tampered installer comes from a threat analyst known as ‘blackorbird’ analysts, while Minerva Labs reports on the malware.

Read More

Joker malware returns to target millions more Android devices

The notorious Joker malware has once again found its way into the official Google Play Store by making subtle tweaks to get past automated checks, reports have claimed.

The Joker family of malware has been infecting apps on Google’s Play Store for the last few years, and has even cropped up on other prominent app stores such as Huawei’s.  

“Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques,” suggests researchers from cloud security firm Zscaler.

TechRadar needs you!

We’re looking at

Read More

XLoader malware steals logins from macOS and Windows systems

A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems.

XLoader is currently being offered on an underground forum as a botnet loader service that can “recover” passwords from web browsers and some email clients (Chrome, Firefox, Opera, Edge, IE, Outlook,Thunderbird, Foxmail).

XLoader infostealer advertisement

Derived from the Formbook info-stealer for Windows, XLoader emerged last February and has grown in popularity, advertised as a cross-platform (Windows and macOS) botnet with no dependencies.

The connection between the two malware pieces was confirmed after a member of the community reverse-engineered

Read More

Newly discovered Vigilante malware outs software pirates and blocks them

A researcher has uncovered one of the more unusual finds in the annals of malware: booby-trapped files that rat out downloaders and try to prevent unauthorized downloading in the future. The files are available on sites frequented by software pirates.

Vigilante, as SophosLabs Principal Researcher Andrew Brandt is calling the malware, gets installed when victims download and execute what they think is pirated software or games. Behind the scenes, the malware reports the file name that was executed to an attacker-controlled server, along with the IP address of the victims’ computers. As a finishing touch, Vigilante tries to modify

Read More