Fraser Howard of SophosLabs teaches us about cryptojacking - where crooks mine for cryptocurrency, but someone else pays for the electricity.
Source: Cryptojacking: the crooks get the money, but you pay the bill [PODCAST]
Recently, we discovered CVE-2017-11882 being exploited again in an attack that uses an uncommon method of installation—via the Windows Installer service in Microsoft Windows operating systems.
Cybercriminals are constantly looking for new strategies to defeat security solutions and improve the success of their attacks.
The increase in adoption of polymorphism and packing has made traditional signature-based detection at the client side (endpoint) obsolete. Backend systems struggle in analyzing modern malware since both static and dynamic analysis are limited when heavily obfuscated code or anti-sandboxing techniques are employed. In addition, the number of newly discovered threats is increasing, and faster detection systems are required to protect users around the world.
The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affect hundreds of thousands of users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains used.