A Week in Security (Apr 05 - 11)

A Week in Security (Aug 02 – Aug 08)

Last week, we saw a fake Android alert that blames Chinese hackers, a peculiar Facebook phishing campaign that is after your government-approved ID, a “Payment Confirmation” spam that is actually carrying malware—about which we analyzed in-depth on a separate blog post—and a blatant copying and pasting of exploit code from the Hacking Team data leak by Chinese hackers into their own exploit files.

We also spotted and documented a huge malvavertising campaign that may have affected users and visitors of Yahoo!. The attackers had leveraged on Microsoft Azure websites to house the malicious scripts. Jérôme Segura, the senior security researchers responsible for this discovery wrote, “We did not collect the payload in this particular campaign although we know that Angler has been dropping a mix of ad fraud (Bedep) and ransomware (Cryptowall).”

Thomas Reed, our Mac expert, documented a particular adware installer that was able to gain root access to an Apple MAC’s OS X by exploiting a vulnerability on DYLD_PRINT_TO_FILE.

Finally, we also published a complete study on Bunitu in collaboration with our security experts, hasherezade and Sergei Frankoff, a researcher with Sentrant. Bunitu, a proxy Trojan, has played a part in malvertising campaigns as payload for certain exploit kits, usually Neutrino. We wrote about Bunitu in-depth last July, identifying why it’s dangerous to have this malware installed on systems. You may want to read about that first before delving into the study. Note that both posts are technical.

Notable news stories and security related happenings:

Safe surfing, everyone!

The Malwarebytes Labs Team