ICT Security-Sécurité PC et Internet

Researchers say the malware is "highly efficient," even if it's not very sophisticated.

A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it's efficient at stealing passwords.

Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware "Fauxpersky," as it impersonates the Russian antivirus software Kaspersky. The keylogger is built off a popular app, AutoHotKey, which lets users write small scripts for automating tasks, and compile the script into an executable file. In this case, the app was abused to build a keylogger, which spreads through USB drives and infects Windows PCs -- and replicates on the computer's listed drives.

"This malware is by no means advanced or even very stealthy," said researchers Amit Serper and Chris Black, in a detailed blog post, published Wednesday.

"However, this malware is highly efficient at infecting USB drives and exfiltrating data from the keylogger through Google directly to the attacker's mailbox," the researchers said.

That's where the malware's functionality gets interesting: Once the malware's core files are all running, everything typed on the computer is recorded into a text file with the window's name -- giving the malware author a better idea of the context to the keylogged text.

The contents of that text file is exfiltrated from the computer through a Google Form. The file is then deleted from the disk. Each form response goes directly to the malware author's email inbox.

Serper and Black reported the malicious form to Google, which took it down within an hour.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Keylogger

Deux malwares déjà connus s'attaquent maintenant aux entreprises alerte Microsoft. L'éditeur donne des conseils pour prévenir les infections et éviter qu'elles ne se propagent s'il est déjà trop tard.

Sur son blog Technet Microsoft explique que les deux malwares de type cheval de troie Qakbot et Emotet connaissent un regain d'activité ces derniers mois. Ils sont de familles différentes mais ont des comportements semblables et le même but : dérober des informations bancaires ou d'autres données sensibles. Par la suite ces informations peuvent être utilisées pour récupérer de l'argent frauduleusement.

Ils se propagent en utilisant plusieurs méthodes, en piégeant tout d'abord un utilisateur par le biais d'une pièce jointe ou via un site web infecté. Ils infectent ensuite les lecteurs partagés en réseau et les lecteurs amovibles connectés aux machines ou en tentant d'accéder aux dossiers protégés en essayant des mots de passe administrateur ou en utilisant ceux dérobés en espionnant les frappes clavier des victimes.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=banking+trojans

A new report from researchers at Sucuri reveals that websites are once again being found infected by cryptomining code – stealing the resources of visiting computers to mine for the Monero cryptocurrency.

Many web surfers almost certainly don’t realise that the reason that their laptop’s fan is running at full blast is because the website they are viewing is tied up with the complex number-crunching necessary to earn the digital currency.

But, in a twist, this particular attack isn’t just interested in mining Monero. While the website’s front-end is digging for cryptocurrencies, the back-end is secretly hosting a keylogger designed to steal unsuspecting users’ login credentials.

With the keylogger in place, any information entered on any of the affected websites’ web forms will be surreptitiously sent to the hackers.

And yes, that includes the site’s login form.

We’ve said it before, and we’ll no doubt say it again. And again.

If your website is powered by the self-hosted edition of WordPress, it’s essential that you keep both it, and any third-party plugins, updated.

Self-hosting your WordPress site is attractive in many ways, but you have to acknowledge that security is now your responsibility (or find yourself a managed wordpress host who is prepared to take it on for you). New vulnerabilities are found in the software and its many thousands of third-party plugins all the time.

In short, if you don’t know what you’re doing, there’s a chance that your WordPress-running website has security holes which a malicious hacker could exploit. Such security weaknesses could potentially damage your brand, scam your website visitors, and help online criminals to make their fortune.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress