Home Tags Ukraine

Tag: Ukraine

First Malware Designed Solely for Electric Grids Caused 2016 Ukraine Outage

Attackers used CrashOverride/Industroyer to cause a partial power outage in Kiev, Ukraine, but it can be used anywhere, say researchers at Dragos and ESET.

Found: “Crash Override” malware that triggered Ukrainian power outage

Attack tools can be used against a broad range of electric grids around the world.

Industroyer Cyber-Attack Revealed as Cause of Ukraine Power Outage

The industrial control system attack known as Industroyer is alleged to be behind the massive power outage that impacted Kiev, Ukraine, in December 2016.

China launches second (and first homegrown) aircraft carrier

While it still requires outfitting, the new ship will be China's first fully combat-ready aircraft carrier.

Microsoft Word exploit linked to cyberspying in Ukraine conflict

A previously unknown Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage.Security firm FireEye noticed the intrusion attempt, which taps a critical software flaw that hackers are using to craft malicious Microsoft Word documents.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]On Wednesday, FireEye said it uncovered one attack that weaponized a Russian military training manual. Once opened, the malicious document will deliver FinSpy, a surveillance software that’s been marketed to governments.To read this article in full or to leave a comment, please click here

Financial cyberthreats in 2016

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We've noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used.

Cyber-Reconnaissance Malware Bugging Computers in Ukraine

NEWS ANALYSIS: An industrial security company CyberX finds malware that is suspects was created by Russian hackers infecting computers and gathering audio data at critical infrastructure sites in Ukraine.

At Least 70 Organizations Targeted In Sophisticated Cyber Surveillance Operation

Most of the targets are in Ukraine, though a few have been spotted in Russia and elsewhere, CyberX says

Eavesdropping Malware Discovered Gathering Audio Data in Ukraine

NEWS ANALYSIS: "Operation BugDrop" malware stealthily infects computers and turns on the onboard microphone to gather audio files, which it exports to Dropbox files for retrieval and analysis.

Ukraine Blames Russia For New Virus Targeting Infrastructure

The Russian security service, software firms, and criminal hackers are accused of orchestrating cyberattacks on Ukraine's infrastructure.

New Mac malware pinned on same Russian group blamed for election...

Xagent for Macs steals passwords, grabs screenshots, and exfiltrates iPhone backups.

Ransomware app hosted in Google Play infects unsuspecting Android user

Aurich Lawsonreader comments 33 Share this story Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday. The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security firm Check Point Software. Once installed, Charger stole SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights.
If users clicked OK, the malicious app locked the device and displayed the following message: You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data.

All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family. The app sought 0.2 Bitcoin, currently worth about $180.
In an e-mail, Check Point researchers said the app was available in Google Play for four days and had only a "handful" of downloads. "We believe the attackers only wanted to test the waters and not spread it yet," the researchers told Ars.

The infection was detected by Check Point's mobile malware software, which the company sells to businesses.

Google officials have since removed the app and have thanked Check Point for raising awareness of the issue. Hiding in plain sight An analysis showed that Charger checked the local settings of an infected device and wouldn't execute the app's malicious payload if the device was located in Ukraine, Russia, or Belarus.

The behavior was likely an attempt to prevent the developers from facing legal actions in those countries.
In the blog post, Check Point researchers added: Most malware found on Google Play contains only a dropper that later downloads the real malicious components to the device.

Charger, however, uses a heavy packing approach which [makes] it harder for the malware to stay hidden, so it must compensate with other means.

The developers of Charger gave it everything they had to boost its evasion capabilities and so it could stay hidden on Google Play for as long as possible. The malware uses several advanced techniques to hide its real intentions and makes it harder to detect. It encodes strings into binary arrays, making it hard to inspect them. It loads code from encrypted resources dynamically, which most detection engines cannot penetrate and inspect.

The dynamically-loaded code is also flooded with meaningless commands that mask the actual commands passing through. It checks whether it is being run in an emulator before it starts its malicious activity. PC malware first introduced this technique which is becoming a trend in mobile malware having been adopted by several malware families including Dendroid. In 2012, Google unveiled a cloud-based scanner dubbed bouncer that was billed as a way for the company to detect malicious apps before they were made available in Play.

Five years later, discovery of malicious apps like Charger are a regular occurrence.

Google makes little reference to the tool these days. The incident is the latest to underscore the risks posed by apps hosted on Google servers. On Monday, Check Point documented the return of the virulent family of Android malware known as HummingBad, which managed to get from 2 million to 12 million downloads from the marketplace before the 20 affected apps were detected and removed.