February 24, 2020 By David Bisson 3 min read

Last week in security news, researchers discovered a clicker malware family called “Haken” as well as new samples of the Joker premium dialer and spyware hiding in Google Play. Haken and Joker weren’t the only threats to raise a red flag with security researchers. The AZORult Trojan, Dharma ransomware, Adwind and ObliqueRAT also attracted attention within the security community.

Top Story of the Week: Unwelcome Discoveries in the Google Play Store

Check Point Research observed a surge in activity from a well-known clicker family called “BearClod” on Google Play. During its investigation into dozens of new Android applications containing this malware, Check Point’s researchers came across Haken for the first time. A deep dive into this clicker family revealed that Haken had concealed itself within eight apps that had garnered a total of around 50,000 downloads for the purpose of generating illegitimate profits.

Around the same time, researchers at the security firm unearthed four applications on Google Play that harbored Joker. This threat used those programs to infect a device, register a victim to premium SMS services and spy on their activities.

Source: iStock

Also in Security News

  • Fake ProtonVPN Installers Employed by AZORult Trojan: Kaspersky Lab spotted a campaign that used malvertising techniques, among other tactics, to trick Windows users into downloading a fake ProtonVPN installer. That installer loaded the AZORult Trojan onto a victim’s machine.
  • Italian Windows Users Caught in Dharma Ransomware’s Crosshairs: Bleeping Computer reported on the discovery of a campaign targeting Windows users in Italy with spam emails containing fake invoices. Those attachments leveraged a VBS script to load one of two payloads: the Ursniff keylogger or Dharma ransomware.
  • More Than 80 Turkish Companies Targeted by Adwind Campaign: Researchers at Check Point detected a phishing email campaign that used an Office attachment and a heavily obfuscated JAR file to load Adwind v3.0 onto a victim’s machine. At the time of analysis, the campaign had targeted more than 80 Turkish companies with the malware.
  • Scammers Prey Upon Burning Man Fans: In a scam uncovered by Kaspersky Lab, digital fraudsters created a fake Burning Man website that stole colors, fonts and design elements from its legitimate counterpart. The site used that disguise in order to trick fans of the annual event into purchasing non-existent tickets.
  • Nine Websites Infected With Credit Card Skimmer: Two security researchers found nine websites that had suffered an infection at the hands of a credit card skimmer used by Magecart Group 12. The duo attempted to contact the site owners, but they heard nothing back. At the time of Bleeping Computer’s reporting, the skimmer was still active on all but one of the sites.
  • ObliqueRAT Distributed by Maldocs in New Malware Campaign: Cisco Talos spotted a new malware campaign that distributed ObliqueRAT in Southeast Asia. The campaign used malicious Microsoft Office documents (“maldocs”) to download the malware as its second stage payload.

Security Tip of the Week: Strengthen Your Anti-Malware Security Posture

Security professionals can help their organizations strengthen their anti-malware posture by creating a dynamic incident response plan. To ensure its effectiveness, security teams should make a habit of regularly testing the plan either internally or with the help of a consultant. Additionally, infosec personnel should make sure they have access to the latest threat intelligence so they can stay abreast of evolving malware campaigns and techniques.

More from

How I got started: AI security executive

3 min read - Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a dance major but was also working for NASA as a hardware IT engineer, which forged her path into AI and cybersecurity.Where did you go to…

DHS awards significant grant to improve tribal cybersecurity

4 min read - The Department of Homeland Security (DHS) has awarded $18.2 million in grants through the Tribal Cybersecurity Grant Program to boost cybersecurity defenses among Native American Indian Tribes. The program takes a big step in addressing the unique digital threats faced by tribal communities — a dedicated effort to improve cybersecurity infrastructure across these regions. The $18.2 million grant is just one component of DHS's broader strategy to enhance national cybersecurity. Administered by the Federal Emergency Management Agency (FEMA) in partnership…

ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

2 min read - After reading about the recent cybersecurity research by Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang, I had questions. While initially impressed that ChatGPT 4 can exploit the vast majority of one-day vulnerabilities, I started thinking about what the results really mean in the grand scheme of cybersecurity. Most importantly, I wondered how a human cybersecurity professional’s results for the same tasks would compare.To get some answers, I talked with Shanchieh Yang, Director of Research at the Rochester Institute…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today