Last week in security news, researchers discovered a clicker malware family called “Haken” as well as new samples of the Joker premium dialer and spyware hiding in Google Play. Haken and Joker weren’t the only threats to raise a red flag with security researchers. The AZORult Trojan, Dharma ransomware, Adwind and ObliqueRAT also attracted attention within the security community.

Top Story of the Week: Unwelcome Discoveries in the Google Play Store

Check Point Research observed a surge in activity from a well-known clicker family called “BearClod” on Google Play. During its investigation into dozens of new Android applications containing this malware, Check Point’s researchers came across Haken for the first time. A deep dive into this clicker family revealed that Haken had concealed itself within eight apps that had garnered a total of around 50,000 downloads for the purpose of generating illegitimate profits.

Around the same time, researchers at the security firm unearthed four applications on Google Play that harbored Joker. This threat used those programs to infect a device, register a victim to premium SMS services and spy on their activities.

Source: iStock

Also in Security News

  • Fake ProtonVPN Installers Employed by AZORult Trojan: Kaspersky Lab spotted a campaign that used malvertising techniques, among other tactics, to trick Windows users into downloading a fake ProtonVPN installer. That installer loaded the AZORult Trojan onto a victim’s machine.
  • Italian Windows Users Caught in Dharma Ransomware’s Crosshairs: Bleeping Computer reported on the discovery of a campaign targeting Windows users in Italy with spam emails containing fake invoices. Those attachments leveraged a VBS script to load one of two payloads: the Ursniff keylogger or Dharma ransomware.
  • More Than 80 Turkish Companies Targeted by Adwind Campaign: Researchers at Check Point detected a phishing email campaign that used an Office attachment and a heavily obfuscated JAR file to load Adwind v3.0 onto a victim’s machine. At the time of analysis, the campaign had targeted more than 80 Turkish companies with the malware.
  • Scammers Prey Upon Burning Man Fans: In a scam uncovered by Kaspersky Lab, digital fraudsters created a fake Burning Man website that stole colors, fonts and design elements from its legitimate counterpart. The site used that disguise in order to trick fans of the annual event into purchasing non-existent tickets.
  • Nine Websites Infected With Credit Card Skimmer: Two security researchers found nine websites that had suffered an infection at the hands of a credit card skimmer used by Magecart Group 12. The duo attempted to contact the site owners, but they heard nothing back. At the time of Bleeping Computer’s reporting, the skimmer was still active on all but one of the sites.
  • ObliqueRAT Distributed by Maldocs in New Malware Campaign: Cisco Talos spotted a new malware campaign that distributed ObliqueRAT in Southeast Asia. The campaign used malicious Microsoft Office documents (“maldocs”) to download the malware as its second stage payload.

Security Tip of the Week: Strengthen Your Anti-Malware Security Posture

Security professionals can help their organizations strengthen their anti-malware posture by creating a dynamic incident response plan. To ensure its effectiveness, security teams should make a habit of regularly testing the plan either internally or with the help of a consultant. Additionally, infosec personnel should make sure they have access to the latest threat intelligence so they can stay abreast of evolving malware campaigns and techniques.

More from

Increasingly Sophisticated Cyberattacks Target Healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

4 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read