Last week in security news, researchers discovered a clicker malware family called “Haken” as well as new samples of the Joker premium dialer and spyware hiding in Google Play. Haken and Joker weren’t the only threats to raise a red flag with security researchers. The AZORult Trojan, Dharma ransomware, Adwind and ObliqueRAT also attracted attention within the security community.
Top Story of the Week: Unwelcome Discoveries in the Google Play Store
Check Point Research observed a surge in activity from a well-known clicker family called “BearClod” on Google Play. During its investigation into dozens of new Android applications containing this malware, Check Point’s researchers came across Haken for the first time. A deep dive into this clicker family revealed that Haken had concealed itself within eight apps that had garnered a total of around 50,000 downloads for the purpose of generating illegitimate profits.
Around the same time, researchers at the security firm unearthed four applications on Google Play that harbored Joker. This threat used those programs to infect a device, register a victim to premium SMS services and spy on their activities.
Also in Security News
- Fake ProtonVPN Installers Employed by AZORult Trojan: Kaspersky Lab spotted a campaign that used malvertising techniques, among other tactics, to trick Windows users into downloading a fake ProtonVPN installer. That installer loaded the AZORult Trojan onto a victim’s machine.
- Italian Windows Users Caught in Dharma Ransomware’s Crosshairs: Bleeping Computer reported on the discovery of a campaign targeting Windows users in Italy with spam emails containing fake invoices. Those attachments leveraged a VBS script to load one of two payloads: the Ursniff keylogger or Dharma ransomware.
- More Than 80 Turkish Companies Targeted by Adwind Campaign: Researchers at Check Point detected a phishing email campaign that used an Office attachment and a heavily obfuscated JAR file to load Adwind v3.0 onto a victim’s machine. At the time of analysis, the campaign had targeted more than 80 Turkish companies with the malware.
- Scammers Prey Upon Burning Man Fans: In a scam uncovered by Kaspersky Lab, digital fraudsters created a fake Burning Man website that stole colors, fonts and design elements from its legitimate counterpart. The site used that disguise in order to trick fans of the annual event into purchasing non-existent tickets.
- Nine Websites Infected With Credit Card Skimmer: Two security researchers found nine websites that had suffered an infection at the hands of a credit card skimmer used by Magecart Group 12. The duo attempted to contact the site owners, but they heard nothing back. At the time of Bleeping Computer’s reporting, the skimmer was still active on all but one of the sites.
- ObliqueRAT Distributed by Maldocs in New Malware Campaign: Cisco Talos spotted a new malware campaign that distributed ObliqueRAT in Southeast Asia. The campaign used malicious Microsoft Office documents (“maldocs”) to download the malware as its second stage payload.
Security Tip of the Week: Strengthen Your Anti-Malware Security Posture
Security professionals can help their organizations strengthen their anti-malware posture by creating a dynamic incident response plan. To ensure its effectiveness, security teams should make a habit of regularly testing the plan either internally or with the help of a consultant. Additionally, infosec personnel should make sure they have access to the latest threat intelligence so they can stay abreast of evolving malware campaigns and techniques.