CYREN Security Blog




Bank customers redirected to phony site following ISP hack

by CYREN Security Blog

Filed under Anti-Malware, Miscellaneous, Phishing.

I was checking my bank account online when I got alarmed by my browser prompting me that the site’s certificate was invalid. I usually don’t get this prompt since I regularly check my accounts online, so out of concern and curiosity, I clicked on the “Continue to this website…” link and started an investigation.


Actual PDF attachments can be dangerous – especially phony Bank of America ones

by Erwin Balunsat

Filed under Anti-Malware, Email Security, Security Research & Analysis.

We have reported about executable malware files that masquerade as PDF files to trick users into opening them – but what about actual PDF files?  Many users dismiss suggestions that these can be dangerous since they are “just text and images”.  It is true that PDF files are not blocked by most email programs.  But of course they can be malicious - as shown in this example.  

Trust in the Cloud: Security-as-a-Service

by Avi Turiel

Filed under Antispam, Security Research & Analysis, Web Security.

You can hardly read the news today without seeing the term “the cloud”. Although the phrase is used frequently in the context of thousands of products and services, it is a somewhat imperfect concept that confuses many. Technology security experts often get asked, “What is ‘the cloud’?”  “Is it safe?” and “How does security-as-a-service work within it?”

Sophisticated Android ibanking Malware

by Magni Reynir Sigurðsson

Filed under Anti-Malware, Security Research & Analysis, Web Security.

A variation of the iBanking malware is making its way around Android operating systems.  Detected by CYREN’s AntiVirus asAndroid OS/Agent.HJ, this SMS/spyware collects sensitive data from Android phones, including text messages, phone calls, and recorded audio. The malware has the capability to intercept phone calls and send text messages to any number. It also uploads the victim’s personal Android information directly to the attacker.

Android ransomware punishes porn viewers

by Magni Reynir Sigurðsson

Filed under Anti-Malware, Security Research & Analysis, Web Security.
Simplocker is ransomware that encrypts files on an infected Android device and then forces the user to pay a ransom fee to decrypt them. The app presents itself as a pornography player – in this case using the name “Sex xonix”.  After launching the app a message appears on the screen accusing the user of watching and distributing child pornography amongst other things. The user is asked to pay 260 UAH (Ukraine Hryvnia), around $22, via MoneXy – which is a money transferring services used mostly in Russia and Ukraine. No credit card is used so tracing the transactions can be very hard.