CYREN Security Blog




Wipelocker: Obey or be hacked!

by Magni Reynir Sigurðsson

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

Wipelocker is a fake version of the game “Angry Birds Transformers” for Android. The first thing the Trojan does is ask for administrator permission. The Trojan then deletes everything from the users memory card. When the user opens up a popular messenger app on the device the Trojan acts and locks the device with a picture “Obey or be hacked”. The Trojan then sends an SMS message to every contact in the users phone book every 5 seconds. The SMS message: “HEY!!! “[Name of contact]” Elite has hacked you. Obey or be hacked". The Trojan also listens for incoming SMS messages and reply’s to them with the message:  “Elite has hacked you. Obey or be hacked”

The Trojan is not created to make money or to steal sensitive information. It never asks for a ransom fee to unlock the device unlike the similar Trojan “Simplocker” and it does not send an SMS message to a premium number. 

Weaponized by SandWorm

by Erwin Balunsat

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

Last week it was announced that a Russian cyber-espionage group called “SandWorm” (named because their code includes references from Frank Herbert's Dune series) had launched a targeted attack campaign against NATO, the European Union, Ukrainian government organizations, a United States academic organization, European telecommunication firms and Polish energy sector companies. It appears that the Sandworm group has weaponized a dangerously exposed zero-day vulnerability (also known as Sandworm) CVE-2014-4114 (MS14-060) that exists in the Object Linking and Embedding (OLE) package manager in Microsoft Windows and Server to launch their campaign. This vulnerability allows an attacker to remotely execute an arbitrary code from the affected system.

Malicious use of freely available password recovery tools

by Rommel Ramos

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

I recently came across a piece of malware that is being distributed as an email attachment, posing as a PDF document with a fake file name and icon. It seems like a usual executable malware or botnet client being spammed that does its thing when executed, but after looking into it further, I find it very interesting how simply it was written and how it uses some network administration tools to effectively steal users sensitive info from its computer.

Web Security in Asia Pacific

by Sylvain Lejeune

Filed under Miscellaneous, Web Security.

A recent World Economic Forum report notes that major technology trends, including massive analytics, cloud computing, and big data, could create between $9.6 trillion and $21.6 trillion (US dollars) in value for the global economy. However, delays in adopting cybersecurity capabilities could result in a $3 trillion loss in economic value. The way employees approach computing and the Internet is changing. Gone are the days of desktop computers and servers, safely protected behind firewalls. Today, employees work remotely and globally, using laptops, smart phones, and tablets. Data is at their fingertips, delivered on-demand via cloud computing. In fact, more than half of the world’s mobile subscribers are located in the Asia Pacific region and Asia-Pac is anticipated to remain one of the world’s fastest growing mobile markets through 2020 and beyond.

Home Depot Breach Results in First Phishing Scam

by Avi Turiel

Filed under Phishing, Security Research & Analysis, Web Security.

It didn’t take long for scammers to catch a ride on the Home-Depot-data-breach wave. Last week, CYREN caught and blocked emails claiming to be from American Express, containing the “subject header” “American Express – Security concern on Data breach at Home Depot.”