News

New malware threats: PoisonIvy, mobile Bitcoin mining, missing airplane scam

It goes without saying that today's device users need to be on the lookout for the newest threat. From desktop workstations to smartphones and tablets, individuals should remain vigilant by becoming aware of the current top threats, their capabilities and what signs point to an infection. Recently, a number of new malware threats have emerged, including a backdoor exploit, a malicious mobile Bitcoin mining sample and a threat leveraging the curiosity surrounding the Malaysia Airlines flight.

Remote access malware: BackDoor PoisonIvy
At the beginning of April, security researchers went public with the discovery of BackDoor PoisonIvy, or simply PoisonIvy, a malware-laced application that enables cybercriminals to have remote access capabilities. The sample is primarily leveraged to snoop and steal users' personal information, but also allows hackers to adjust files and install additional malware, according to CBR contributor Duncan MacRae.

PoisonIvy specializes in capturing sensitive information like bank account passwords and other authentication credentials and confidential data through recording keystrokes and screenshots. After confiscating the victim's content, the sample sends the material back by utilizing any means available, including email or FTP, MacRae reported. 

Usually, users are infected when the strain is sent by a malicious third party or when previously-infiltrated programs are launched on a clean system.

Battery-draining Bitcoin miner
Mobile security researchers also recently discovered a malicious Trojan affecting Android mobile devices over the past month, according to Wired contributor Robert McMillan. One research tested the malware by installing it on his smartphone and found that the sample had drained the hardware's batter in a mere four hours.

The sample searches infected devices for digital currency as part of an unauthorized contribution to Bitcoin mining.

"The software systems that drive digital currency such as bitcoin and litecoin require help from computers across the globe, and if you contribute processing power to the cause, you get money in exchange," McMillan wrote. "Like other schemes, this new piece of malware is stealing compute cycles from other people's devices in an effort to make some dough."

However, after utilizing four hours of the researchers' battery life, the hacker behind the malware sample came away with less than one penny in profits. As of the end of March, the strain had only generated about $5 overall.

"This is literally the most unsophisticated malware I've ever seen," said security researcher Marc Roberts. "All it does is - the moment the app starts - it starts mining and pays the money to a hard-coded address."

Malaysia Airlines hoax malware spreads through social media
Although officials have announced the discovery of the lost Malaysia Airlines flight 370, there are still those who are curious about the episode. Malware developers are using this to their advantage in the latest malware scam.

According to International Business Times, posts began appearing shortly after the flight went missing, claiming to offer "breaking news video footage" of the plane near floating on the water near the Bermuda Triangle. However, when users click the malicious video link, they are redirected to phishing websites encouraging individuals to share the video before allowing them to watch it. Once shared, the cybercriminal is granted remote access to the person's Facebook account and can make posts without the owner's permission to infect a greater number of systems.

IBT noted that the scam isn't unique to Facebook, and similar posts have been appearing on other social media platforms as well. Experts pointed out that those who may have already clicked, shared or liked the video should delete the malicious post to prevent its spread and change their account authentication credentials.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!