Google stops AdSense attack that forced banking trojan on Android phones

Enlarge

Google has shut down an operation that combined malicious AdSense advertisements with a zero-day attack exploiting Chrome for Android to force devices to download banking fraud malware.

Over a two-month span, the campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 devices monitored by Kaspersky Lab, researchers from the Moscow-based anti-malware provider reported in a blog post published Monday. While the malicious installation files weren't automatically executed, they carried names such as last-browser-update.apk and WhatsApp.apk that were designed to trick targets into manually installing them. Kaspersky privately reported the scam to Google, and engineers from the search company put an end to the campaign, although the timing of those two events wasn't immediately clear.

"So far, those behind Svpeng have limited their attacks to smartphone users in Russia," Kaspersky Lab researchers Nikita Buchka and Anton Kivva wrote in Monday's post. "However, next time they push their 'adverts' on AdSense they may well choose to attack users in other countries; we have seen similar cases in the past. After all, what could be more convenient than exploiting the most popular advertising platform to download their malicious creations to hundreds of thousands of mobile devices?"

Read 4 remaining paragraphs | Comments

Microsoft Releases Security Updates

Original release date: November 08, 2016

Microsoft has released 14 updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Bulletins MS16-129 through MS16-142 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Indiana county government shut down by ransomware to pay up

Enlarge / The Madison County courthouse has been shut down since last week by ransomware. (credit: Nyttend)

Madison County, Indiana, suffered a widespread ransomware attack that shut down virtually all county services last week. Over the weekend, the county government leadership decided to pay the ransom demands of the ring running the malware, which has not yet been identified publicly.

“We’re following the directions of our insurance carrier,” Madison County Commissioner John Richwine told the Herald-Bulletin this morning. He did not reveal the amount of the ransom but said that it was not as much as residents might have thought it would be—and is being covered by the county's cyber-insurance with Travelers, minus a deductible.

While the ransomware did not apparently affect emergency services or voting systems, an Indiana State Police captain told a local television station that the rest of the county's business had been knocked out. Courts and some county offices were closed, and employees were given the option of taking personal or vacation time in other offices where no work was possible.

Read 2 remaining paragraphs | Comments