Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

Alert

NEWS - March 27, 2014

by Carol~ Moderator / March 27, 2014 7:39 AM PDT
Apps with millions of Google Play downloads covertly mine cryptocurrency

Update: About 12 hours after this post went live, one of the two mentioned Android apps, Prized, was no longer available in Google Play. The other app, Songs, remained. Google representatives sent Ars an e-mail saying they won't be commenting on this report. The Google Play developer policy is here. Among other things, it requires that apps that engage in distributed computing behavior include up front disclosure that establishes user knowledge and obtains explicit consent.

Researchers said they have uncovered two apps that were downloaded from the official Google Play market more than one million times that use Android devices to mine the Litecoin and Dogecoin cryptocurrencies without explicitly informing end users.

According to a blog post published Tuesday by a researcher from antivirus provider Trend Micro, the apps are Songs, installed from one million to five million times, and Prized, which was installed from 10,000 to 50,000 times. Neither the app descriptions nor their terms of service make clear that the apps subject Android devices to the compute-intensive process of mining, Trend Micro Mobile Threats Analyst Veo Zhang wrote. As of Wednesday afternoon, the apps were still available.

Continued : http://arstechnica.com/security/2014/03/apps-with-millions-of-google-play-downloads-covertly-mine-cryptocurrency/

Related: Hidden crypto currency-mining code spotted in apps on Google Play

Malware Hijacks Android Mobile Devices to Mine Cryptocurrency
'Coinkrypt' malware mines cryptocurrencies on Android
Hackers force innocent mobes to join ALTCOIN MINING GANGS
Discussion is locked
You are posting a reply to: NEWS - March 27, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 27, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Security vendor Trustwave named in Target-related suit
by Carol~ Moderator / March 27, 2014 8:49 AM PDT
In reply to: NEWS - March 27, 2014

Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to Target's data breach, one of the largest on record.

Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which "failed to live up to its promises or to meet industry standards," alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.

Plaintiffs Trustmark National Bank of New York and Green Bank of Houston claim Target and Trustwave failed to stop the theft of 40 million payment card details and 70 million other personal records.

The lawsuit, one of dozens filed against Target, illustrates the growing frustration of banks burdened with the costs of reissuing compromised cards and their willingness to pull in other companies viewed as culpable into legal battles.

Continued : http://www.pcworld.com/article/2111980/security-vendor-trustwave-named-in-targetrelated-suit.html

Related:
Target, Trustwave Sued Over Breach
Banks lob sueball at Trustwave, Target over breach
Banks Sue Target, Security Firm Over Data Breach

Collapse -
Zorenium bot can now hit iOS users as well
by Carol~ Moderator / March 27, 2014 8:50 AM PDT
In reply to: NEWS - March 27, 2014

If all the claims included in the adverts for the multi-platform, multi-purpose piece of malware called Zorenium are true, it could very well have a considerable impact on a large number of users, and become a favorite tool for cyber crooks.

Researchers with cyber intelligence company SenseCy have been following the advent of the malware on a variety of underground forums, but have yet to get their hands on a sample.

First spotted for sale in January 2014, the first variants of the malware are purportedly capable of infecting Linux- and Windows-based machines, have rootkit capabilities, can make the infected machine participate in DDoS attacks, can grab the contents of forms, kill other bots, mine Bitcoins, and also function as a banking Trojan.

Continued: http://www.net-security.org/malware_news.php?id=2747

Collapse -
SoundCloud Downloader: Always Read the EULA(s)
by Carol~ Moderator / March 27, 2014 8:50 AM PDT
In reply to: NEWS - March 27, 2014

"Malwarebytes Unpacked" Blog:

[Screenshot]
Up above, you can see a (sanitised) screenshot of a web-browser shortly after installing a "SoundCloud Downloader".

The non-sanitised version has the words "spank me" written across the middle, and the mouse moves a hand - no, really - until you perform said task and are directed to what appears to be a porn / adult dating sign-up page. [Screenshot]

And that's before we get to the really wild stuff. Be advised that if you go looking for tunes, you may be in need of a tune-up.

How did all of this come about?

Continued : http://blog.malwarebytes.org/online-security/2014/03/soundcloud-downloader-always-read-the-eulas/

Collapse -
Who Built the ID Theft Service SSNDOB.ru?
by Carol~ Moderator / March 27, 2014 8:50 AM PDT
In reply to: NEWS - March 27, 2014

Previous stories on this blog have highlighted the damage wrought by an identity theft service marketed in the underground called ssndob[dot]ru, which sold Social Security numbers, credit reports, drivers licenses and other sensitive information on more than four million Americans. Today's post looks at a real-life identity behind the man likely responsible for building this service. [Screenshot]

Last summer, ssndob[dot]ru (hereafter referred to as "SSNDOB") was compromised by multiple attackers, its own database plundered. A copy of the SSNDOB database was exhaustively reviewed by KrebsOnSecurity.com. The database shows that the site's 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.

Continued : http://krebsonsecurity.com/2014/03/who-built-the-id-theft-service-ssndob-ru/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!