1. Home
  2. Security researchers discover malware that infected 90,000 computers worldwide

Security researchers discover malware that infected 90,000 computers worldwide

Agencies
October 8, 2019

Security researchers have discovered that the Smominru malware infected 90,000 machines worldwide during the month of August, with an infection rate of up to 4,700 computers per day.

In its post-infection phase, it steals victim credentials, installs a Trojan module and a cryptominer and propagates inside the network, according to researchers from Guardicore, a data centre and cloud security company.

The botnet uses several methods to propagate, but primarily it infects a system in one of two ways -- either by brute-forcing weak credentials for different Windows services, or more commonly by relying on the infamous EternalBlue exploit, cybersecurity firm Kaspersky said in a blog post last week.

Even though Microsoft patched the vulnerability EternalBlue exploits, which made the WannaCry and NotPetya outbreaks possible, many companies are simply ignoring updates, Kaspersky said.

China, Taiwan, Russia, Brazil and the US have seen the most attacks, but that doesn't mean other countries are out of its scope. For example, the largest network Smominru targeted was in Italy, with 65 hosts infected.

The criminals involved are not too particular about their targets, which range from universities to healthcare providers.

However, one detail is very consistent. About 85 per cent of infections occur on Windows 7 and Windows Server 2008 systems. The rest include Windows Server 2012, Windows XP and Windows Server 2003.

After compromising the system, Smominru creates a new user, called admin$, with admin privileges on the system and starts to download a whole bunch of malicious payloads.

The most obvious objective is to silently use infected computers for mining cryptocurrency (namely, Monero) at the victim's expense.

The malware also downloads a set of modules used for spying, data exfiltration, and credential theft.

On top of that, once Smominru gains a foothold, it tries to propagate further within the network to infect as many systems as possible.

To protect their network, computers, and data from Smominru, users need to update operating systems and other software regularly, Kaspersky said.

It is also important for users to use strong passwords. A reliable password manager that helps you create, manage, and automatically retrieve and enter passwords may help protect you against brute-force attacks.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 18,2020

Thiruvananthapuram, Mar 18: To raise awareness about protective measures against coronavirus, Kerala Police released a dance video on the State Police Media Centre's Facebook page promoting the washing of hands, here on Tuesday.

In the video, the police officers were seen dancing to the tunes of Kalakkatha from the Malayalam action-drama thriller Ayyappanum Koshiyum while demonstrating the right technique for washing hands.

The video gained over 27,000 likes and over 2,400 comments and more than 33,000 netizens shared the video.

The video has received a positive response with users congratulating Kerala Police for the initiative.

"Congrats Kerala police media for this kind of initiative," one user commented on Facebook. Another user thanked the police in the comments section saying, "Super super thanks to KL (Kerala) police."

The number of people who have tested positive for the coronavirus in Kerala is 25.

The total number of confirmed COVID-19 cases in India has reached 147, including 122 Indians and 25 foreign nationals, said the Ministry of Health and Family Welfare earlier today.

Globally, the virus has infected more than 184,000 people and killed more than 7500, as per the data available on the World Health Organisation website.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 27,2020

Mumbai, Jan 27: The country's largest car maker Maruti Suzuki India (MSI) on Monday said it has increased prices of select models by up to Rs 10,000 with immediate effect to offset the impact of rising input costs.

The price change varies across models and ranges up to 4.7 per cent (ex-showroom Delhi) and are effective from January, 27 2020, MSI said in a statement.

The price of entry level model Alto range has gone up in the range of Rs 9,000-6,000, S-Presso between Rs 1,500 to 8,000, WagonR between Rs 1,500 and Rs 4,000.

The company has also increased the price of its multi purpose vehicle Ertiga between Rs 4,000-10,000, Baleno by Rs 3,000 to 8,000 and XL6 by up to Rs 5,000 (all prices ex-showroom Delhi).

Currently, the company sells a range of vehicles starting from entry-level small car Alto to premium multi purpose vehicle XL6 with price ranging from Rs 2.89 lakh to Rs 11.47 lakh (ex-showroom Delhi).

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.