A new dangerous malware targeting Android devices is on the loose. So far the virus, known as LokiBot, has collected over 1.5 million USD from its their victims.

A new threat was discovered by the security experts from the Kaspersky Lab. LokiBot behaves as a typical banking trojan, generating and distributing fake "bank" notifications. It can also steal the victim’s contacts. It has a specific command to spam all contacts with SMS messages as a means to spread the infection. Furthermore, the malware has an unique option, which allows it to lock the infected devise and prevent the user from accessing it.

Another very interesting feature of LokiBot is its ransomware capabilities. If threaten, the malware can act as a classic ransomwa

A fake version of WhatsApp, denoted as Update WhatsApp Messenger, was recently found on Google Play Store.
The fake app was clearly designed to mimic the popular messaging app and to trick the users into downloading it thinking that they were downloading an actual WhatsApp’s update.

The fake application differentiates itself by adding unicode to the end of its developer name. Instead of a space, unicode added at the end makes it look like a space while having a different value, making it hard to detect.

According to the Hackers News portal, the fake app contained unwonted ads, and is also known to stealthily download an additional file to Android phones called Whatsapp.apk. The purpose of this file is yet unknown, but it is safe to

Beware of fake SMS messages strikingly similar to those sent by the mobile operators.
The whole matter was revealed by the Nebezpiecznik.pl portal, one of whose readers has recently received such an SMS.

The fake message reads: "I'm back! The number given as the sender of the SMS had finished talking. You can call back. The message is free, sent by the Operator".

Persons who have received such an SMS can reflexively dial the number, however the cost of such a call can be quite high.

To avoid any problems, the phone users should pay attention to the beginning of the number. If the number starts with +53 then it is almost certain that the sent message is false. Any attempt to call back to the given number ca

The security firm ESET noted that Eltima Software company has unknowingly provided an application infected with the OSX trojan.

The Eltima was the victim of a cyber attack. Those who have installed the Elmedia Player software had also downloaded a malicious trojan Proton, which was in the application installation files. The trojan can take control of the victim's device, steal information from browsers like passwords and logins, or the contents of Bitcoin wallet.

After the ESET expert response, malicious software was removed from the application and Eltima servers. At risk were the owners of macOS devices.

If anyone has downloaded and installed Elmedia Player or Folx by October 19th, he or she ought to scan the system with u

Bad Rabbit – a new variant of a famous Petya ransomware – was recently spreading across Russia, Ukraine, Germany and Japan servers and computer systems. The attack began on October 24, however, new victims are still being identified.

According to security experts from the ESET company, the highest infection vector for Bad Rabbit was detected in Russia (over 65% of indentified cases), Ukraine (12%), Germany (2.4%), and in Japan (3.8%). ESET emphasizes that all attacks on individuals (over 200 cases) were carried out simultaneously.

Security experts also report that the ransomware used in the attacks (denoted as Win32/Diskcoder.D) was distributed through a fake Adobe Flash update, offered up from compromised websites.

Afte

Security experts from the ESET company warned against another dangerous infection data encryption data scrambling virus, known as DoubleLocker.

According to the researches the virus is distributed mostly as a fake Adobe Flash Player through compromised websites and is especially dangerous for the Android smartphone users.

After installation DoubleLocker changes the device’s PIN, preventing victims from accessing their devices, and also encrypts the data using AES algorithm. Shortly after the victim is informed that in order to retain the data, he or she must pay a ransom (of approximately 300 PLN) via bitcoin payment system. However, ESET experts advise against paying any money, as there is no guarantee of obtaining a decryption key.

The T-Mobile telecommunication operator has notified the police of detecting atypical movements in the security system made by the employees of one of the T-Mobile's business partners.

The suspects are the employees of the call center and marketing company who possessed the authorized access to the T-Mobile’s customers personal data.

The stolen information was transferred to the competition. As was determined by the police, the disloyal employees received a steady pay for stealing the T-Mobile’s customers data. Police seized access to the servers on which the stolen data was stored.

The security experts from SensePost warn about a newly discovered form of the cyberattack, that takes advantage of one of the Microsoft Office feature, called Microsoft Dynamic Data Exchange (DDE). Surprisingly, this type of attack existed since the early 1990s, when DDE was introduced.

DDE was designed to allows the Office application to load data from other each other. Unfortunately, it can be also used by the hackers to create malicious Word files with DDE fields that instead of opening another Office app, open a command prompt and run malicious code.

This is just another case where malware authors have found a creative way of abusing a legitimate feature, like with OLE and macros.

Before the Microsoft Office developer re

Unfortunately, we may have a bad news for all the Google Chrome users, who have recently installed the AdBlock Plus expansion.

According to the twitter user describing as @SwiftOnSecurity, up until 10th of October, a fake AdBlock Plus clone was listed in Google Chrome’s official Web Store. @SwiftOnSecurity tweeted that: “Google allows 37,000 Chrome users to be tricked with a fake extension by a fraudulent developer who clones popular name and spams keywords.”

It is unclear if the fake plug-in was designed to drop malware or other malicious payloads. However, just to be on the safe side, it is advised to check its developer’s credentials (by selecting: Chrome > More Tools > Extensions) or even better, to reinstall the web

Disqus – a worldwide blog comment hosting service for web sites and on-line communities, has admitted that it was hacked 5 years ago in July 2012.

The stolen data included e-mail addresses, usernames, sign-up dates, and last login dates in plain text for over 17.5 million users. The hackers also got their hands on passwords for about 71% of the affected users, which were salted and hashed using the weak SHA-1 algorithm.

The theft was discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company claims that although there was no evidence of unauthorized logins, affected users will be e-mailed about the breach, and their previous p

Do you remember our article on so-called skimmers, a malicious credit card readers installed by criminals directly on to ATM machines? It turns out that there is an app, available on  Google Store, that can help us detect the skimmers.

The app is known as Skimmer Scanner, and it was developed by the programmers from the SparkFun Elektronics company. The application runs on open source licence, and is available for all Android users.

How does it work?
All you need to do is to simple launch the Skimmer Scanner and turn on Bluetooth. This will aloud the app to scan for HC-05 module, which is the one of the most popular modules used in skimmers. The application will detect the skimmer, even from a distance of 5 meters.
&

The ING Bank has issued an warning to its clients about a new phishing campaign, orchestrated by the yet unknown group of  fraudsters.

For the scam to be successful, the fraudsters first requires to obtain several essential pieces of information. To that end, the unsuspecting client is contacted by a person who claims to be a ING bank’s representative. The “consultant” skilfully manipulates the victim to firstly reveal his or hers login and password to the banking system. Secondly, the client is asked to pass the newly generated SMS code, displayed on the victim’s phone.
The obtained login credentials allow the scammer to permanently change the phone’s number, on which all the future authentication codes will be send.

A British supermarket Costcutter located at Brunel University in London is testing out a new cash-free biometric payment system. This technology uses the unique aspects of a customers’ body tissue and lets them pay for groceries using the vein pattern in their fingers.

The biometric payment system – denoted as Fingopay – was designed by the Sthaler company. The firm is convinced that the vein technology is the most secure biometric identification method as it cannot be copied or stolen. A spokesperson for Sthaler explains that the method can be used for multiple bank accounts, allocating different fingers with different bank accounts. There is also no need to remember any PIN codes, and to carry cash, or credit cards.
The company confirms that doz

CCleaner – a very popular maintenance utility for cleaning registry and removing unnecessary files – was recently hacked and used to deliver malware to unsuspecting users. Even though 2.3 million computers were potentially exposed to the malware, Avast Piriform – the producer of the utility – has stated that the attackers had not used the malicious software to do any damage.

Now it seems that the spreading of the malware was just a beginning, and that a second stage of the attack may open the hackers a secret back door into all infected computers.

This finding is particularly dangerous, because according to the Cisco

The mBank has issued an another warning to its clients that the unknown group of cybercriminals has been sending false e-mails. According to the bank, the messages contain a malicious attachment – pdf file, and inconspicuous-looking text, confirming the execution of the bank transfer.

Here you can see an example of the false e-mail message.

If the recipients of the false message click on the attached link, the bank advises its clients to scan the computer for malicious content with antivirus software and to change passwords to the on-line banking service, preferably on anothe