How to Remove Zr89YEwgl7.exe "Zr89" Spyware/Malware [Trojan:Win32/Wacatac.B!ml]

We may receive a commission for purchases made through some ads/links on this page A new data-stealing malware is on the loose! First repor...

Monday, September 28, 2020

Android Malware 'Alien' Controls Your Phone and Steals Bank Accounts

After the 'Cerberus Trojan' invaded the Google Play Store earlier this year, developers released its source code in August, which was quickly used to spawn new malware running similar scripts. One of these new strains of Cerberus, dubbed 'Alien', is a remote access toolkit complete with an arsenal of keyloggers, SMS control, and information harvesting software.

Alien has been observed using local phone data to steal bank accounts in the same manner Cerberus operates, but it can also set up Team-Viewer sessions between attackers and victims to give them full control in real-time. This feature makes the new strain even more dangerous.

Use Malscope Antivirus to defend your Windows 10 computer

How it works: If you're unfortunate enough to install this malware package from infected Google Play Store apps, it will begin its invasion by prompting for admin privileges. If authorized, it will immediately start running keylogging software (to store everything you type) and it will gain access to your other apps and system settings.

Once it has set up it's data-extraction environment, Alien will begin to target individual apps and phish for passwords from its victims. In other words, it will send fake login pages designed to look like they're from a trusted app. Have you been a victim of phishing? Read more about 'spearphishing' malware here. Alien can also delete any app and install new ones (presumably to install newer, antivirus-resistant versions of itself in the future).

The last stage of an Alien Android attack involves the Team-Viewer feature mentioned previously. Attackers controlling the malware may observe infected devices through the Team-Viewer software, and directly access apps so they can find and extract more valuable data.

Targeted apps: The Alien malware is known to display phishing pages for all popular banking/cryptocurrency apps as well as the following:

  • Google Play Games
  • Google Play Store
  • Gmail
  • Facebook
  • Instagram
  • Twitter
  • Snapchat
  • Skype
  • Yahoo
  • Telegram
  • WhatsApp
  • PayPal
  • Netflix
  • Amazon
  • Ebay

(This list will be updated as more phishing pages are discovered - Scroll up and click "Subscribe" to be notified) 

How to avoid infection: Google Play has implemented new security measures which should eliminate the possibility of being infected by Alien through the Play Store. That being said, be extra careful when installing newer apps which prompt for admin privileges. Alien is also being spread through online forums and message boards. For now, it's best to avoid Android apps offered outside of the Play Store altogether.
Alien has been one of many malware variants targeting Android devices through Google Play Store this year. Want to learn more about Android malware? We also covered the infamous 'Joker' Trojan here.
Windows 10 Remote Access - RemoteLance

Thursday, September 10, 2020

Anubis Windows Malware Steals Cryptocurrency

Anubis Windows 10 Malware

Recently, Microsoft's Security Intelligence team revealed they discovered a new Windows threat being sold between underground cybercriminal groups. This new threat has been dubbed "Anubis", and although it doesn't necessarily damage infected systems, it can mean bad news for your cryptocurrency finances. Here is a tweet Microsoft sent on August 26:

Microsoft Security Intelligence Anubis Report

According to Microsoft, Anubis has been observed scanning infected devices for cryptocurrency wallet keys and other financial information such as credit card numbers in files meant for safekeeping. It can then send this sensitive data across a server directly to its creators.

Prevention: To prevent financial losses due to the Anubis malware, be sure to use secure cryptocurrency wallets and don't store your keys in plaintext. To be extra cautious, you can protect keys using a file encryption app like this one.

Anubis is currently only being spread to a "handful" of targets and Windows Security is already capable of detecting this malware. However, this might change if its developers upscale their attack with newer versions across more domains. We will monitor the spread of Anubis and update this post if significant change does occur, so be sure to subscribe.

Read more: