Share Blog post
The infamous ransomware DoubleLocker is distributed as a fake Adobe Flash Player through compromised websites. As soon as it is launched, the app requests activation of the malware’s accessibility service, named “Google Play Service”. After the malware obtains the accessibility permissions, it uses them to activate device administrator rights and set itself as the default Home application, without the user’s consent.
Backdoor.Win32.ATMii, a new malware, has been discovered to be targeting ATMs running on Windows 7 and Windows Vista. Although, ATMii won't run on most ATMs in use today as most ATMs today use a streamlined version of Windows XP. The attacker copy dll and exe files on the ATM's storage drive and run exe.exe and injects the malicious code.
Locky ransomware’s ykcol code has got a new facelift from its original authors. This Locky variant was part of a September spam blast, sent through notorious Necrus botnet, targeting 3 million inboxes within a three-hour period. The Locky ransomware is amending the .ykcol extension to all encrypted files.
Posted on: October 13, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.