Researchers at Kaspersky Lab came across a malicious library with APT actor attributes while analyzing an incident involving a suspected keylogger. The malware, dubbed ‘Slingshot’, is able to interact with a virtual file system with a sophisticated design and complexity rivaling that of Project Sauron and Regin.
According to Threat Post,
“similarities in technique also exist between Slingshot and GRAYFISH operation, by the Equation Group, as well as Gray Lambert.”
The NSA has been using the EternalBlue exploit for their own purposes for five years before disclosing the vulnerability to Microsoft, which is at the heart of WannaCry. The main reason the exploit was disclosed can be attributed to the fact that public exposure of the exploit could have very serious and widespread consequences due to the vast number of vulnerable devices that are exploitable in the wild (which is exactly what happened when it was repackaged with self-propagating ransomware code). Read more
The WannaCry ransomware, also known as wncry, has been attributed to the recent U.K.’s National Security Agency (NSA) cyberattack. It has infected the systems of at least 16 U.K. trusts and is spreading worldwide. Reports from Spain’s computer response team CCN-CERT reported that telecommunications firm Telefonica was hit as well. Read more
Handbrake, the popular multi-platform Mac video transcoder, has been infected with a Remote Access Trojan (RAT) that steals login credentials from OSX KeyChain, Apple’s password management system, and browser-stored passwords.
The Trojan is a new variant of the Russian-attributed OSX.Proton. Its capabilities include keylogging, screenshot captures, and webcam control. Apart from stealing data from infected devices, it can also allow attackers to connect remotely via VNC or SSH.
For those who downloaded the app between 2nd May 2017 and 6th May 2017, they should verify that their devices are not infected with Malware (Now would be a good time to get anti-malware software, lol).