Some days, it seems like the web is a magical place, where you can find any information you need, buy any products you can imagine, reconnect with old friends and make new ones based on passions and interests. Then, other days you encounter malware, and the internet transforms into a dark, dreary and dangerous place.
Indeed, the war against malware is anything but won; according to one study, a new variant of malware emerges every 4.6 seconds, meaning you still need the best internet protection on all your devices if you want your data to stay safe. Considering the hordes of cybercriminals developing malicious software, it should hardly be surprising that you aren’t up-to-date on the latest and worst malware. Today, we’ll help you with that by explaining three big bugs lurking online.
Admittedly, Azorult has been lurking online since 2016, but within the past few months, the virus has gotten a serious upgrade, making it more dangerous than ever. Sometimes written as AZORult, this Trojan finds its way onto victim devices like other Trojans do: By looking like an innocuous program. However, once installed, Azorult begins combing the device for valuable information its executors can use or sell.
Initially, Azorult seems to have been written for the express purpose of finding and taking payment card information as well as passwords saved in browsers, cookies, message and email history and files saved to the Desktop. However, this year its uses have expanded even beyond these. In July 2018, a new variant was found for sale, advertising abilities like stealing browser history and theft of cryptocurrency wallets, which is particularly alarming to those users who bought into the Bitcoin boom earlier this year. Worse, Azorult has improved its encryption abilities, making it more difficult for authorities to identify perpetrators, and the malware can also use system proxies to hide from law enforcement.
Though Azorult can do much when it is installed on your devices, it isn’t any craftier than most malware at tricking you into downloading and executing the program. Thus, by being careful of where and what you download — and by installing a thorough antivirus scanner — you should be able to stay safe from this threat.
DarkPulsar is more often called an “implant” because it doesn’t represent the entirety of a piece of malware; rather, it is a module within a larger malicious program that improves hackers’ ability to execute and control the virus. Specifically, DarkPulsar is an administrative interface code used by malware designed to build backdoors into devices. Even when most of the malware is removed, DarkPulsar often remains behind, giving hackers continued access to victimized devices.
What makes DarkPulsar particularly nefarious is that it was likely developed the U.S. National Security Agency (NSA). In spring of 2017, a hacking organization called the Shadow Brokers published malicious code developed by the NSA, including EternalBlue which powered three of last year’s most devastating ransomware outbreaks: WannaCry, NotPetya and Bad Rabbit. Already, DarkPulsar has been used in malware that has found its way into dozens of devices, and a larger eruption could be imminent.
Currently, all attacks using DarkPulsar have been overseas and on devices using outdated operating systems. Still, should hackers using DarkPulsar turn their sights to American devices, you can again stay safe by maintaining high cyber hygiene and running your antivirus scan often.
In 2013, a Chinese hacking group gained immediate notoriety for its successful infiltration of more than 100 U.S. companies, resulting in the extraction of hundreds of terabytes of data before the group seemingly vanished into thin air. That group was known as APT1 — and their legacy lives on today in the form of a pernicious malware.
Specifically, a type of malware developed and used by APT1 much earlier, in 2010, is seeing new life around the web. This is surprising to most infosec professionals — not because the practice of reusing malware is uncommon (the repurposing of NSA-developed malware shows that hackers love lifting others’ code for their own designs) but rather because APT1’s malware was never released to the public, and it was never available o the black market. Though it can’t be said for certain, this strongly indicates that APT1, or rogue members of the hacking group, are once again active.
The remixed malware, which has been dubbed Oceansalt, has been used in spearphishing attacks. This means that unlike most malware, which floats around the internet waiting to attack anyone who downloads the infected program, Oceansalt was built and executed with specific targets in mind. The malware functions as a reconnaissance tool, sending information about activities back to hacking HQ. For now, it seems unlikely that you will become a victim of Oceansalt, but you might want to monitor the evolution of APT1’s code, which could be used in future malware attacks.
Just when you think you are up-to-date on the latest and scariest malware, more malicious programs emerge. Hopefully, you come away from this article knowing more about the current threat landscape and equipped with new tools and tricks for staying safe online.