Tag: icedid
Raspberry Robin attacks via Windows
Raspberry Robin, a tough-to-detect worm carrying malware and ransomware, is now being delivered via Windows Shortcut Files and Windows Script Files. Researchers at Hewlett Packard (HP) first began to identify the new trend in March of this year. Previously, Raspberry Robin was delivered physically by inserting a weaponized USB stick into a targeted device. But now, this highly effective malware is being delivered via Windows Script Files (WSF), which are widely used by administrators and legitimate software to automate tasks within Windows. The WSF file format supports scripting languages, such as JScript and VBScript, that are interpreted by the Windows Script Host component built into the Windows operating system. It can, however, also be abused by attackers. The Windows Script Files are offered for download via various malicious domains and subdomains controlled by the attackers, which can be distributed via spam or fake online advertising campaigns.
iOS Trojan Steals Facial Recognition Data – February 16th
Group-IB discovered a new iOS Trojan named "GoldPickaxe.iOS" that was built to steal facial recognition data from infected iOS devices. The 'GoldPickaxe' Trojan abuses the TestFlight exploit, which sends users innocent URLs that downloads the malware when clicked. According to Group-IB, the stolen biometric data is used to gain unauthorized access to banking accounts.