Cybercriminals develop malware to perform the following malicious activities:
- DDoS attacks
- Cryptocurrency mining
- Steal sensitive information and files
- Host malware payloads for future operations
- Take control remotely and run other modules
- User can protect and stay safe against this malware attack by applying security patches to their software, and routers.
- Implement strong, unguessable passwords
The memory corruption bugs that occur when an application tries to reference memory previously assigned to it but has been freed or deleted in the meantime. Thus causing the program to crash or leads to other unintended consequences.
In the last week of October 2019, the National Cyber Security Centre of Finland (NCSC-FI) spot QSnatch malware.
Hackers worldwide infected thousands of network-attached storage (NAS) devices from Taiwanese vendor QNAP with the QSnatch malware. In Germany alone, over 7,000 infections reported by the German Computer Emergency Response Team (CERT-Bund). The malware's code analysis revealed its following capabilities:
- Extracts and steals usernames and passwords for all NAS users
- Modify OS timed jobs and scripts (cronjob, init scripts)
- Prevent future firmware updates by overwriting update-source URLs
- Prevents the native QNAP Malware Remover App from running
How to remove QSnatch?
- perform a full factory reset of the NAS device
- Install a February 2019 QNAP NAS firmware update
- Install QNAP Malware Remover application via the App Center functionality
- Remove unknown or unused or hidden applications from the device.
Demo BlueKeep exploit
Security researchers spotted the demo BlueKeep exploit nickname given to CVE-2019-0708, released by the Metasploit team in September 2019. Although it was released to help system administrators test vulnerable systems. But malicious actors used it to break into unpatched Windows systems with a vulnerability in the Microsoft RDP (Remote Desktop Protocol) service and install a cryptocurrency miner — however, the exploit not used as a self-spreading worm. It impacts Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft released its patch in mid-May 2019.
Gafgyt IoT malware
This aggressive malware updated with new capabilities spreads by killing rival malware. Initially, it emerged in 2014, but now it's updated and is directed at vulnerabilities in three wireless router models Huawei HG532, Realtek RTL81XX, and Zyxel P660HN-T1A.
Chrome zero-day Malware
Android 8 (Oreo) or later devices bug
(October 2019) Android 8 (Oreo) or later devices bug lets hackers plant malware to a nearby phone via Android OS service NFC beaming. It allows Android devices to send data such as images, files, videos, or even apps (APK files) to another nearby device using NFC (Near-Field Communication) radio waves as an alternative to WiFi or Bluetooth.
The NFC connection initiates when two devices put near each other at a distance of 4 cm (1.5 inches) or smaller. Hence the attacker needs to bring the phone close to the victim.
By default, Android smartphone has NFC feature enabled. And if Android Beam service is also enabled, a nearby attacker could plant malware (malicious apps) on their phones. It makes millions of user remains at risk.
Since there's no prompt for an install from an unknown source, tapping the notification starts the malicious app's installation. There's a danger that many users might misinterpret the message as coming from the Play Store and install the app, thinking it's an update.
- Disable Android Beam and NFC if not required. If Android phones used as access cards or as a contactless payment solution, NBC can be enabled while disabling Android Beam services.
- Update the phone to receive the October 2019 security updates to remove the Android Beam service from the OS whitelist of trusted sources.
- Starting with Android 8, Google redesigned mechanism in an app-based security setting where users can visit the “Install apps from unknown sources” and allow specific apps to install other apps. Hence devices not allowed to install apps from unknown sources outside the official Play Store are considered untrusted and unverified.
- To stay safe, any user can disable both the NFC feature and the Android Beam service.