The Tech News Blog

February 22, 2013 Hacked, Infected With Citadel Trojan

Know Your Malware

NBC said Thursday that it was working to resolve a problem on its website after security researchers began issuing warnings that and related sites had been hacked and infected with malware that was redirecting visitors to malicious websites.

"We've identified the problem and are working to resolve it. No user information has been compromised," NBC said in a statement.

Malware on and other sites associated with the TV network's entertainment portal was also detected and blocked by Internet browsers like Google's Chrome, NBC News reported. The network's NBC News Digital sites, including and, were unaffected, according to NBC News.

Facebook also blocked for a period of time after reports of the malware infection emerged, according to Reuters.

Security software developer Malwarebytes identified the malware infecting and properties like the network's website for "Late Night with Jimmy Fallon" as the Citadel Trojan.

"This morning, was hacked and embedded with malicious iframe code that spread the Citadel Trojan. It was detected as Backdoor.Agent.RS. ... The NBC web site was compromised for about 15 min and the actual iframe with the malicious redirect was embedded in a javascript file located on the web server," a company spokesperson said in an emailed statement.

July 27, 2012

New Mac ‘Crisis’ Trojan Taps Into Webcam, More

Know Your Malware

Security researchers have discovered a new Mac Trojan, dubbed OSX/Crisis, which eavesdrops on unsuspecting users by intercepting communications like email and IMs.

Once installed, OSX/Crisis, also known as Morcut, can affect everything from mouse coordinates and IMs to the internal webcam and address book contents, Sophos said in a blog post.

The Trojan runs on OSX versions 10.6 and 10.7 – Snow Leopard and Lion. It does not affect the new Mountain Lion 10.8 OS, and while it might run on Leopard 10.5, it has a tendency to crash, security firm Intego said in a separate post.

Neither firm has seen Crisis in the wild, so the threat remains low risk, they said.

The Trojan arrives disguised as an Adoble Flash installer, in a file named AdobeFlashPlayer.jar. No administrative password is needed for installation, so the malware, which survives reboots, can go unnoticed by the untrained eye. Those concerned about infection are encouraged to run anti-virus software.

In April, Sophos reported that one in five Macs is infectedwith some sort of malware, which is often intended for Windows machines. Cybercriminals tend to target Apple products because users believe the machines are virus-resistant, according to Sophos analyst Graham Cluley.

May 3, 2012

Report: NotCompatible Trojan Attacks Android Via Hacked Websites

Android Malware

As the number of mobile devices connected to the Internet grows, the number of threats to our smartphones, tablets, and other connected devices grows as well. And guess what? Lookout Mobile Security on Wednesday reported that there are now hacked websites targeting Android devices with a new Android Trojan called NotCompatible, an attack vector previously only used to infect PCs with malware.

"In this specific attack, if a user visits a compromised website from an Android device, their Web browser will automatically begin downloading an application—this process is commonly referred to as a drive-by download," the security firm said on its official Lookout blog.

"When the suspicious application finishes downloading, the device will display a notification prompting the user to click on the notification to install the downloaded app. In order to actually install the app to a device, it must have the 'Unknown sources' setting enabled (this feature is commonly referred to as 'sideloading'). If the device does not have the unknown sources setting enabled, the installation will be blocked."

NotCompatible was actually discovered by an HTC Rezound owner whose phone was infected after visiting a pest control company's website. She posted an item about the incident on Reddit early on Wednesday where it was spotted by the Lookout team.

Lookout called the development "the first time hacked websites are being used to specifically target mobile devices." Malware threats to Android phones in the past have largely come via apps.

April 18, 2012

Flashback Trojan Still on 140,000 Computers

The impact of the Flashback Trojan that hit more than half a million Macs earlier this year is on the decline, but it is still present on at least 140,000 computers, according to new stats from Symantec.

"The statistics from our sinkhole are showing declining numbers on a daily basis," Symantec said in a Tuesday blog post. "However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case."

The number of computers currently infected has "tapered off," but is currently hovering around the 140,000 mark, Symantec said. Given the number of tools released to fix the issue, the firm expected "a dramatic decrease."

Last week, Symantec said it had detected about 270,000 computers infected with the Flashback Trojan, down from a high of 600,000 on April 6 and 380,000 on April 10. For more, see the chart below.

April 5, 2012

Flashback Trojan Hits 550,000 Macs

Analysis of a recent Java flaw exploited by the Flashback Trojan reveals that more than 550,000 Macs were affected in the U.S. and abroad, according to anti-virus vendor Doctor Web.

"This once again refutes claims by some experts that there are no cyber-threats to Mac OS X," Doctor Web said in a Tuesday blog post.

About 56.6 percent of the infected computers, or 303,449, are located in the U.S., while 19.8 percent are in Canada, 12.8 percent are in the U.K., and 6.1 percent are in Australia, Doctor Web said. For more, see the map below.

As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.

"The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it," Doctor Web said.

October 31, 2011

Mac OS X Trojan Leeches Off Your GPU to Mine Bitcoins

Another day, another piece of Mac malware. This time security firms have discovered a Mac OS X Trojan that steals processing power to create Bitcoin, a virtual currency beloved by libertarians, computer programmers, and hackers of all shades.

OSX/Miner-D, nicknamed "DevilRobber" by AV companies, is being distributed through torrent sites. It installs a Java-based application called "DiabloMiner" that uses your Mac's graphics processing unit (GPU) to generate Bitcoins.

Security vendor Intego said the malware was a combination of a Trojan horse, a malicious app hidden inside another application, a backdoor, an application that opens ports and accepts unauthorized commands, and a stealer that steals personal data and existing Bitcoins from your computer. It's also categorized as spyware because it sends personal data to remote servers, Intego said.

February 28, 2011

‘BlackHole RAT’ Trojan Can Sneak Into Macs via Back Door


By Mark Hachman

A variant on an established Trojan for the Apple Mac OSX operating system has been discovered by Sophos.

OSX/MusMinim-A is a Remote Access Trojan (RAT) for the OSX platform, which is also known as "BlackHole RAT". SophosLabs analyzed the sample it received and determined that it is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet.

So far, the virus' unknown author describes it as a "beta" version, whose functionality could be improved over time. OSX/MusMinim-A's main threat component is a backdoor, which acts as the server half of a client-server pair of applications, the company said.