Category Archives: detection

Fileless malware attack against US restaurants went undetected by most AV

Enlarge (credit: Carol Von Canon)

Researchers have detected a brazen attack on restaurants across the United States that uses a relatively new technique to keep its malware undetected by virtually all antivirus products on the market.

Malicious code used in so-called fileless attacks resides almost entirely in computer memory, a feat that prevents it from leaving the kinds of traces that are spotted by traditional antivirus scanners. Once the sole province of state-sponsored spies casing the highest value targets, the in-memory techniques are becoming increasingly common in financially motivated hack attacks. They typically make use of commonly used administrative tools such as PowerShell, Metasploit, and Mimikatz, which feed a series of malicious commands to targeted computers.

FIN7, an established hacking group with ties to the Carbanak Gang, is among the converts to this new technique, researchers from security firm Morphisec reported in a recently published blog post. The dynamic link library file it's using to infect Windows computers in an ongoing attack on US restaurants would normally be detected by just about any AV program if the file was written to a hard drive. But because the file contents are piped into computer memory using PowerShell, the file wasn't visible to any of the 56 most widely used AV programs, according to a Virus Total query conducted earlier this month.

Read 6 remaining paragraphs | Comments

Pokémon Go hackers getting put in Pidgey-filled purgatory

Enlarge / If Niantic detects your bot account, common Pokémon like this Pidgey are all you'll be able to see in the game.

Pokémon Go developer Niantic appears to have opened up a new front in its ongoing war against third-party tools and trackers that use bot accounts to reveal where in-game Pokémon are hiding in the real world. Players are reporting that detected and flagged accounts are being limited so they can only see common Pokémon—not the most coveted, rarer beasts.

Pokemon Go Hub reported on the new security measure earlier this week, showing screenshots where two different accounts in the same exact location showed different Pokémon on their "nearby" lists. The site estimates that tens to hundreds of thousands of accounts may have been blinded in this way, based on reports from inside the Pokémon Go hacking community.

That said, reports suggest the enforcement has been somewhat sporadic, with "some botters claiming zero accounts blinded, and others reporting complete annihilation of their account farm," according to Pokémon Go Hub. And while bot-makers can create free new accounts to try to get around the blinding, The Silph Road subreddit reports that many new accounts seem to be blinded quickly and automatically, signaling a change from the more manual ban waves Niantic has issued to bot makers periodically. Some suspect Niantic is making use of machine-learning algorithms to detect bots quickly while limiting false-positive punishments on legitimate accounts (the company was publicly searching for a Machine Learning Engineer last year).

Read 4 remaining paragraphs | Comments