What is a Trojan

Foremost, let’s explain what exactly a Trojan consists of. Indeed, its name comes from the Trojan horse, since in this case, it is a malicious software that disguises itself as a legitimate file. It can be a text document, an image, or a program. In short, anything that pretends to be something secure, but in reality it is a security problem. Certainly, the principle of a Trojan is the same. That is, hiding malware inside a file that looks legitimate. However, not all of them have the same objective. Normally, an attacker will seek to take control of a computer in some way. In this way, he will be able to steal data or even sneak in other threats.

A Trojan can affect both computers and mobile devices. In addition, there are Trojans for different operating systems. It is a type of malware that has adapted over time. Therefore, cybercriminals meet their objectives in terms of stealing information or taking control of systems.

Examples of major Trojans are Zeus, Emotet, Petya or WannaCry. They have put numerous companies and also private users at risk. On the other hand, these types of attacks do not only affect home users, but also target important organizations.

What is its function and how does it affect

Trojans can have different functions and characteristics. In fact, not all act the same and not all are equally dangerous. Trojans can have different functions and characteristics. In fact, not all of them act the same and not all of them are equally dangerous. Let us explain what their main functions are. In addition, how it will affect the security of both home users and companies and organizations that are infected.

Create a back door

The first goal of a Trojan is to create a backdoor. This is one of the most common attacks that can occur. This door allows the attacker to gain some control or access to the device. For example, he will be able to sneak data, malicious files that obtain information, etc.

Usually, the victim does not quickly become aware of the problem. That is, there are no noticeable symptoms such as a malfunction at first. As a result, an attacker can have access to a system for a long time until he is discovered, so he has room to collect data.

Hidden downloads

There are also download Trojans. They aim to download content onto the computer without the victim’s permission. This will be done in a hidden way, through commands that have been previously programmed to carry out certain actions.

Usually, these hidden downloads are bundled with more malicious software. In addition, they can download viruses and other varieties of malware that affect security and privacy. For example, they could download a keylogger that steals the passwords that the victim puts on the computer.

Stealing information

Another clear function is to steal information from the infected computer. They can collect personal data from the victim, spy, collect browsing-related data. Moreover, programs used, files on the computer, etc. In short, they can steal all kinds of data.

This data can be used for different purposes. For example, they could be used to carry out personalized phishing attacks, to steal confidential data from a company or an organization. They can then sell it to competitors or even extort the data and threaten to make it public.

DDoS attacks

On the other hand, mention must also be made of DDoS or distributed denial of service attacks. A Trojan can launch such attacks to saturate a server. This way it can respond to legitimate requests that another user will make and find that it does not work.

Trojans can be designed for this purpose, and the objective here is to affect the smooth running of a company, for example. They can serve as a way to launch attacks that compromise computers because of launching multiple requests.

Tips to avoid this type of malware

As you have seen, a Trojan is a major security threat. It is essential to take measures to avoid falling victim to these attacks. Therefore, we are going to give some essential tips to ensure that our devices are properly protected and that no problems arise.

Use security software

Something significant to maintain security and avoid Trojans and other threats is to have a good antivirus. There are many options. One of the most used is Windows Defender itself, the antivirus that comes with Microsoft systems. However, there are many free and paid options. For example, Avast or Bitdefender are some alternatives.

Keeping everything up to date

Of course, it is essential to keep everything up to date. In fact, cybercriminals can take advantage of a vulnerability to sneak in a Trojan. They could use a bug on Windows or in a program you use to sneak in malicious software without you noticing it and be able to control the device.

Install only official applications

Something very important, and not always taken into account, is to install only official applications. It is true that there are many options for almost everything, but the ideal is to use only programs that are reliable, secure and that have not been maliciously modified to steal data or, in this case, to install Trojans. To achieve this it is important to download programs only from official sources. For example go to the official website of the application or use secure stores such as Google Play.

Common sense

But undoubtedly the most important thing is common sense. In most cyber attacks the hacker will need us to make a mistake. For example, clicking on a dangerous link, downloading an insecure file, etc. This makes it essential to take care when browsing and not to make mistakes.

For example, you should make sure not to download attachments that come to you by email if you do not really know the source and do not know for sure whether or not it may be a threat. The same when logging in or opening any link. You should always check that it is reliable and is not going to be a problem.

The post What does a Trojan do on your computer and how to avoid it? appeared first on Linux Windows and android Tutorials.

Ramnit, the Windows threat that must be eliminated as soon as possible.

In this case, the threat is not recent as Ramnit has been attacking Windows for years. Furthermore, it is very dangerous because if it is not eliminated it can spread quickly. It is also possible that it will damage other devices. However, when it comes to protecting the system from threats, speed is key. Since it is very important to make an early detection of the attacker. Consequently, it is possible to stop the mechanism of action in time. For example, ransomware attacks can take weeks to complete. In the case of Ramnit, detection time is vital. Since the Trojan has the possibility to spread quickly through the computer files.

How Ramnit spreads

This threat is usually spread through infected USB sticks. In effect, the malware is copied with a random file name. Of course, before that the threat must come from some other source. In other words, first a computer is infected with malware. Then the connected USB memory is contaminated and then spreads to another computer. Generally, this threat usually comes with the download of maliciously modified software. The most common sources are websites that offer pirated software and crackers.

Ramnit has the ability to infect EXE and HTML files. Then, when you get to the equipment you are able to open a back door. This is used by an attacker remotely to download new threats and execute malicious files. Consequently, that is the time to eliminate the threat. That is, just before allowing an attacker to access the system. Otherwise, it could spread to all the files on the computer and make it unusable.

How to remove Ramnit from your computer

Once the malware infects the computer, it is a race against time. Indeed, the user must act quickly before the system is seriously affected and the threat spreads. Fortunately, there are timely actions to remove this dangerous threat.

Perform a full scan with Windows Defender

To the surprise of many, Windows Defender has scored very well on effectiveness measures. Please remember that this is Microsoft’s bet against security threats. Additionally, it comes included and perfectly integrated with the system. Well, sometimes all it takes is a complete and exhaustive examination of the system to put an end to Ramnit. Also, pay special attention to HTML and .exe files. Inasmuch as, these are the input elements of the threat. On the other hand, it is imperative to perform an examination of any USB memory connected to the computer. In this way, the chains of contagion are cut.

Using Symantec Ramnit Removal Tool

A more specific alternative is to use an Ramnit Removal Tool offered by Symantec. It is specially designed to eliminate this variety of Windows malware. To use it, download it from this link. Next, you just have to run it as it is a portable file. It will automatically start searching for Ramnit on the system and clean it up. In addition, its action mechanism involves closing all processes related to it. Consequently, it acts in a more specific way than any antivirus.

How to avoid being a victim of Ramnit

In this post we have seen how this threat acts. But the most important point is to avoid getting infected. In the first place, the most important thing is common sense. That is, only download software from its official sources. In addition, it is never advisable to open suspicious links sent by email. On the other hand, it is very important to keep the system updated. Because updates protect your computer against threats. Finally, a good antivirus is a method of defense against security risks. All right, that’s it for now. Ultimately we have see, the Ramnit threat and how to remove it from Windows 10. Please stay tuned for the latest security alerts in Windows 10.

The post Learn about the Ramnit threat and how to remove it from Windows 10. appeared first on Linux Windows and android Tutorials.

According to security researchers from Trustlook, the Trojan is quite simple in design but uses an advanced method to hide from the system and other defenses.

How the Android Trojan works

The Trojan gains access to boot persistence and executes itself at every boot. At first, the malware unpacks the malicious code from the app’s resources. Then, it tries to modify a bash file at “/system/etc/install-recovery.sh”. If the modification is successful, it allows the malware to run at every boot.

Then, its task is to extract the data from the IM clients. The most popular ones are already mentioned above. The complete list of vulnerable IM clients can be found here. After collecting the information, the malware sends the data to a remote server. The server’s IP address is loaded from a pre-configured file.

This malware was identified inside a Chinese app named “Cloud Module” (in Chinese). The package was named “com.android.boxa”.

Evasion techniques

According to the researchers of Trustlook, despite simple workflow of the Android Trojan (running persistently, extracting info and uploading to remote server), it’s quite efficient in hiding itself. For example, it implements anti-emulator & debugger detection that allows avoiding dynamic analysis. Moreover, it hides strings inside its source code for protection against thwart lackadaisical code reversing.

The method of workflow tells that the attacker is collecting personal information (chat, images or videos) for using later in extortion attempts or blackmailing from the high-profile victims. Researchers didn’t share any information how the malware spreads itself. However, as there’s no Play Store in China, the culprits are most likely spreading the malware via 3^rd-party app stores and Android app forums.

There are also other attempts from Chinese vendors that shipped Android smartphones with built-in Trojan! Learn more about the pre-installed Trojan on the Android smartphones.

The post Android Trojan Steals Info from Messenger, Skype, Twitter & More appeared first on Linux Windows and android Tutorials.

TrickBot itself is an old banking Trojan that infected several banks in the UK, US, and Australia. In recent days, the malware is being revitalized with improved capabilities. That’s what researchers found – a screen locker. It strongly suggests that the malware will now start locking devices for ransom if the device user doesn’t appear to be e-banking user.

The new component

The screen locker module is a part of all the programs that TrickBot setup in the infected system. At first, it was just a banking Trojan. In the past days, it has improved a lot and transformed into a tool for dropping malware into systems.

The latest version was first sighted on March 15 this year. TrickBot authors infect a victim by initializing a malware strain that specializes in downloading other modules that perform all the different actions. Before the date, TrickBot consisted of a few modules – a banking Trojan, a spam email sending module and an SMB self-replicating worm to spread throughout a network.

At the date, TrickBot started downloading a new file – tabDll32.dll (tabDll64.dll in some cases). This new file loaded additional 3 files.

• Spreader_x86.dll – Module that helps the Trojan spread throughout the connected network. It works via SMB by exploiting EternalRomance and other exploits that were patched by the MS17-010 security patch.
• SsExecutor_x86.exe – Runs alongside the first module. It also establishes boot persistence on the infected system.
• ScrenLocker_x86.dll – A module that locks the screen. However, doesn’t encrypt files in the system (ransomware). Currently inactive.

Here is the tweet from MalwareTechLab that found the new TrickBot modules.

The new module is for enterprise networks

All the new 3 files work together in the system, irrespective of the original worm component. After spreading throughout the entire network, the screen locker module is triggered to lock all the computer’s screens.

This workflow leads researchers to think that the new system is being developed for enterprise networks where hundreds of machines are connected with each other. Although there’s no file encryption module/action observed, there’s a strong chance that this Trojan will become the next ransomware of the century.

How to stay protected

According to the workflow of the improved Trojan, it uses several system exploits that are already fixed with the latest system patches. Moreover, as long as it’s discovered by security researchers, you can expect that security vendors are already at work to defend against it.

So, the first thing to do is to update your system to the latest available patches. These files are from Windows system. If you don’t want to waste your time waiting for the lengthy update process, you can update your Windows offline. You also need a good antivirus program to defend against the malware. You can check out the best antivirus software of 2018.

Above all, follow cautions with your usage habit so that no other malware along with TrickBot gets into your system.

The post TrickBot Trojan is Upgrading appeared first on Linux Windows and android Tutorials.

The company discovered the Trojan in mid-2017 and after an in-depth research, they found out that over 40 smartphone models are affected by it. These phones are from the low-end category including devices from Umi, Cubot, Doogee & Leagoo etc.

Dr. Web reported the issue to the companies and in one particular case, it was discovered that the culprit behind the Trojan was a partnership with a software developing company in Shanghai. The contract required the OEMs to pre-install one of their software in the operating system.

How “Android.Triada.231” works

This malware is extremely dangerous as it runs since the starting of the phone where there’re a few setup processes. This could lead to serious situations.

According to Dr. Web, the Trojan infect an important Android process named “Zygote”. This process launches all the apps in Android. Thus, once the Trojan is inside the module, it can get inside each and every application that runs on the system.

Thus, the Trojan obtains the ability to carry out any malicious activity without the user’s notice. It also cleverly downloads and launches additional software. The file “libandroid_runtime.so” is the home of “Android.Triada.231”, an important system library for the Android operating system. The main feature is, this Trojan isn’t distributed as an additional software and infects the system during manufacturing. The users who purchase the phone gets built-in Trojan in the way.

The number of possible infected devices can go even higher. However, the 40 designs are confirmed that those are compromised by the Trojan. There could be other phones having the same issue as well.

How to stay secured

This is not an easy process to remove the Trojan. The malware comes built-in; in other words, as system software. General antivirus and security apps can’t remove the Trojan even if that’s identified. Giving a system reset doesn’t work, as the system’s backup image is the source of the Trojan.

The best way to stay secure from this malware is to change the smartphone. If you’re an advanced user, you can try rooting the device and fix the problem with antivirus or install a custom ROM. The latest Galaxy S9 is also announced. Learn more about Galaxy S9.

Here’s the complete list of all the infected (confirmed) devices. Take quick actions if you own any of these.

• Leagoo M5
• Leagoo M5 Plus
• Leagoo M5 Edge
• Leagoo M8
• Leagoo M8 Pro
• Leagoo Z5C
• Leagoo T1 Plus
• Leagoo Z3C
• Leagoo Z1C
• Leagoo M9
• ARK Benefit M8
• Zopo Speed 7 Plus
• UHANS A101
• Doogee X5 Max
• Doogee X5 Max Pro
• Doogee Shoot 1
• Doogee Shoot 2
• Tecno W2
• Homtom HT16
• Umi London
• Kiano Elegance 5.1
• iLife Fivo Lite
• Mito A39
• Vertex Impress InTouch 4G
• Vertex Impress Genius
• myPhone Hammer Energy
• Advan S5E NXT
• Advan S4Z
• Advan i5E
• STF AERIAL PLUS
• STF JOY PRO
• Tesla SP6.2
• Cubot Rainbow
• EXTREME 7
• Haier T51
• Cherry Mobile Flare S5
• Cherry Mobile Flare J2S
• Cherry Mobile Flare P1
• NOA H6
• Pelitt T1 PLUS
• Prestigio Grace M5 LTE
• BQ 5510

source: Softpedia

The post Pre-installed Trojan in Android Smartphones appeared first on Linux Windows and android Tutorials.

What is LuminosityLink?

It’s a remote access Trojan toolkit. Using this tool, one can remotely control the clients via Remote Desktop and Remote Webcam. This tool is also able to automatically log keystrokes, recover passwords, search & manage files. It was capable of disabling anti-malware and antivirus programs as well.

This program was available for buyers to buy from luminosity.link just for $40. This Trojan was discovered in 2015 and the in-depth report of its full capabilities was published in July 2016. Although it’s not available for buyers anymore, those who purchased previously are still able to infect other victims.

The RAT tool is extremely powerful with a handy control panel, making it very useful for illegal activities including taking screenshots of other systems, search and steal files and even upload other malware without any notice. This is the screenshot of the LuminosityLink Control Panel GUI.

A serious concern is the source code of RAT was never leaked online. It’s one of the best spyware product sold in the past years. A HackForum user is currently providing a free clone of LuminosityLink RAT. Researchers at Proofpoint discovered that hackers used Sundown exploit kit to distribute LuminosityLink. This kit attacked the flaws of Flash Player and older Windows flaws.

By June 2016, Palo Alto Networks identified more than 50,000 attempts of injecting LuminosityLink into their system. Phishing emails containing infected links attempted to distribute this malware as well. The attempts in Palo Alto Networks included 18,000 unique malware sample.

How to stay secured

This is a Trojan tool that can affect anyone. If your system’s security isn’t well enough or your activity isn’t careful, it will get into your system without your knowledge.

The procedure staying safe from this Trojan is just the same as other malware. Get a good antivirus or anti-malware to protect your system and keep it up-to-date. You can get a nice idea of a good anti-malware tool from AV-Test. Check out our top 10 antiviruses of 2018.

Don’t open any suspicious file attachments. Don’t download a program from an untrusted source. If you’re a system admin, it’s always a good idea for disabling the unused ports, unused services etc. You can also monitor the outgoing traffic for any suspicious activity.

The post LuminosityLink – The Nasty Trojan Taken Out appeared first on Linux Windows and android Tutorials.