Neowin News Feed for: Trojan

Microsoft Defender flagging "Cerdigent" trojan malware on Windows 11, Server PCs worldwide

Sayan Sen — Sun, 03 May 2026 15:50:01 +0000

Microsoft Defender is flagging “Cerdigent” trojan malware alerts on Windows 11 and Windows Server PCs across multiple regions worldwide. Read more...

Microsoft warns accounting and tax return firms of a new phishing attack ahead of US Tax Day

John Callaham — Fri, 14 Apr 2023 13:32:01 +0000

A new security blog post from Microsoft says that accounting and tax return firms are the targets of a phishing campaign designed to deliver a remote access trojan to their computers. Read more...

Look out! That "thirst trap" job offer on LinkedIn could really be a malware trap

John Callaham — Mon, 13 Mar 2023 15:12:01 +0000

A new report from the security firm Mandiant claims that a group based in North Korea is posting fake job listings on LinkedIn that eventually results in malware being downloaded to a user's PC. Read more...

Cybercriminals use fake Pokémon NFT game to install remote access tool

Justin Luna — Mon, 09 Jan 2023 04:06:01 +0000

A new Pokémon-themed malware campaign has been discovered online. While it disguises itself as a trading card game where players can earn NFTs, it actually downloads a remote access tool. Read more...

Android malware campaign steals Facebook accounts, victimizes 300,000 users

Justin Luna — Fri, 02 Dec 2022 04:46:01 +0000

An Android threat campaign using fraudulent educational apps was recently found. It can capture various Facebook information such as profile name, email address, password, and phone number. Read more...

Study: Almost 50% of macOS malware only comes from one app

Justin Luna — Wed, 16 Nov 2022 07:20:01 +0000

A report by Elastic Security Labs found that 6.2% of malware ends up on macOS devices. However, almost 50% of this malware come from one source, a utility software suite called MacKeeper. Read more...

Beware: Powershell Windows Toolbox that helped install Google Play on Windows 11 is malware

Sayan Sen — Fri, 15 Apr 2022 17:24:01 +0000

The Powershell Windows Toolbox that was hosted on GitHub was found to contain malicious files. This third-party Windows tool claimed to install Google Play Store, debloat Windows 11, and more. Read more...

Beware: This Windows key verifier tool is actually a deadly BitRAT that bypasses Defender

Sayan Sen — Mon, 21 Mar 2022 23:38:01 +0000

A new remote access trojan (RAT) or BitRAT has been found which is being distributed through fake Windows product license key activation tools. It is able to bypass detections by Windows Defender. Read more...

Microsoft Weekly: The future of Windows 11 updates, a Mac trojan, and Defender

Usama Jawad — Sat, 05 Feb 2022 18:16:02 +0000

There was a lot of news from a variety of diverse topics in the world of Microsoft this week ranging from Windows 11, to cybersecurity, to the Outlook-ification of Gmail, and much more. Read more...

Microsoft disabled MSIX AppX installer to save users from Emotet, BazarLoader-like threats

Sayan Sen — Sat, 05 Feb 2022 05:14:01 +0000

Back in December last year, Microsoft had disabled the MSIX app installer protocol to prevent malicious spoofing attempts and attacks. Today, a formal annoucement has come regarding the matter. Read more...

Microsoft shares details about sophisticated UpdateAgent trojan targeting Macs

Usama Jawad — Thu, 03 Feb 2022 07:44:02 +0000

Microsoft has shared some details about a trojan dubbed "UpdateAgent", which is targeting Mac devices. It is becoming more sophisticated in each campaign and may distribute dangerous payload. Read more...

Fired via email right before Christmas? Careful! You could be a victim of the deadly Dridex

Sayan Sen — Thu, 23 Dec 2021 08:10:01 +0000

A malicious email that claims to be an employee termination letter is doing the rounds on the internet. This email is actually a Dridex malware attack and hopes to trick its potential victims. Read more...

Close to two dozen anti-viruses including Windows Security think UserBenchmark is malware

Sayan Sen — Mon, 22 Nov 2021 15:34:01 +0000

Free and light benchmarking utility UserBenchmark is flagged by close to two dozen anti-virus programs as malware, according to VirusTotal. Windows Security, too, flags it as a "Severe" trojan. Read more...

New Ursnif trojan variant uses sneaky CAPTCHA to fool victims and steal information

Sayan Sen — Tue, 17 Aug 2021 17:08:01 +0000

A new Ursnif 2021 variant, which is a known banking trojan, is infecting victim machines by disguising itself as a reCAPTCHA test, which leads the victim to unknowingly download the malware. Read more...

A host of anti-virus engines are flagging recent Dell printer drivers as unsafe

Abhay V — Tue, 10 Nov 2020 22:12:01 +0000

Printer driver files from Dell are being flagged as unsafe by anti-virus engines like Avast, McAfee, Fortinet, and more. Logs on Virus Total suggest that they are flagged as malware and trojans. Read more...

Newly discovered PC malware version spreads through Wi-Fi networks

Abhay V — Wed, 12 Feb 2020 22:48:01 +0000

A newly discovered version of the Emotet Trojan has been observed to be spreading through Wi-Fi networks by using brute-force. The spread can be prevented by using strong, complex Wi-Fi passwords. Read more...

CamScanner, removed from the Play Store due to detection of malware, is now back

Hamza Jawad — Fri, 06 Sep 2019 07:20:01 +0000

The document-scanning app has now returned to the Play Store with an updated version, after being removed by Google last week due to malicious code being found in the app by security researchers. Read more...

Microsoft's Windows Defender prevents "massive" coin mining attack

Usama Jawad — Thu, 08 Mar 2018 14:10:01 +0000

Microsoft's Windows Defender has reportedly prevented a "massive" coin mining malware outbreak. Users on Windows 7, 8.1, and 10 are safe, but Microsoft encouraged them to use Windows 10 or 10 S. Read more...

Google cracks down on apps exploiting its Accessibility services

Justin Luna — Mon, 13 Nov 2017 14:40:01 +0000

As part of an effort to remove apps that exploit Accessibility services to serve malware, Google has emailed developers to remove their app if it doesn't really help users with the app experience. Read more...

Microsoft warns of two banking Trojans affecting home users and businesses

Justin Luna — Tue, 07 Nov 2017 15:26:01 +0000

Two banking Trojans, Qakbot and Emotet, have recently shown a rise in activity, according to a recent report by Microsoft. It is now also infecting small to large businesses aside from home users. Read more...

Hackers are using fake Game of Thrones spoilers to spread malware

Hamza Jawad — Sun, 27 Aug 2017 17:30:01 +0000

Sources have revealed that hackers are using emails that promise fake Game of Thrones spoilers to lure viewers into downloading malware which installs a remote access Trojan on their systems. Read more...

Microsoft PowerPoint used as attack vector to download malware

Justin Luna — Tue, 15 Aug 2017 14:20:01 +0000

A vulnerability in Windows OLE is being exploited by cybercriminals. The attack makes use of an innocuous-looking PowerPoint attachment, which in turn downloads malware to spy on users. Read more...

British researcher who found the WannaCry kill switch has been arrested by the FBI

Muhammad Jarir Kanji — Fri, 04 Aug 2017 01:52:01 +0000

Marcus Hutchins, the security researcher who first discovered the WannaCry kill switch, has been arrested by the FBI in Las Vegas over his alleged involvement in the creation of another malware. Read more...

Android banking Trojan uses keylogger, exploits accessbility features to steal data

Justin Luna — Thu, 03 Aug 2017 15:30:01 +0000

An Android Trojan was recently found to be updated with a keylogger and capability to take advantage of the OS's accessibility feature, which can be used to display phishing links and steal data. Read more...

Android malware forces users to leave 5-star ratings on Google Play to allegedly stop ads

Justin Luna — Thu, 09 Mar 2017 14:16:01 +0000

Security researchers at ESET have found a rogue app which forces users to give it a 5-star review in order for the content to work and to stop ads. However, this was found to be illegitimate. Read more...

Android Trojan disguises itself as a Flash player update to download more malware

Justin Luna — Thu, 16 Feb 2017 13:06:01 +0000

A new Android malware has been discovered, which cloaks itself as a Flash player update. If a user falls for it, more malicious software will be downloaded, which will spy on unsuspecting users. Read more...

'HummingBad' Android malware briefly returns as approved 'Whale Camera' Play Store app

Michael Firth — Wed, 25 Jan 2017 20:48:01 +0000

The updated malware not only made it onto the Google Play store, but has been downloaded 'several million times' as part of specially crafted applications designed to infect a user's device. Read more...

Google details how it fights Android malware, even when malware tries to fight back

Vlad Dudau — Wed, 18 Jan 2017 12:48:01 +0000

The company's security engineers detailed some of the protocols designed to keep Android users safe. The company explained how it keeps a close eye on devices and apps even when they're infected. Read more...

Disk-wiping malware now has ransomware component, demanding 222 bitcoins

Justin Luna — Thu, 29 Dec 2016 15:00:01 +0000

An infamous disk-wiping malware called KillDisk is now functioning as ransomware. It will demand a surprisingly steep amount of 222 bitcoins, or equal to almost $215,000 to unlock infected files. Read more...

Many cheap Android phones found to be preloaded with trojans

Shreyas Gandhe — Thu, 15 Dec 2016 10:58:01 +0000

Security research firm Doctor Web has revealed a list of cheap Android smartphones which were found to contain trojans that display ads and could download other apps in the background. Read more...

Android Trojan exploits Marshmallow security features to steal banking information

Justin Luna — Wed, 07 Sep 2016 15:00:01 +0000

An Android Trojan called Gugi bypasses new security features implemented in Marshmallow. It will superimpose itself over other apps, and it will request for permission to make calls and send messages. Read more...

Malware-ridden spam email allegedly contains video of Hillary Clinton meeting ISIS leader

Justin Luna — Wed, 17 Aug 2016 16:06:01 +0000

A new spam email supposedly containing a clip of presidentiable Hillary Clinton meeting with ISIS' leader is spreading on the internet. However, it only contains malware to infect the recipient. Read more...

Let's Encrypt being abused, gets used in malvertising attacks says Trend Micro

Paul Hill — Fri, 08 Jan 2016 16:08:01 +0000

Trend Micro has detected a malvertising campaign against web users in Japan. It turns out that the ads were using a certificate issued by Let's Encrypt. The ads led to sites which would infect PCs. Read more...

uTorrent is being blocked by Google Chrome and anti-virus vendors

Andy Weir — Wed, 22 Jul 2015 20:06:01 +0000

Popular BitTorrent client uTorrent is being flagged as harmful software by anti-virus vendors, and blocked by Google, apparently due to concerns over third-party software bundled with the torrent app. Read more...

New Facebook tagging scam is in the wild, containing malware that can infect every device

Justin Luna — Sun, 01 Feb 2015 11:42:01 +0000

A new type of Facebook hoax is currently circulating on the website. People are tagged in an alleged video, which upon opening is a malware hosting website, that can infect a wide range of devices. Read more...

Beware: Fake "The Interview" movie download app is in the wild

Justin Luna — Mon, 29 Dec 2014 13:32:01 +0000

With all the ruckus on "The Interview," cyber criminals took advantage of the moment as they have created an app claiming to download the movie. Instead, a Trojan is waiting to attack host devices. Read more...

Malicious Trojan now attacking password managers

Usama Jawad — Sun, 23 Nov 2014 09:38:01 +0000

A highly evasive trojan named 'Citadel' is now attacking password managers. It can bypass most threat detection systems to access sensitive data without the user knowing making it highly dangerous. Read more...

Malware is leaving power grids open to attack

Brockman Davis — Tue, 01 Jul 2014 04:45:22 +0000

Symantec has found that a seemingly organized group of hackers, nicknamed Dragonfly, has been infiltrating energy providers by using trojans and phishing techniques. The group has yet to be caught. Read more...

Android phones are now being sold with pre-installed malware

Andy Weir — Thu, 19 Jun 2014 08:24:07 +0000

A security firm warns that low-cost Android handsets are being sold via sites such as Amazon with malware baked into their firmware, blocking security updates and sending user data to Chinese servers. Read more...

Microsoft finds new Trojan malware that deletes itself

John Callaham — Tue, 16 Apr 2013 15:14:42 +0000

Microsoft's malware protection team has found evidence of a new Trojan that can basically delete its own files so that it becomes much harder to detect, but Microsoft managed to find it anyway. Read more...