FunkyBot: A New Android Malware Family Targeting Japan

Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As Continue Reading

A Look Into The New Strain Of BankBot

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides Continue Reading

Protecting Your Organization from the WCry Ransomware

Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016. On May 12, FortiGuard Labs began tracking a new ransomware Continue Reading

FortiGuard Labs Telemetry – Roundup and Comparison of 2015 and 2016 IoT Threats

Attacks targeting and originating from IoT devices began grabbing news headlines toward the last quarter of 2016. Insecure IoT devices became the low-hanging fruit for threat actors to easily exploit. Some were even notoriously used as botnets to launch DDoS attacks against selected targets. For example, the infamous Mirai botnet Continue Reading

Did you order those iTunes movies? Nope, it’s just phishing for Canadian Apple users

Over the weekend, we encountered an interesting variation of a phishing email targeting Apple users. The email contained an alleged receipt for five movies purchased from the iTunes Store that was so detailed that the user who received it, and who knows better, still almost fell for the scam. Figure Continue Reading

Saudi Organizations Targeted by Resurfaced Shamoon Disk-Wiping Malware

FortiGuard is currently investigating a new wave of attacks targeting Kingdom of Saudi Arabia organizations that use an updated version of the Shamoon malware (also known as DistTrack.) We described this malware in detail a few months ago in a previous article. The key features of that version remain the Continue Reading

"JapanLocker": An Excavation to its Indonesian Roots

Fortinet has discovered a new open-source PHP ransom malware that has been targeting web sites using a simple encryption algorithm that is effective enough to really frighten web server owners. What is more interesting, however, is the information we have uncovered regarding the possible roots of the attacks/attackers. Basing only Continue Reading

Home Routers – New Favorite of Cybercriminals in 2016

Fortinet has been monitoring the outbreak of attacks targeting home routers over the past several months. We plan to post a series of blogs to share our findings. In this post, we review the related statistical data that has been recorded by Fortinet. Since July of this year, it has Continue Reading

How Healthcare Can Build their Cyber Threat Defenses

Articles, blogs, and whitepapers written about the rise in cybercrime targeting healthcare have become routine even as they reflect a mounting threat to one of our most critical industries. Virtually anyone who has access to a computer and has a propensity toward criminal activity is now able to enter the Continue Reading

Security news – Zimbra ransomware written in python

Lawrence Abrams of Bleeping Computer has reported that there is a new ransomware variant, written in Python, that is targeting ZCS server data under /opt/zimbra/store/. How can you protect your Server/s from this, or other, ransomware? At this point, no details have been provided about how any servers were compromised. Without any details, the best advice we Continue Reading