A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a new macOS backdoor that researchers dubbed DazzleSpy.
Posts tagged "Malware"
Microsoft Excel is making a big change to protect against malware
Excel 4.0 (XLM) macros are now disabled by default, Microsoft has confirmed. In a Tech Community blog post, the company revealed that the change has been made to better protect users against “related security threats” coming through spreadsheets.
Back in July 2021, the company released a new Excel Trust Center setting option, allowing administrators to restrict the usage of Excel 4.0 (XLM) macros. It has now made this option default for everyone.
Administrators can use existing Microsoft 365 applications policy control to configure this setting, the announcement reads. The Group Policy setting “Macro Notification Settings” for Excel can be found in the following path and registry key:
Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.
Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office.0\excel\security
Malicious actors often abuse macros
Furthermore, administrators can manage this policy setting with both cloud policies, and ADMX policies. They can also completely block all XLM macro usage, including in new user-created files, by enabling the Group Policy, “Prevent Excel from running XLM macros”, Microsoft added.
Excel 4.0 (XLM) macros were the default format until 1993, and even though they’ve since been discontinued, they can still be run by the latest versions of the Office program. That makes them ideal for threat actors, who’ve been abusing them to push malware such as TrickBot, Zloader, Qbot, Dridex, ransomware, and many other malicious programs, BleepingComputer reminds.
The publication also reminds that in October 2019, Microsoft added a new Group Policy, allowing administrators to block Excel users from opening untrusted Microsoft query files with IQY, OQY, DQY and RQY extensions. It claims that these files have been weaponized in “numerous malicious attacks”, to deliver remote access Trojans and malware, for years.
XLM is disabled by default in version 16.0.14527.20000+, current Channel builds 2110 or greater, monthly Enterprise Channel builds 2110 or greater, semi-annual Enterprise Channel (Preview) builds 2201 or greater, and semi-annual Enterprise Channel builds 2201 or greater (coming this July).
- Here’s our rundown of the best antivirus software available now
Via: BleepingComputer
Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers
The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
Threatpost
Critical ManageEngine Desktop Server Bug Opens Orgs to Malware
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.
Threatpost
‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
The malware establishes initial access on targeted machines, then waits for additional code to execute.
Threatpost
Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.
Threatpost
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
Threatpost
SolarWinds Attackers Spotted Using New Tactics, Malware
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
How do malware removal tools work?
Malware removal software is an important part of the armory of tools that can be used to defend your PC from being compromised by a malicious payload of one kind or another.
If you’re wondering how anti-malware tools differ from antivirus, we cover that in-depth elsewhere, but suffice it to say that malware removal apps offer a much more focused kind of protection against malware, and the facilities to rid your system of an infection.
But how do these applications work exactly? Read on for our full examination of how malware removal tools protect your device and what to expect if you install one of these utilities on your system.
Malwarebytes Premium is today’s best anti-malware tool
Save 25% on your security Sometimes free software just isn’t enough. Malwarebytes Premium is reasonably priced and uses heuristic analysis to identify new strains of malware, cleans up existing infections, helps protect you from phishing scams, and helps stop you downloading further malicious software.
On-demand scanning
As with an antivirus app, when installed on your machine, a piece of anti-malware software will give you the ability to scan the system to check if any malware is present.
There’ll be a ‘Scan’ button on the main menu of the app (most likely, or a submenu perhaps), and simply clicking on that will scan your drive(s) and memory. Just the same as with an antivirus, the malware removal tool will have (regularly updated) definitions of common malware. It’ll look for matches based on the content of this library of definitions, and if anything is found on your PC, that will (obviously) be flagged as malicious.
That will happen in a post-scan report, where any suspect discoveries are highlighted, and you’ll get the option to quarantine these offenders (or indeed malware might be automatically quarantined). Quarantining, as you might expect, is the banishment of a file to a cordoned-off area of the system, where it can no longer reach or harm your device or data.
As well as malware, Potentially Unwanted Programs (known as PUPs for short) may be reported in scan results, which are, as the name suggests, apps that you might not want on your system (a good anti-malware app will explain why they’re possibly undesirable). These don’t have to be quarantined, as they’re not actively doing any harm, so it’s up to you whether to take action on those. (You’re better safe than sorry in these cases, more than likely, but occasionally legitimate apps can be flagged, and you may want to ignore warnings in these cases).
This on-demand scanning is present with all anti-malware software, and one approach that some folks take is to install a freebie malware removal app just to sit on their system as a backup to a primary antivirus.
In other words, the tactic here is to rely on the antivirus in the main, but to run a manual scan with a second line of defense – the anti-malware – every now and then, just to see if it picks up on anything that the antivirus could have missed. That might only be a PUP, and not outright malware, but still, it could be something that you don’t want on your system, and would otherwise have sat there if you hadn’t plumped for a second opinion.
Real-time defenses
Malware removal software can give you more than just on-demand scanning, though, and some apps offer real-time defenses in the same vein as an antivirus. Real-time protection simply means that the anti-malware tool has a constant shield up, scrutinizing every file being introduced onto your system (and the processes currently running) for anything suspicious.
That gives you more watertight protection, and means you can run an anti-malware app as your frontline protection against malware, with no need for an antivirus (at least in theory).
Obviously it helps if you choose one of the best tools of this purpose, such as our current top-ranked pick Malwarebytes. Its premium version sports real-time protection, backed up by heuristics (monitoring for malware-like behavior, to catch threats which are brand new and not yet included in the program’s library of malware definitions).
Remember that anti-malware is built to major in such behavioral detection, and finding fresh threats that an antivirus might miss. You also get web defenses (against phishing and other online scams) for safer browsing, plus anti-ransomware tech – a broader level of protection, in other words, from the paid Malwarebytes app (as you might expect).
All that said, it’s still true that the best antivirus apps may offer a more accurate malware detection engine – at the time of writing, that is indeed the case according to the independent test labs, although Malwarebytes is rated solidly enough for overall protection – so you may prefer to run one of our best antivirus picks backed up by the free version of Malwarebytes (or your preferred anti-malware choice) for on-demand duties.
How do malware removal tools work?
Whatever the case, anti-malware apps offer a laser-focused protection against malware (and the likes of PUPs), and as we’ve seen, the good ones can work on multiple levels just like antivirus – with on-demand, plus real-time protection backed with heuristic tech – running the gamut of defensive countermeasures against all the nastiness out there, including ransomware, phishing and more.
- Get backed up safely with secure cloud storage solutions
- The big question…Is free antivirus safe?
- How to clean up your Windows PC with an anti-malware tool