TajMahal packs a palace of hurt

Cybersecurity experts are calling attention to what appears to be spyware on steroids. The TajMahal malware has been around since 2013 but was not discovered until late 2018. It is completely unique in that it has no known association with any advanced persistent threats (APTs) or malware. Its code is unlike others, and it uses an update mechanism to keeps its malware fresh so it avoids detection. Researchers are both impressed and unnerved by the level of sophistication in the malware, which includes malicious acts previously unseen such as stealing documents that had been sent to the printer queue, stealing files that had been accessed on removable drives, stealing data that had been burned on a CD, and taking screenshots as it records audio. The malware gives the attacker an all-access backdoor from which he or she can execute commands, use keylogging, exfiltrate files, steal cryptography keys, steal browser cookies, and more. All told, there are about 80 malicious acts that can be executed with TajMahal. 

A move forward for net neutrality

The Save the Internet Act passed in the U.S. House of Representatives by a vote of 232-190. The bill heads next to the Senate where, if passed, it would reinstate the net neutrality rules that were set in 2015 only to be repealed two years later when the current administration took office. Though the bill inspired much discussion in the House and garnered many amendments insisted upon by the attending body, it did pass without losing any of its original intent. Yet despite having many supporters, the bill has an uphill battle in the Senate, where Majority Leader Mitch McConnell calls it “dead on arrival,” with the backup of the White House and FCC Chairman Ajit Pai. Though even if the bill doesn’t get past the Senate, it’s existence and support should generate much discussion in the public space on the advantages and disadvantages of net neutrality.

Yahoo pays up for data breach

Back in October, we reported on the $50M settlement Yahoo had reached with its users as compensation for a data breach that affected about one billion email accounts and almost 200 million consumers worldwide. That was put on hold in January, however, when a California judge ruled the amount was far too small. Yahoo more than doubled its proposed settlement then to $117M. The money will be used to cover victims’ out-of-pocket expenses, two years of credit monitoring, up to $30M for legal fees, and up to $8.5M for other expenses.

Porn blackmailer jailed

A 24-year-old London student named Zain Qaiser has been arrested and sentenced to six and a half years in jail for running a ransomware operation. Investigators have found £700,000 of his profits, but they suspect his real net earnings were closer to £4M. He set up his scheme by posing as an online advertising promoter. He worked with the internet’s most popular porn sites, book ad space on the sites and then filled it with malware-infected ads. When any user clicked on one of the ads, which were viewed by tens of millions of users, it would trigger what’s called an “anger,” a malicious tool that scans networks for vulnerabilities. If it found one, the ransomware would be installed and the user would find their files locked and a splash page across their screen demanding payment. In exchange for the ransom, Qaiser informed his victims, he would unlock their files and NOT release webcam footage of the user enjoying the porn sites. Sometimes, Qaiser would claim on the splash pages to be the FBI or other law enforcement. Qaiser denied all the accusations at first, but ultimately admitted to 11 charges including fraud, blackmail, and computer offenses.

“It is always good news to have a cybercriminal off the street, thanks to the work and effort of law enforcement,” comments Avast security expert Luis Corrons. “Sadly, there will be more cases as long as victims keep paying ransom which, as we have seen here, seems to be the norm.”

Avast advises victims not to pay ransom, and instead seek decryption tools from experts. Ransomware attackers should not be rewarded for their malicious efforts.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.