Skip to main content

Thursday Threat Report: New banking malware Kronos, and a search engine for leaked passwords

Welcome to ITProPortal's Thursday Threat Report, where we round up the three greatest security threats facing Internet users, smooth-running enterprise, and occasionally even the survival of the world as we know it. Hold onto your hats - things are about to get scary.


While the rest of the world is debating the rights and wrongs of the "right to be forgotten" in the European Union, one Portuguese entrepreneur with remarkably few scruples has been making a fast buck out of the idea. Indexeus is a search engine that boasts a searchable password database, containing huge amounts of information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information of over 200 million people.

While the developer at first charged users $1 to search for their personal details on the site, you can now do it for free.

 All Greek to me

A new variant of banking malware has begun to be advertised on online hacker forums, billing itself as the new hottest thing in the cybercriminal underground market.

The new malware is named Kronos, and judging by a recent ad seen on a Russian cybercriminal forum, it's capable of stealing credentials from browsing sessions in Internet Explorer, Mozilla Firefox and Google Chrome by using form-grabbing and HTML content injection techniques.

If the advertisement is to be believed, Kronos can also evade both antivirus and so-called "sandboxing", where programs are only allowed to run in a limited part of the system.

Breaking news

CNN's iOS application has a major vulnerability that threatens to leak user information. According to a report by information security company Zscaler, the app is the second most popular news app and is ranked number 165 among all free applications.

Read more: Syrian Electronic Army hijacks CNN social media accounts

However, its iReport function, which allows users to upload photos, videos and other content to CNN news reports, has a major security flaw. Passwords for iReport accounts are sent unencrypted in clear text, making them extremely vulnerable to interception.