https://thehackernews.com/2023/11/malicious-apps-disguised-as-banks-and.html?m=1

Please someone assure me that Trend Micro is aware of this sample targeting Indian users as a banking malware trojan.

The hacker news have covered about it.

Kindly forward my request to the virus researchers and the concerned teams and let me know if this sample which is in wild is known to the Trend Micro.

It would be better if Trend micro's password manager have advanced security mode for android. Which if selected asks for master password and fingerprint to unlock the vault. Also please introduce a notification based authentication. Which users have to confirm over mobile device for confirming the signing in or email based authentication.

These features are present in Truekey password manager of McAfee.

Trend Micro's Password manager Import feature is not showing up under Data section. The whole Data section is not showing up. So basically a user cannot import passwords as of now. I have checked this with support team. But kindly escalate the issue and make it available at the earliest.

I recently posted a problem as in private post. Does Trend Micro employee can see it ? If yes then please reply to the private post of mine.

Trend Micro should introduce software based two way firewall. The one which can monitor incoming and outgoing connections. Kindly introduce some new security features like a firewall for Trend Micro Internet/  Maximum Security. The UI and options are basically the same for the past 8 years approx. Which is not a bad thing but atleast introduce a powerful software based firewall. Put some effort in consumer product developments. Kindly forward this idea or suggestion to the concerned department and developers. 

I had submitted a sample for reclassification but after analysis Trend micro is showing that file as normal file. 

[TM-3015963-K4N7W8] Results for the File Submitted for Reclassification Ref:04500000542

This sample is detected by Eset as PUA Vulnerable Zemana driver and has other detections as well over virustotal website. Some of these are Spyboy vulnerable driver. 

Here is the virustotal website link- 

https://www.virustotal.com/gui/file/543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91/detection/f-543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91-1686074653

SHA 256- 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91

Trend Micro did a research extensively recently over vulnerable zemana driver. To quote a trend micro post "Terminator.exe is the re-created "SpyBoy" tool. 

The tool abuses the zam64.sys driver to terminate all EDR/XDR/AV processes." 

I believe that this sample is related or similar to this one.

I know Trend Micro takes security issues seriously as I have been told by Trend micro employees here several times. But I would again like to get your attention to provide certain features to Trend Micro's Password manager-

1. Provide a password generator which generates more secure passwords upto 35 characters not just 20 of characters which also uses different characters than simply using the most common ones as we see now.

2. Provide re-captcha feature when signing in for the first time over Password manager portal or signing in for the first time over a device which can protect the users from credential stuffing attacks or mass login attempts like the one that happened with Norton.

3. Please make sure that Password manager can be used with ease when the user is trying to autologin using the password manager. Most of the times I had to copy and paste my id and passwords which is not secure.

4. Provide auto deletion option after few mins (auto deletion of clipboard content).

Other AV companies provide a simpler approach for submission of files. For instance Norton provides a portal namely submit.norton.com . Please check this portal for once and try to introduce similar portal for users. In short by using this portal Norton users can submit suspected files or files which exists on virustotal. And soon within 2 or 3 days a detection is added for it.

That portal of norton even provides an option to submit 256 hash or MD5 hases.

So if possible try to introduce similar concept for Trend Micro. Kaspersky has Opentip portal of itself. All I want is provide a simpler approach for file submission.

It takes days for getting a file reclassified this way. You can continue providing existing option as well for detailed and specific assistance for customers. But if possible provide a website similar to Norton submission portal or Kaspersky's Opentip.

I also don't like the idea of Trend Micro running mute mode randomly. I noticed a msg pop up that 7 threats are removed or detected while the Trend Micro was in mute mode. So I checked the Security Report and found none threats detected. So is this possible that when mute mode is turned on the threats which are detected during that time are not shown up under Security reports ? Unfortunately I was unable to take screenshot of the incident. 

I recently noticed Trend Micro's Password sharing feature which is great to have. Appreciate the developers in this regard. But also improve certain areas of Password Manager for instance :-

1. Introduce edit option and save option for secure notes. This will save user from accidentally editing the secure notes which got saved automatically as of now.

2. Password generator to generate more strong and complex passwords upto 30 characters and using more special character symbols.