Here’s a review of last week’s posts on Malwarebytes Unpacked:
- Real Hotel Booking Info Used in Holiday Phish (Fraud/Scam Alert) Security researcher Chris Boyd highlighted the growing risk related to booking holiday trips online using a real-life example from a couple who received an email containing their precise trip details and asking for their payment details.
- Email Hijack Leads to “I was robbed, send me money” Scam (Fraud/Scam Alert) The 419 or Nigerian scam mails have many faces. Last week, Boyd introduced another one. This time, the scammer posed as a landlady who had been victimized by robbers while on vacation with his/her family , asking help from their tenants.
- Beware of US-based Tech Support Scams (Fraud/Scam Alert) Senior security researcher Jérôme Segura profiled tactics employed Tech Support scammers found not overseas but somewhere in Florida, USA.
- Fake E-ZPass Emails Still in Circulation (Fraud/Scam Alert) After being found in circulation from a few months back, the fake E-ZPass emails remain in the wild and continue to spread malicious files.
- “Virtual Kidnapping” Warning Doing the Rounds on Social Media (Fraud/Scam Alert) Boyd discovered a scam story making rounds on Instagram and Tumblr about people getting kidnapped and the “kidnappers” calling the supposed victim’s relatives asking for money for their safe return. Unfortunately, several families already fell for this tactic and sent money to the “kidnappers.”
- What are Online Problematic Situations: EU Kids Speak Up (Online Security) The London School of Economics and Political Science recently published a white paper on online problematic situations (OPS), what it is, and its types according to children in European countries.
Top news stories:
- RAT Malware Communicating via Yahoo! Mail. IcoScript, a remote administration (RAT) Trojan, was discovered receive commands from its creators via Yahoo! Mail, revealed by a researcher from German security firm, G-Data. (Source: ThreatPost)
- DDoS Kits Become More Common, So DDoS Assaults Get Simpler, Says Trustwave. Our friends at Trustwave recently released a study, revealing that there’s an active and cheap trading of DIY malware bot kits, RATs, and other info-stealers in the underground black market which is slowly making DDoS a norm. (Source: Spam Fighter)
- Vulnerability in Spotify Android App May Lead to Phishing. Spotify, a popular music streaming service, was found to be vulnerable from exploits that may allow an attacker to conduct a phishing campaign against smartphone users. (Source: TrendLabs Security Intelligence Blog)
- Obfuscated malicious office documents adopted by cybercriminals around the world. “Yes, that’s right, cybercriminals are busily recycling this old technique, introducing new obfuscation forms to make it more effective.” (Source: Secure List)
- Chrysler, Nissan looking into claims their cars ‘most hackable’. After news broke out about certain “smart cars” that were found to be the “most hackable,” two automotive giants began to review the claims of two researchers who were able to successfully perform these hacks. (Source: CNBC)
- Security expert calls home routers a clear and present danger. In-Q-Tel Chief Information Security Officer Dan Geer revealed during his keynote at Black Hat 2014 that cheap Wi-Fi routers “could be used to construct a botnet that ‘could probably take down the Internet.'” (Source: Ars Technica)
The Malwarebytes Labs Team