A Week in Security (Aug 24 – 30)
News

A Week in Security (Sept 07 – 13)

Posted: September 15, 2014 by Malwarebytes Labs

Here’s a review of last week’s posts on Malwarebytes Unpacked:

  • Twitter Phishing Spamrun: “Strange Rumors About You” (Fraud/Scam Alert) The latest batch of Twitter phishing campaign was spotted by an independent researcher early last week and notified our own researchers about it. Security Researcher Chris Boyd found that bots and compromised Twitter accounts were used to lead users to a site hosted on Tumblr.
  • ‘Dyre’ malware goes after Salesforce users (Cyber-crime) Senior Security Researcher Jérôme Segura found out that the ‘Dyre’ malware, once used to target and steal banking credentials, were now being used to gather credentials from users of Salesforce, a known software company.
  • Massive “Gmail Credentials” Dump Posted Online (Cyber-crime) Last week, news of Gmail credentials getting leaked hit the internet, with users ending up on a panic. It was found out later on that the dumped data have originated from multiple sources, not by a breach from Google’s systems.
  • Popular Japanese blog platform affected by malicious redirections (Exploits) One of the blog subdomains hosted on Ameba was directing users to a location where drive-by downloads of several exploits, particularly IE, Flash, and Silverlight, occurs to the system visiting the page. Users who haven’t updated their software and without ample AV protection may not realize this system compromise.
  • Household Improvement Emails Come with Zbot Malware (Fraud/Scam Alert) Scammers were found pretending to be M & M, a business entity that is into kitchen appliances. Spam were sent to inboxes containing a ZIP-compressed file that is purportedly an invoice; however, it was actually a variant of the ZeuS malware family of banking Trojans.
  • Phishers pose as Cloudhashing to steal your Bitcoins (Fraud/Scam Alert) Senior Security Researcher Jérôme Segura revealed a recent phishing campaign targeting users of Cloudhashing, a bitcoin mining company. It is similar to the fake M & M invoice mail, only in this case, the attached file was a Java applet (.JAR).

Top news stories:

  • MH17 plane crash victims exploited by cold-hearted scammers. Researchers from our friends at ESET found a 419 scam that was banking on the perished of Malaysian Airlines flight MH17. As the author of that post noted, “it only requires one person to fool for the scam for it to be worthwhile to the fraudsters, who have typically spammed it out to thousands.” (Source: ESET’s We Live Security)
  • Uncovering Malicious Browser Extensions in Chrome Web Store. Our friends at Trend Micro revealed seeing malicious browser extensions being hosted on Google Play, a proof that the browser giant’s security tactics can be bypassed, eventually allowing the install of rogue browser extensions. They also placed a step-by-step illustration of how an attack can potentially happen to affected systems and signs of what rogue extensions may look like. (Source: Trend Micro’s Security Intelligence Blog)
  • Yahoo, Amazon and YouTube Hit By Malvertising Campaign. The names “Kyle and Stan” popped up in the security community last week, thanks to its involvement in a recent campaign of malicious ads being spouted from well-known, high-traffic domains. Pages serving these infected ads leads users to a page based on their OS and then to a final page where malware is then downloaded. (Source: Inforsecurity Magazine)
  • Phishing miscreants Thwart Securo-sleuths with AES-256 crypto. “Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites.” (Source: The Register)
  • Researchers find data leaks in Instagram, Grindr, OoVoo and more. Researchers at the University of New Haven found several problems with Vine, Nimbuzz, OoVoo, Voxer and several other Android apps in the way they handled data storage. Images and videos were stored on Web sites unencrypted; chat logs and even passwords were being sent over the wire in plaintext. (Source: Cnet)
  • Home Depot Hit By Same Malware as Target. Following the breach on Target and the many issues surrounding it, Home Depot was the latest to be victimized by hackers. Initial findings reveal that the culprit was “BlackPOS”, the same malware used during the Target breaching. Different sources suggest that it may be an entirely new point-of-sale (POS) malware. (Source: KrebsOnSecurity)

Stay safe!

The Malwarebytes Labs Team

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Malwarebytes Labs

Malwarebytes Labs

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams