Last week, Security Researcher Chris Boyd found and discussed a scam circulating on Facebook that banked on the missing AirAsia Flight QZ8501. This scam, similar to those before it, use imitation YouTube videos to get users clicking and answering surveys or downloading programs that may cause harm to the system. Following this, Boyd also found a fake CNN Twitter account the spew weight loss links to unlucky followers.
Senior Security Researcher Jérôme Segura took notice of a malvertising campaign affecting high-level domains, such as the Huffington Post, Yahoo!, and TMZ. Systems of users visiting pages with these malicious ads on them will immediately get infected via drive-by download, eventually turning them into bots participating in ad fraud.
Other posts on Malwarebytes Unpacked that you may have missed:
- Santa’s fake Christmas Offers Infect PCs with Banking Trojan
- Hackers Compromise Official Bryan Adams Website
- Redressed Facebook Scam Makes a Comeback Before The New Year
- January 1st Instagram Profile Deletion Hoax
- Potentially Unwanted Program Borrows Tricks from Malware Authors
Notable news stories and security related happenings:
- iCloud accounts at risk after hacker releases tool allowing access to any login. “The creator of the tool said that they had released the ‘so Apple will patch it’.” (Source: The Independent)
- The hidden dangers of third party code in free apps. “Research from MWR InfoSecurity has shown the various ways hackers can abuse ad networks by exploiting vulnerabilities in free mobile apps.” (Source: Help Net Security)
- Brit Proves Google’s Eric Schmidt Totally Wrong: Super Cookies Can Track Users Even When In Incognito Mode. “It’s possible Google has gone as far as it can in stopping HSTS tracking. By automatically deleting data related to HSTS, it may degrade security protections provided by that feature, though it may help prevent privacy abuses.” (Source: Forbes)
- Why Healthcare Cybersecurity Measures Must Evolve. “As technology continues to evolve, so must healthcare cybersecurity measures. Some of the latest online threats are considered Advanced Persistent Threats (APTs), and while not all online issues fall into that category, some healthcare experts believe facilities will benefit on numerous security levels if they prepare for APTs.” (Source: Health IT Security)
- Don’t let “breach fatigue” leave you vulnerable to hackers and malware. “Human nature makes some form of breach fatigue unavoidable – no matter how shocking any given story might be the first time you hear it, after the dozenth or hundredth or thousandth reptition it barely merits a yawn.” (Source: Consumer Affairs)
- Hoax! Don’t copy and paste that ‘Copyright’ Facebook message. “If you see something like this, go to Snopes and look it up before you post it. Snopes is in the business of clearing up myths on the Internet.”(Source: USA Today)
- Researchers Work to Counter a New Class of Coffee Shop Hackers. “The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet.” (Source: Newswire)
Safe surfing, everyone!
The Malwarebytes Labs Team
