Phishing and game-related threats dominated last week’s posts on Malwarebytes Unpacked.
Security Researcher Christopher Boyd shared to blog readers videos about cheat bots, how they work in gaming, and how one can fight them. He also highlighted on fraudulent payment attempts found by Boomerang Rentals, a popular game rental site. And then Security Researcher Jovi Umawing discussed a scam that was prevalent on Steam until the end of 2014, which baits users to join an ESEA League and how one can circumvent payments for its premium registration.
Both Boyd and Umawing touched on two latest, in-the-wild phishing campaigns that may affect a lot of internet users. Clients of Microsoft Outlook and Adobe (respectively) were asked to remain vigilant.
Notable news stories and security related happenings:
- Macs vulnerable to virtually undetectable virus that ‘can’t be removed’. “A security researcher has discovered a way to infect Macs with malware virtually undetectable, that ‘can’t be removed,’ and which can be installed using a modified Apple gigabit Ethernet Thunderbolt adapter.” (Source: ZDNet)
- ‘Skeleton Key’ Malware Bypasses Active Directory. “Network monitoring software or abnormal user behavior are two ways to detect an attacker within your network, but new malware dubbed “Skeleton Key” can evade both.” (Source: Dark Reading)
- Attackers planting banking Trojans in industrial systems. “Trend Micro researcher Kyle Wilhoit says the latest attacks on SCADA and industrial control networks are turning out to carry rather pedestrian banking Trojans, and have been on the rise since October 2014.” (Source: The Register)
- Aggressive Riskware Installation on Amazon Kindle (and Android). “As malware continues to grow on Android (900K malicious samples and 1,300 new per day), we sometimes forget attacks can also affect other devices… like Amazon’s Kindle. The Kindle indeed runs Fire OS, a fork of Android. Thus, in several cases, Android malware also work on Fire OS, and reciprocally.” (Source: Fortinet Blog)
- Oracle alerts firms to bogus malware-laden ‘security patches’. “Hackers are targeting enterprise companies with bogus, malware-laden patches purporting to come from Oracle.” (Source: V3)
- Ouch! Home router security ‘bypass’ actually means no security AT ALL. “Very simply put, Novella claims that the router’s administration web pages are visible on the external (internet-facing) interface.” (Source: Sophos’ Naked Security Blog)
- Google AdSense Used for Malvertising Campaign. “The malvertising campaign is believed to have started since at least the second half of December 2014, when the scammy domains hosting the fake pages were registered, but became more widespread since Friday, January 9, 2015.” (Source: Softpedia)
- Ham-fisted phishing attack seeks LinkedIn logins. “Symantec has spotted an uptick in phishing emails over the last week that purport to come from LinkedIn support and attempt to steal users’ account credentials.” (Source: CSO Online)
Safe surfing, everyone!
The Malwarebytes Labs Team