It’s Monday, which means we have a roundup!
Over the past week on Malwarebytes Unpacked, we’ve moved from a vulnerability disclosure and launch of a bug bounty program to a new form of Ransomware called DMA Locker. Nuclear Exploit Kit returned to cause problems with a large WordPress compromise campaign, and we weighed in on a problematic situation brewing over at BleepingComputer. We looked at a Weather App which would wait until a very specific date to pop a fake Blue Screen of Death (complete with tech support scam phone number), and the latest round of Malvertising we detected caused problems for readers of TMZ. Rounding off the week, we covered Amazon themed phishing mails on the hunt for logins and bank details, and the latest in a string of problems for the popular DayZ videogame.
As for the rest of the news…
- Fake Flash scareware targeting users of OS X.
- Someone compromised the Dridex Botnet and had it offer up a legitimate Antivirus product instead of the usual Malware.
- Google are taking the fight to websites with dubious “Download Now” buttons all over the place (especially problematic on download websites where you can’t…quite…figure out where the download you actually want is located).
- Skype threats can be extremely problematic given the potentially sensitive data they can get their hands on, and the T9000 can record conversations, steal files and grab screenshots.
- Toilet hire Malware? Toilet hire Malware.
- There are claims that up to 10,000 NASA machines could be infected with Malware.
- Were Israeli drones hacked and turned into live-feed monitoring stations?
- Users of TurboTax were warned to steer clear of a recent phishing campaign.
Stay safe!
The Malwarebytes Labs Team
I apologize that this is going to be long but I think we need to out these crooks as often as possible. First let me say I am really grateful I found malwarebytes after researching what happened to me last week. Frankly I found little usable information on the Adobe forum or the Apple help forums which was disappointing. I was able to clean up my system using the free download file from malwarebytes though.
Yesterday my 80 year old sister fell prey to one of the the scams but worse. She was looking for something and clicked on a link and the ‘Adobe Flash’ update downloaded automatically to her desktop. She didn’t click on it but the next time she launched her browser the box popped up warning her she had a virus and it locked her browser. I think this is noteworthy. She didn’t install and it still embedded.
Unfortunately she called the number on the pop up and talked to a “tech” named Jason who promised he could ‘clean’ her system for $99.99. She gave him her debit card and let this complete stranger have control of her computer. [arghhhh]
Her granddaughter called me later when she found out to tell me what happened. I went there and dumped the Flash dmg and had her check her bank account. The debit withdrawal was from Worldgate Solutions, LLC SO Fremont CA. I looked it up and found that it was registered in July 2015 and is owned by Manish and Schruti Rustagi. Today I took her to the bank to report this and get her debit card replaced. I checked her applications folder and library and found that ‘Jason’ left Sophos Anti-Virus software behind. He told my sister he put up a ‘firewall’ for her. I took it all out. I’ll upload the malwarebytes app after we upgrade her hard drive.
I have noticed this feeding frenzy is on the uptick, as more people are falling for the scams that are becoming more sneaky and aggressive. Mac folks are especially vulnerable because they have lived under the long held delusion that Macs are virus proof.
The worst thing is that there are not enough warnings out there from the very systems support sites you’d expect would be up to date on this growing problem. I believe the various forms of this come in all manner of ways. I’m extremely careful about where I click and I do a lot of vetting before I believe a ‘free’ download is what it claims to be. I believe my attack came in on a pop up ad that I tried to close. Hit the ‘X’ and it downloads. When the frenzy of pop ups started and I realized what happened I checked my applications folder and noticed the mackeeper logo in there too. I immediately dumped it. But I still had to have malwarebytes clean up the hidden stuff that I didn’t know what to look for. I’m most grateful for this and plan to upgrade.
Sadly the Net has become a den of greedy thieves. :-[ My sister pay $100 for her hard lesson. I’m hoping I have done all the right things here.
Hello there,
Thank you for leaving a comment here. I fully empathize with your experience and recognize the usual trademarks of tech support scammers.
It seems like you have done the right thing to recover from this in terms of identity protection and banking details.
Thank you for providing the details of the company behind this. We will investigate and blacklist the offending actors so other people do not become victims.