Last week, we talked about a compromise on the 55 million registered voters in the Philippines, the return of tech support scammers—with fake AV in tow—and some other interesting finds we have outline below:

  • Senior Security Researcher Jérôme Segura revealed that malicious actors are using a fake social button plugin (those that we commonly see on websites that allows one to “Like” or Tweet the article URL to our followers) site to infect unknowing users of the Angler exploit kit (EK). Once infected, a fileless malware can then do ad fraud.
  • Segura also covered a malvertising activity he spotted on the ad platform, AdsTerra (aka TerraClicks). “We have documented over 400 unique malvertising incidents coming out of AdsTerra. These malicious advertisements were displayed on a variety of adult sites and torrent portals and the ultimate payload was the Cerber ransomware,” Segura wrote on the post.

For our final PUP Friday this month, we honed in on two browser hijackers: YesSearches and HohoSearch. Malwarebytes Labs researchers found that these are now adding an extra Firefox profile on systems they’re installed in. This is actually a good thing, claimed Pieter Arntz, Malware Intelligence Analyst, as “it is easier to remove an unwanted profile than it is to clean up a hijacked one.”

Notable news stories and security related happenings:

  • Cisco Researchers Discover Millions of Servers Which Can Spread Ransomware. “Although some people will argue the topic of Bitcoin ransomware has been beaten around the bush one time too many, it is important to bring attention to these threats. A new Cisco Systems study shows how 3 million servers are at risk of ransomware infections. When will people and enterprises learn to take cyber security more seriously? ” (Source: Bitcoinist)
  • 10 Whaling Emails That Could Get by an Unsuspecting CEO. “There has been an uptick of activity lately as fraudsters spend the first few months of the year taking advantage of tax season, targeting finance departments with emails that look like they are coming from a company’s senior executive.” (Source: CSO)
  • Research Identifies Organised Cyber Threat to Australia. “Australia is being touted as a holiday destination for European ‘money mules’ – individuals prepared to engage in online money laundering. Sergei Shevchenko, senior security researcher, at BAE Systems Applied Intelligence, said that he had visited a Russian underground internet site that was advertising for money mules prepared to travel to Australia.” (Source: Computer Weekly)
  • Microsoft and Google Want to Let Artificial Intelligence Loose on Our Most Private Data. “The recent emergence of a powerful machine-learning technique known as deep learning has made computing giants such as Google, Facebook, and Microsoft even hungrier for data. It’s what lets software learn to do things like recognize images or understand language.” (Source: MIT Technology Review)
  • Cyber-Thieves Rush to Steal Data Before Chip Technology Sets In. “Cyber-thieves see new credit card chip technology being adopted by U.S. retailers closing a lucrative window of opportunity to steal your data. So they want to move fast.” (Source: Bloomberg)
  • The App You’re Using to Find Stoner Buddies Could be Broadcasting Your Location to the Cops. “HighThere, the “Tinder for Tokers,” is a stoner app for finding smoking buddies. When you first download the app and join the network, HighThere asks for your location data and your energy level when stoned, so it can match you with potential friends.” (Source: Tech Insider)
  • End-Point Devices Pose Challenges to Healthcare Cybersecurity. “According to a recent survey by Ponemon Institute and CounterTack, a little over half of the respondents, including healthcare organizations, stated that their companies were not equipped to manage malware threats, especially with end-point devices.” (Source: Health IT Security)
  • Tips for Detecting Ransomware and Other Malware Before It Cripples Your Network. “Cybercriminals might be trying to crack through a healthcare organization’s outer defenses, or, they may already be inside an organization’s network. Either way, the horror they can wreak upon a healthcare organization is considerable, including not just holding data hostage but bringing patient care to a standstill.” (Source: Healthcare IT News)
  • Criminals in the Cloud: How Malware-as-a-Service is Becoming the Tool of Choice for Crooks. “Everyone is working to a cloud business model now — even virus writers. Rather than turning a profit just once by selling a security exploit as a one-off, authors of malicious software are now selling malware as a cloud-based service. This means they make money each time someone pays to use or rent one of the products, according to researchers.” (Source: ZDNet)
  • Malware Attacks More Frequent, Harder To Fight. “The frequency and severity of malware attacks has increased ‘dramatically’ since 2011, according to an April 19 State of the Endpoint Report from the Ponemon Institute, sponsored by CounterTack, a company that provides endpoint detection and response technology for enterprises.” (Source: Information Week)
  • How Hackers Have Honed Their Attacks. “A triad of vendor reports released this week contained some mixed news for enterprises on the evolving threat landscape and how organizations are responding to the resulting challenges. On the one hand the reports showed that attackers are getting better at bypassing enterprise defenses and breaching networks. But their ability to do damage after breaking in appears to be getting limited as the result of increasingly better detection and response capabilities.” (Source: Dark Reading)
  • How Best To Back Up Your Data In Case Of A Ransomware Attack. “The recent surge in ransomware attacks against hospitals and other organizations has added a new sense of urgency to already-increasing security worries for small- to midsized businesses (SMBs) and consumers over how to protect their data from cyberattacks.” (Source: Dark Reading)

Safe surfing, everyone!

The Malwarebytes Labs Team