Hackers have launched a new phishing campaign against LinkedIn members that uses compromised LinkedIn accounts to send messages with malicious links and downloads to potential victims in an attempt to steal credentials and personal information.
The campaign, first spotted by security researchers at cybersecurity firm Malwarebtyes, makes use of real LinkedIn accounts that have been compromised in order to make the phishing messages sent via LinkedIn’s messaging system appear legitimate. According to Malwarebytes researchers, the attackers have managed to hijack a number of LinkedIn member accounts.Read more
The Emotet trojan is back, this time spreading via Spam bots. Trend Micro researchers first spotted the banking malware using network sniffing to steal data back in 2014 and recently spotted an increase in activity in August 2017 coming from new variants that all had the potential to unleash different types of payloads.
The latest versions were spotted and each had the potential to drop different malicious payloads. Researchers attributed the malware's resurfacing to two main possible reasons first, the authors behind the attacks may be targeting new regions and because and second, because the new variants are using multiple ways to spread.Read more
Vendors relying on Mastercard’s Internet Gateway Service for processing online payments ought to double-check every transaction before they send out items to customers.
There is a critical flaw in the system’s validation protocol and it appears the company is completely ignoring it. Independent security researcher has stumbled upon a glaring flaw in the MIGS protocol that allows hackers to spoof the payment system and trick merchants into accepting invalid transactions as successful. “It can be said that this is a MIGS client bug, but the hashing method chosen by Mastercard allows this to happen,” the researcher explains.Read more
Security researchers have discovered a new targeted email campaign that uses fake Game of Thrones Season 7 spoilers and video clips to lure curious fans and spread malicious malware. Security firm Proofpoint first came across an email on 10 August with a subject line that reads: "Wanna see the Game of Thrones in advance?"
The email features some details of upcoming episodes along with a malware-laced Microsoft Word attachment titled "game of thrones preview.docx" that purportedly lists potential GoT spoilers. Once downloaded and run, the "preview" executes a malicious PowerShell script that installs a diskless "9002" remote access Trojan that has previously been used by Deputy Dog.Read more
A ransomware development kit that doesn't require any coding skills to use is being sold on underground forums. Now, all wannabe cybercriminals need to build their own file-locking malware is an Android phone.
Downloadable from hacking discussion boards for free, the Trojan Development Kit app comes with an easy to use interface that allows criminals to quickly create their own ransomware, according to the researchers. "The entire process of creating a ready-to-use piece of malware is done on a smartphone without any requirement to write a single line of code," said Dinesh Venkatesan, principal threat analysis engineer at Symantec.Read more
If you came across any Facebook message with a video link sent by anyone, even your friend — just don’t click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software.
Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link. The attackers make use of social engineering to trick users into clicking the video link.Read more
The ICO hackers are at it again. Enigma, a de-centralized platform that’s preparing to raise money via a crypto token sale, had its website and a number of social accounts compromised with the perpetrators netting nearly $500,000 in digital coin by sending out spam.
Enigma, which was started by a group of MIT graduates, did not lose any money from the attack. Whoever orchestrated it grabbed money from the Enigma community, people who joined the company’s mailing list or Slack group of over 9,000 users to learn more about its ICO in September. The hacker posted Slack messages.Read more
It appears that the hackers behind the WannaCry ransomware may be back at work. LG's service centers in South Korea were reportedly hit by a ransomware attack earlier in the week, with authorities revealing that the ransomware's malicious code was "identical" to WannaCry.
Users of LG's South Korean self-service kiosks were reportedly experiencing issues accessing the service. The issue was then reported by LG to the state-run Korea Internet and Security Agency, who confirmed the ransomware attack. "More investigation is still needed to determine the exact cause," KISA said in a statement, the Korea Herald reported.Read more
Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates.
The most recent case happened Wednesday to Chris Pederick, creator of the Web Developer extension. Last Friday, developers of Copyfish, a browser extension that performs optical character recognition, also had their account hijacked. In both cases, the attackers used the unauthorized access to publish fraudulent updates that by default are automatically pushed to all Chrome users who have the extensions installed.Read more
The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks.
IBM X-Force and Flashpoint both recently spotted new Trickbot activity. According to the researchers, spam campaigns have been active over the past several months, with the latest Trickbot attack reported earlier this week. While Flashpoint focused on the U.S. as targets, IBM focused on the redirection attacks used to steal login details, personally identifiable information and financial authentication codes.Read more