If you came across any Facebook message with a video link sent by anyone, even your friend — just don’t click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software.
Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link. The attackers make use of social engineering to trick users into clicking the video link.Read more
The ICO hackers are at it again. Enigma, a de-centralized platform that’s preparing to raise money via a crypto token sale, had its website and a number of social accounts compromised with the perpetrators netting nearly $500,000 in digital coin by sending out spam.
Enigma, which was started by a group of MIT graduates, did not lose any money from the attack. Whoever orchestrated it grabbed money from the Enigma community, people who joined the company’s mailing list or Slack group of over 9,000 users to learn more about its ICO in September. The hacker posted Slack messages.Read more
It appears that the hackers behind the WannaCry ransomware may be back at work. LG's service centers in South Korea were reportedly hit by a ransomware attack earlier in the week, with authorities revealing that the ransomware's malicious code was "identical" to WannaCry.
Users of LG's South Korean self-service kiosks were reportedly experiencing issues accessing the service. The issue was then reported by LG to the state-run Korea Internet and Security Agency, who confirmed the ransomware attack. "More investigation is still needed to determine the exact cause," KISA said in a statement, the Korea Herald reported.Read more
Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates.
The most recent case happened Wednesday to Chris Pederick, creator of the Web Developer extension. Last Friday, developers of Copyfish, a browser extension that performs optical character recognition, also had their account hijacked. In both cases, the attackers used the unauthorized access to publish fraudulent updates that by default are automatically pushed to all Chrome users who have the extensions installed.Read more
The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks.
IBM X-Force and Flashpoint both recently spotted new Trickbot activity. According to the researchers, spam campaigns have been active over the past several months, with the latest Trickbot attack reported earlier this week. While Flashpoint focused on the U.S. as targets, IBM focused on the redirection attacks used to steal login details, personally identifiable information and financial authentication codes.Read more
A massive botnet that remained under the radar for the past five years managed to infect around half a million computers and allows operators to “execute anything on the infected host,” ESET researchers warn.
Dubbed Stantinko, the botnet has powered a massive adware campaign active since 2012, mainly targeting Russia and Ukraine, but remained hidden courtesy of code encryption and the ability to rapidly adapt to avoid detection by anti-malware solutions. Targeting users looking for pirated software, the actors behind the malware use an app called FileTour as the initial infection vector. The program installs a variety of programs on the victim’s machine.Read more
A form of Android ransomware which threatens to send the victim's private information and web history to all of their contacts has been discovered in the official Google Play app store.
LeakerLocker doesn't actually encrypt the victims' files, but instead claims to have made a backup of data stored on the device and threatens to share it with all of the user's phone and email contacts. Those behind the malware demand $50 in exchange for not leaking personal data including photos, Facebook messages, web history, emails, location history and more, playing on fears of potential embarrassment rather than any form of cryptography.Read more
A strand of malware designed to hit machines running MacOS is being used in a scheme to target customers at Swiss banks in an attempt to gain access to their accounts.
The malware, discovered by security firm TrendMicro and dubbed OSX_DOK, is a variant of another form of malware used during an ongoing assault on patrons of Swiss banks, where a number of security vulnerabilities have been targeted by attackers. OSX_DOK arrives on a victim’s machine as part of a phishing scheme. It is delivered via email alongside a compromised .zip or .docx file that purports to be either a Mac app or a Microsoft Word document.Read more
This CopyCat's got claws. A new strain of a malware called CopyCat has infected more than 14 million Android devices around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue, researchers at Check Point said Thursday.
While the majority of victims are in Asia, more than 280,000 Android devices in the US were hit by the massive hack. Google had been tracking the malware for the last two years and has updated Play Protect to block CopyCat, but millions of victims are getting hit through third-party app downloads and phishing attacks. There was no evidence that CopyCat was distributed on Google Play.Read more
Hackers are calling MPs and trying to trick them into revealing their personal parliamentary details. Politicians and aides have been warned that hackers are posing as parliamentary officials asking for their passwords.
The warning comes after Parliament suffered its biggest ever cyber attack as hackers launched a "sustained and determined" attempt to break into emails. Parliament was forced to lock MPs out of their accounts. Parliamentary officials have said that hackers are still attempting to gain access. The message sent to MPs and staff warned: "This afternoon we've heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.Read more