Weekly News Digest #62

Users may see their passwords stolen by a “silent threat” delivered by stealthy malware

A new JavaScript downloader is used by cybercriminals to distribute 8 kinds of remote access Trojan malware and information-stealing malware. The key purpose of this malicious activity is to gain backdoor control of infected Windows systems and steal sensitive information such as usernames and passwords. The cybersecurity researchers from the company HP Wolf Security dubbed the downloader RATDispenser. 

The entry point in this attack is a phishing email. This email contains the malicious file by downloading which a victim installs RATDispenser malware. The malicious intent is hidden by obfuscating the initial JavaScript download with the aid of long strings of code. As a result, malicious activities remain undetected. After installation, the malware distributes various malware including trojans, keyloggers, and information stealers.

Read more

Black Friday. Be aware of these phishing threats and holiday scams

The FBI has issued warnings about online-shopping scams and phishing attackers who try to steal online credentials using big brands. Consumers should be cautious of deals that seem to be too good to be true in social media channels, in email, or on websites. Also, malicious actors can try to steal consumers’ sensitive data through online surveys. FBI strongly recommends consumers to buy goods on https websites and check whether there is the company’s domain in its email address. 

The FBI also recommends consumers to buy goods online using credit cards dedicated only for online purchases. When using online accounts, users should never save payment information. Consumers should never use public W-Fi for online purchases and check whether they interact with a reliable seller. In case a consumer becomes a victim of fraud or scam, he/she needs to report the incident to the FBI. 

Read more

Malicious actors earned $9 mln in October through YouTube Live crypto scams

Malicious actors make huge money by promoting fake cryptocurrency giveaways on social media channels. Social media users should be aware of scams involving popular cryptocurrencies such as Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu, etc. To legitimate fake giveaways, scammers are actively using footage from public figures known in the world of crypto. Scammers exploit such famous crypto leaders as Michael Saylor, chairman and CEO of MicroStrategy, Vitalik Buterin, Ethereum co-founder, Elon Musk, CEO of Tesla and SpaceX, and other public figures.

The most profitable malicious activity is Bitcoin scams bringing malicious actors $1.6 mln per scam that is followed by Ethereum scams bringing scammers on average $80K per scam. Malicious actors realize that users are likely to trust influential individuals. That is why they actively produce fake videos featuring known crypto leaders. The main objective of these scam campaigns is to trick users to go to external websites offering them to double their cryptocurrencies. 

Read more 

Mobile device hacking group bust by Ukrainian cops

Ukrainian investigators have arrested the prolific mobile hacking group that used to target victims through Apple and Samsung phishing sites. Five members of the so-called “Phoenix” group were arrested. Hackers were tricking users to open their phishing sites and download apps there. Victims were unwittingly giving hackers remote access to their devices. As a result, hackers could withdraw funds from citizens’ accounts and sell information about their private lives to third parties. The cost of unauthorized access to the account of a mobile phone owner was $200.

Also, the members of the gang were making money by unlocking stolen and lost Apple gadgets. After that, they were selling these devices through the network of stores in Kyiv and Kharkiv. The gang was active for more than 2 years and hundreds of individuals have fallen victim to the “Phoenix” group. 

Read more

Hacked cloud accounts are used by cryptocurrency miners, Google has issued a special warning

Google’s cybersecurity action team has issued a report containing details of the mining hack. The report spots threats against Google cloud service – remote storage allowing customers to store data and files off-site. The report also contains advice on how to tackle these threats. The list of other threats identified by the team in “threat horizon” includes attempts made by Russian hackers to gain users’ passwords by warning that government-backed attackers are targeting them; the use of heavy encryption in ransomware attacks; North Korean hackers impersonating Samsung job recruiters.

Google has reported 50 hacks of its cloud service that have taken place recently. Among these hacks, more than 80% were used to perform cryptocurrency mining. It’s a cloud resource-intensive for-profit activity. In most cases, the crypto mining software was downloaded within 22 seconds after the compromise of the account. Attackers succeeded in their malicious activities due to poor customer security and vulnerable third-party software. 
Read more