A Week in Security (April 13 – 19)

A Week in Security (April 13 – 19)

Today, we look back and review last week’s posts here on Malwarebytes Unpacked and other noteworthy news:

  • “Invitation to the Great Illuminati” Spam Mail (Fraud/Scam Alert) Illuminati-themed spam campaign was plaguing inboxes early last week. The emails bearing the subject “INVITATION TO THE GREAT ILLUMINATI” was found to be another variant of the 419 scam, which has been around since time immemorial.
  • Apple ID Phish Goes Horribly Wrong (Fraud/Scam Alert) One of our security researchers found a bogus email that purported to originate from Apple and seemingly did its very best to look like it is actually dangerous.
  • Phishers Lure WoW Players with an Irresistible Offer (Fraud/Scam Alert) World of Warcraft spam phishing campaigns are not new; however, with all the excitement surrounding the MMORPG’s new expansion set, Warlords of Draenor, scammers were intent on luring gamers with free game keys.
  • Netflix-themed tech support scam comes back with more copycats (Fraud/Scam Alert) Jérôme Segura, one of our senior security researchers, found an elaborate scam using phishing and tech support methodologies that target Netflix users in February of this year. A similar campaign was spotted last week, with scammers also going after AOL, Pogo, and Comcast users, too. Live chats were now made part of the overall tactic.
  • Fake CNN Twitter sent users to diet spam and installs (Fraud/Scam Alert) Twitter becomes a more dangerous place for would-be victims when someone takes a compromised account, turns it into a fake account with a trusted brand, and then starts posting tweets about “helpful diets” to potentially unwanted programs (PUPs).
  • Another Game Company Encourages a Bad Email Habit (Security Threat) We applaud GearBox Software for proactively informing their gaming community to change their passwords following Amazon’s announcement that some of its services are vulnerable to Heartbleed. Unfortunately, how they did this trains the user to trust links in emails.
  • Phishers Bypass Steam Guard Protection (Fraud/Scam Alert) A one-of-a-kind phishing campaign that asks Steam users to hand over their SSFN file. Of course, once scammers get a hold of this file, they can login to user accounts.

Top security news:

  • LaCie admits to year-long credit card breach. A year after the breach started, the French hardware company LaCie comes clean, adding that information about users who have been shopping in their website from a year ago are highly at risk of fraud. (Source: CNet)
  • Malaysia Airlines mystery giving rise to hacker attacks. Online criminals have been riding the news wave regarding MH370, the airline that is missing for a month now. The curious and the click-happy are always potential targets of these hackers. (Source: CBC News)
  • Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too. Keys produced by OpenVPN, a popular virtual private network application, can be exposed by the Heartbleed bug if the bad guys decide to target it. Perhaps the only good take away here is that the exploit capable of stealing keys aren’t easy to develop, according to Fredrik Strömberg, an operator of a VPN service in Sweden. (Source: Ars Technica)
  • German researchers hack Galaxy S5 fingerprint login. They used the exact fingerprint mold that tricked Apple’s Touch ID, an added security feature to iPhone 5 smartphones, to test Samsung’s new biometric login. (Source: CSO)
  • Facebook Webinject Leads to iBanking Mobile Bot. “iBanking is a malicious Android application that when installed on a mobile  phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone.” (Source: ESET We Live Security Blog)
  • Phishers set up sites on residential broadband hosts. Now bolder and more creative, scammers have found a way to infiltrate enabled RDPs (Remote Desktop Protocol) installed on home computers in order to host their phishing pages. (Source: PhishLabs Blog)

Stay secure, everyone!

The Malwarebytes Labs Team