Here’s a review of last week’s posts on Malwarebytes Unpacked*:
- DotA 2 Phishing Page Offers Up Treasure Keys and Rare Items (Fraud/Scam Alert) A scam targeting DotA 2 players mentioned on Steam forum threads. It entices gamers with online rewards, such as keys and rare drop items, in exchange for their Yahoo! and Steam credentials.
- Don’t Shake the Valve (Online Security) One game developer was ignored by Valve after reporting a potentially dangerous bug he found in Steam's Community Announcements. What he did next? He gave the company a demo by exploiting the said bug.
- "Huge Snake Eats Man Alive!" Video Scam Spreads on Facebook (Fraud/Scam Alert) After the absence of snake clips on Facebook for several months, scammers were at it again. Notably, their tactics remained the same.
- One VPN To Rule Them All! (Hacked and Unpacked) Jean Taggart, one of our senior security researchers, posted this blog to inform readers about VPNs, specifics on how to set one up, and his router of choice.
- Fake EA Instagram Account Has World Cup Fever (Fraud/Scam Alert) Here's another fake EA scam, but this time, it's on a different online social network platform: Instagram.
- Fake Cloud Storage Mails Lead to Canadian Pharmacy Sites (Fraud/Scam Alert) Links to Canadian Pharmacy sites, or Fake Pharma, were found last week to be distributed via email spam, claiming that images have been uploaded to certain cloud content management services.
- Gear to Block ‘Juice Jacking’ on Your Mobile. "Juice jacking" assumed its place as a real, valid threat on one's security, alongside online dangers like malware and spam, in 2011 at DefCon. Since then, products were created to prevent juice jacking from happening. (Source: Krebs on Security)
- iOS and Android Equally Vulnerable to Security Risks. Regardless of whether users think that iOS or Android is the most secure mobile OS, a recent study by our friends at Marble Security revealed that both are actually insecure. (Source: Softpedia)
- Hackers Using DDoS to Distract Infosec Staff. Reports of DDoS attacks are not uncommon these days. However, Neustar, a DDoS mitigation service provider, claimed that such attacks is just the smokescreen for a larger, more malicious scheme at work. (Source: eSecurity Planet)
- Companies warned of major security flaw in Google Play apps. Researchers at Columbia University have stumbled upon a trove of authentication keys secretly installed in apps after using an in-house tool called PlayDrone, which was created to index and analyse apps on Google Play. (Source: CSO)
- Cybercriminals Zero In on a Lucrative New Target: Hedge Funds. "Computer security experts say hedge funds, with their vast pools of money and opaque nature, have become perfect targets for sophisticated cybercriminals." (Source: New York Times: Bits Blog)
The Malwarebytes Labs Team