Here’s a review of last week’s posts on Malwarebytes Unpacked*:
- Heroes of the Storm Beta Keygen: A Wizard Did It (Fraud/Scam Alert) Malware Intelligence Analyst Chris Boyd imparts a warning to gamers excited over the upcoming game, Heroes of the Storm, as it may be a good lure for scammers to do a sleight of hand on unwary users.
- "FIFA Survey Rewards" Mail in Circulation (Online Security) Survey scammers were found on the prowl again just as the World Cup was nearing its concluding match.
- A bit of company news… (Malwarebytes News) An update from Malwarebytes CEO regarding funding and the company's ever brightening future.
- Are these Free Movies the Reel Deal? (Online Security) Boyd spotlighted on purported free movie streaming sites, posing the question that, depending on your answer, may or may not lead to potential online threats.
- A cunning way to deliver malware (Malvertising) Senior Threat Researcher Jérôme Segura tackled PUPs, its tactics, and how the criminals behind them can use them to direct users to exploits.
- Researchers Find Vulnerability in Internal PayPal Portal. It was found out after the CEO of a security company in Germany injected code into his own PayPal profile which got executed when someone accessed it. (Source: Security Week)
- The Rise of Thin, Mini and Insert Skimmers. Brian Krebs profiled several miniaturized fraud devices that were found from compromised ATMs in Europe. (Source: Krebs on Security)
- "Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al. A new, proof-of-concept malware called Rosetta Flash created by a researcher from Google utilized the combined features of JSONP and Adobe Flash in order to exploit systems successfully. (Source: Ars Technica)
- Studies show a car’s computer system vulnerable to hacking. Reports from various media outlets, which include Scientific American, Car and Driver, Discovery Magazine, and Technology Review led to this very conclusion. (Source: Digital Journal)
- Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners. Handheld inventory scanners manufactured in China were found to be deliberately infected with malware in order to steal information. The campaign was dubbed ZombieZero. (Source: Dark Reading)
- Android Data Wipe Leaves Personal Data. Our friends at Avast Software confirmed that data like photos, emails, and chat logs can still be retained even after using the factory reset tool. (Source: Information Week)
- Campaign targeting user credentials discovered after five years. Nighthunter, the name given to the campaign that collected user names and passwords undetected until recently, was found to have no specific target in sight. It could be any company from every and all industries. (Source: CSO)
The Malwarebytes Labs Team