Here’s a review of last week’s posts on Malwarebytes Unpacked:
- Fake Evernote Extension Serves Advertisements (Malware Analysis) Security researcher Joshua Cannell gave us a break down of a fake Evernote Google Chrome browser extension. This potentially unwanted program (PUP) displays advertisements in context to what the user is currently browsing. We believe that such ads may lead to the download of other PUPs.
- Blackphone, privacy centric device (Hacked and Unpacked) In this post, security researcher Jean Taggart discussed his first-hand experience with the Blackphone, the mobile phone that promises private and secure communication for its users.
- Def Con 22 (Conferences) Security researcher Andrew Brown narrated his experiences while attending DEF CON, a prestigious yearly conference forever held in Las Vegas, from the 7th of August to the 10th.
- Tech Support scammers rip big brand security software with fake warnings (Fraud/Scam Alert) Senior security researcher Jérôme Segura came out with another fraud / scam writeup about fake tech support scammers. He revealed fake pages of popular antivirus brands, including Malwarebytes, and the creators of these fake download files.
- The Price of FREE! (Online Security) We found a number of popular online brands offering free services—Ticketbud, Goodsie, Soup, and FruitNotes among others—becoming an unlikely launchpad to spammy content. The nature of the contents were captured in screenshots and presented for each website service.
- Ebola fear used as bait, leads to malware infection. Several email campaigns, two of which were aimed to install malware while the third was aimed to phish, were found banking on the Ebola epidemic happening in West Africa to get the attention of recipients, enabling them to open potentially dangerous attachments or click links. (Source: Deccan Chronicle)
- Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death. After the Patch Tuesday release last August 11, numerous Windows users reported encountering the Blue Screen of Death (BSoD) after patch install. This error appeared due to the OS's incorrect handling of a font cache file that is loaded every boot-up. (Source: Sophos Naked Security Blog)
- Nuke Regulator Hacked by Suspected Foreign Powers. "The phishing emails baited personnel by asking them to verify their user accounts by clicking a link and logging in. The link really took victims to 'a cloud-based Google spreadsheet.'" (Source: Nextgov)
- Cybercriminals Embark on Bitcoin Phishing Expedition. Our friends at Proofpoint found and detected thousands of email phishing campaigns targeting Bitcoin users; however, they also revealed that the campaigns were sent to non-Bitcoin users, as well. (Source: Security Week)
- Malaysian investigators 'hacked' for confidential MH370 records. Systems used by high-ranking officials involved in the search of Malaysian Airlines flight MH370 were found to be hacked by hackers in China using APT-class tactics. They reportedly stole confidential information regarding the plane. (Source: SC Magazine)
- AdThief iOS Malware Infects 75,000 iPhones. "The malware, also known as Spad, works by hijacking advertising revenues and redirecting them to the attacker, according to a lengthy Virus Bulletin study by Fortinet researcher, Axelle Apvrille." (Source: InfoSecurity)
- Mobile apps could be abused to make expensive phone calls. This is particularly true for apps that were not configured or programmed properly to display a warning before proceeding with the call. Possible apps can be exploited to do this are Facebook's Messenger and Google's +. (Source: CSO Online)
The Malwarebytes Labs Team