A Week in Security (Sept 07 – 13)

Here’s a review of last week’s posts on Malwarebytes Unpacked:

Twitter Phishing Spamrun: “Strange Rumors About You” (Fraud/Scam Alert) The latest batch of Twitter phishing campaign was spotted by an independent researcher early last week and notified our own researchers about it. Security Researcher Chris Boyd found that bots and compromised Twitter accounts were used to lead users to a site hosted on Tumblr.
‘Dyre’ malware goes after Salesforce users (Cyber-crime) Senior Security Researcher Jérôme Segura found out that the ‘Dyre’ malware, once used to target and steal banking credentials, were now being used to gather credentials from users of Salesforce, a known software company.
Massive “Gmail Credentials” Dump Posted Online (Cyber-crime) Last week, news of Gmail credentials getting leaked hit the internet, with users ending up on a panic. It was found out later on that the dumped data have originated from multiple sources, not by a breach from Google’s systems.
Popular Japanese blog platform affected by malicious redirections (Exploits) One of the blog subdomains hosted on Ameba was directing users to a location where drive-by downloads of several exploits, particularly IE, Flash, and Silverlight, occurs to the system visiting the page. Users who haven’t updated their software and without ample AV protection may not realize this system compromise.
Household Improvement Emails Come with Zbot Malware (Fraud/Scam Alert) Scammers were found pretending to be M & M, a business entity that is into kitchen appliances. Spam were sent to inboxes containing a ZIP-compressed file that is purportedly an invoice; however, it was actually a variant of the ZeuS malware family of banking Trojans.
Phishers pose as Cloudhashing to steal your Bitcoins (Fraud/Scam Alert) Senior Security Researcher Jérôme Segura revealed a recent phishing campaign targeting users of Cloudhashing, a bitcoin mining company. It is similar to the fake M & M invoice mail, only in this case, the attached file was a Java applet (.JAR).

Top news stories:

MH17 plane crash victims exploited by cold-hearted scammers. Researchers from our friends at ESET found a 419 scam that was banking on the perished of Malaysian Airlines flight MH17. As the author of that post noted, “it only requires one person to fool for the scam for it to be worthwhile to the fraudsters, who have typically spammed it out to thousands.” (Source: ESET’s We Live Security)
Uncovering Malicious Browser Extensions in Chrome Web Store. Our friends at Trend Micro revealed seeing malicious browser extensions being hosted on Google Play, a proof that the browser giant’s security tactics can be bypassed, eventually allowing the install of rogue browser extensions. They also placed a step-by-step illustration of how an attack can potentially happen to affected systems and signs of what rogue extensions may look like. (Source: Trend Micro’s Security Intelligence Blog)
Yahoo, Amazon and YouTube Hit By Malvertising Campaign. The names “Kyle and Stan” popped up in the security community last week, thanks to its involvement in a recent campaign of malicious ads being spouted from well-known, high-traffic domains. Pages serving these infected ads leads users to a page based on their OS and then to a final page where malware is then downloaded. (Source: Inforsecurity Magazine)
Phishing miscreants Thwart Securo-sleuths with AES-256 crypto. “Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites.” (Source: The Register)
Researchers find data leaks in Instagram, Grindr, OoVoo and more. Researchers at the University of New Haven found several problems with Vine, Nimbuzz, OoVoo, Voxer and several other Android apps in the way they handled data storage. Images and videos were stored on Web sites unencrypted; chat logs and even passwords were being sent over the wire in plaintext. (Source: Cnet)
Home Depot Hit By Same Malware as Target. Following the breach on Target and the many issues surrounding it, Home Depot was the latest to be victimized by hackers. Initial findings reveal that the culprit was “BlackPOS”, the same malware used during the Target breaching. Different sources suggest that it may be an entirely new point-of-sale (POS) malware. (Source: KrebsOnSecurity)