A Week in Security (Apr 05 - 11)

A Week in Security (Mar 08 – 14)

Last week, our Malwarebytes researchers talked about a very timely spam, a fake phishing attempt to steal Steam credentials, a scam that used to plague Facebook, and a yet compromised website.

After Apple introduced their latest wearable tech on March 9, Twitter users may have received tweets to a spammy account, telling them that they have to visit a certain site in order to get a chance to win an Apple Watch. Security Researcher Chris Boyd discussed more about the scam here.

Boyd also found Twitter scam posts enticing users to “See Who Visits Your Profile”, a scam that was once found on other social network platforms like Facebook and Tumblr.

Speaking of Facebook, Senior Security Researcher Jérôme Segura found a worm originating from a post enticing users to view a titillating “school scandal” photos. He also found that Jamie Oliver’s official website was still compromised, only that time it was serving digitally signed malware, not exploits.

Steam phishers found an indirect approach to getting users to give up their credentials: a fake CS:GO Lounge.

Notable news stories and security related happenings:

  • Ransomware uses Help files. “According to researchers from Bitdefender Labs, hackers have resorted to a less “fashionable,” yet highly effective trick to automatically execute malware on a victim’s machine and encrypt its contents – malicious .chm attachments.” (Source: IT Security Guru)
  • Seagate Confirms NAS Zero Day, Won’t Patch Until May. “Seagate said that after analyzing the vulnerability, it has determined the zero-day to be low risk because it affects only those customers to expose the NAS boxes to the Internet.” (Source: ThreatPost)
  • Busted scammer resorts to death threats. “The call grew homicidal after Dulisse accused the scammer of trying to install malware on his computer that would steal banking information, passwords, and PayPal credentials.” (Source: Sophos’ Naked Security Blog)
  • Malware Snoops Through Your Home Network. “We recently came across one malware, detected as TROJ_VICEPASS.A, which pretends to be an Adobe Flash update. Once executed, it attempts to connect to the home router to search for connected devices. It then tries to log in to the devices to get information. Should it be successful, it will send the information to a command-and-control (C&C) server and deletes itself from the computer.” (Source: Trend Micro Security Intelligence Blog)
  • Email Spoofing Flaw Found in Google Admin Console. “Patrik Fehrenbach and Behrouz Sadeghipour said they noticed last month that they could use the Google Admin console, which allows administrators to manage their organization’s Google Apps account, to gain temporary ownership of any domain that wasn’t previously claimed.” (Source: Security Week)
  • Tool allows account hijacking on sites that use Facebook Login. “The tool, dubbed Reconnect, was released last week by Egor Homakov, a researcher with security firm Sakurity. It takes advantage of a cross-site request forgery (CSRF) issue in Facebook Login, the service that allows users to log in on third-party sites using their Facebook accounts.” (Source: Computer World)
  • Beware of fake invites for WhatsApp’s Free Voice Calling feature! “Fake WhatsApp invites are actively luring users to sites where they are urged to fill out surveys and download unknown applications, warns The Hacker News’ Mohit Kumar.” (Source: Help Net Security)
  • Kaspersky reveals CAPTCHA-tricking Podec Trojan. “The Podec malware automatically forwards CAPTCHA requests to a real-time online human translation service, Antigate.com, which converts the image to text, and relays that data back to the malware code within seconds, convincing the verification system that it is a person.” (Source: ZDNet)

Safe surfing, everyone!

The Malwarebytes Labs Team