Last Tuesday, March 31, was World Backup Day. On its third year, Senior Security Researcher Chris Boyd reminded us to put safety first.
Security Researcher Jovi Umawing wrote about a malware campaign targeting Steam gamers, which was first brought to the Labs attention on the Malwarebytes Forums.
After adult website Xtube had been compromised, Senior Security Researcher Joshua Cannell discovered further and analyzed the exploit’s payload. You can read more about his findings here.
Lastly, Malwarebytes classified Dell System Detect, a very popular yet vulnerable application, as a PUP.
Notable news stories and security related happenings:
- How Much Do Data Breaches Cost Big Companies? Shockingly Little. “From Sony to Target, big companies that were hacked felt barely a dent to their bottom line, an analysis reveals.” (Source: Fortune dot Com)
- British Airways Executive Club Members Warned of Hacked Accounts. “Members of British Airways Executive Club are reporting that their accounts appear to have been hacked, and emptied of their Avios reward points.” (Source: Graham Cluley’s Blog)
- Puush Accidentally Infects Windows Users with Password-stealing Malware. “Puush describes itself as a ‘quick and simple way to share screenshots’. Unfortunately, it also seems to be a quick and simple way to infect your Windows computer with malware, that might steal your passwords.” (Source: Hot for Security)
- Symantec Says Malware Could Be Inflating Twitch Viewership. “In a botnet, connected PCs are used to perform a single task. They have legitimate functions, but they can also hijack an unwitting PC via malware. Symantec has identified one botnet developed to target Twitch, called Trojan.Inflabot.” (Source: Game Informer)
- Dark Web vendors offer up “thousands” of Uber logins starting at $1 each. “Two vendors on a relatively new Dark Web marketplace are selling active Uber usernames and passwords.” (Source: Ars Technica)
- Ad Networks Ripe for Abuse via Malvertising. “Dark corners of the Internet harbor trouble. They’re supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors?” (Source: ThreatPost)
- Security Attacks via Malicious QR Codes. “With the scan of a QR code, we can perform various tasks which would otherwise need a lot more effort. For example, scan a QR code and save the business card details in your smartphone. This is why people like to use QR code scanning for general tasks. But most users are not aware that QR codes can also be malicious. This is why scammers are now using malicious QR codes for tricking users.” (Source: InfoSec Institute)
- Google Ad Injectors Affect 1 In 20 Visitors. “About 5% of Google visitors have at least one ad injector installed, according to the company.” (Source: Information Week)
- Researchers Warn of “Disappearing Malware”. “Researchers believe cyber criminals are using this to target computers at banks, global enterprises and Governments. Unlike other security threats, the ‘disappearing malware’ puts a virtual cloak on machines which then renders them completely invisible to the human eye.” (Source: IT Security Guru)
Safe surfing, everyone!
The Malwarebytes Labs Team