A Week in Security (Apr 05 - 11)

A Week in Security (Jul 05 – Jul 11)

Last week, we took a crack at the hacking incident that happened with the Hacking Team, an IT  company based in Italy whose primary clients are governments and law enforcement agencies. Below are direct links to the posts we pushed out in light of the company’s breach:

We also touched on a purported Steam keygen video that leads to the download of PUPs, a malvertising campaign with a twist, and—for our first “PUP Friday” post for the month—a program that claims to improve your PC’s speed.

Notable news stories and security related happenings:

  • Meet the Most Successful Malware on Google Play: Nearly 1M Users in 4 Months. “The holder of this dubious honor is a malware called “Cowboy Adventure”. It is a simple game made utilizing the popular 2D game engine “Platformer 2D”.  After careful analysis our team found a devious and scary reason behind its user growth.” (Source: Trustlook News)
  • Malware as a Service – Cyber Crime’s New Industry. “Organised criminal gangs (OCGs) are increasingly using software services of the type more usually associated with legitimate corporations to grow their operations. By offering ‘malware as a service’, OCGs are employing business models similar to those developed by legitimate companies in order to extend their global reach.” (Source: IT Pro Portal)
  • Nearly 5,000 New Android Malware Strains are Discovered Everyday. “New data from analytics firm G DATA is painting a disturbing picture. Its Q1 2015 Mobile Malware report suggests that nearly a half a million new malware strains were discovered in the first 3 months of this year. That’s a new case of Android malware every 18 seconds, or around 5,000 a day.” (Source: TechSpot)
  • Ad Fraud Malware Updating Flash on Infected PCs. “This technique is not something unique to ad fraud malware. Attackers have been known to patch the vulnerabilities they exploited to get on to a given machine as a way to keep other hackers out and some malware strains have been seen doing this, too.” (Source: Kaspersky’s ThreatPost)
  • Poor Security at JPS Preceded Cyber-Attack. “An investigation into the recent unauthorized access of personal information from the Japan Pension Service found that 99 percent of the files accessed were not protected by passwords, sources said.” (Source: The Japan News)
  • Android Malware Masquerades as Nintendo Game Emulator. “Palo Alto Networks found three variants of the malware, which it calls Gunpoder, masquerading as emulator applications used to play Nintendo games. Gunpoder apps can do a variety of invasive actions, including collecting bookmarks and browser histories, sending itself to other people over SMS, showing fraudulent advertisements and executing other code.” (Source: CSO Online)
  • Meet the Hackers Who Break into Microsoft and Apple to Steal Insider Info. “Alternately known as Morpho and Wild Neutron, the group has been active since at least 2011, penetrating companies in the technology, pharmaceutical, investment, and healthcare industries, as well as law firms and firms involved in corporate mergers and acquisitions.” (Source: Ars Technica)
  • The Rise Of Social Media Botnets. “In the social Internet, building a legion of interconnected bots — all accessible from a single computer — is quicker and easier than ever before.” (Source: Dark Reading)
  • Did Hackers Remotely Execute ‘Unexplained’ Commands on German Patriot Missile Battery? “There’s a gigantic difference between something being hackable and that something actually being hacked – especially when talking about hackers taking over weapon systems such as Patriot anti-aircraft missile defense batteries.” (Source: Computer World)
  • “Internet Capacity Warning” Phishing Scam Aims to Steal Your Login Details. “Internet users are receiving an email that claims to be sent from the “Information technology Services’ Support Department.” It informs users that their internet capacity has reached 70% and, therefore, they need to contact support department to avoid problems.” (Source: HackRead)
  • DDoS Ransom Notes: Why Paying Up Will Get You Nowhere. “DDoS attacks may stem from ideological or political differences, and in some instances they can even be equated with a hate crime when certain groups are targeted. The other main causes of DDoS attacks essentially come down to script kiddies being script kiddies.” (Source: Information Age)

Safe surfing, everyone!

The Malwarebytes Labs Team