A Week in Security (Apr 05 - 11)

A Week in Security (Aug 30 – Sep 05)

Last week, we talked about a fake Android rooting tool, a supposedly unlimited offer of games that eventually ended in frustration, and an adware that does it very best to stay undetected. One of our experts also offered their insight regarding a book entitled “Dot Con” and how conning the con man can lead to more trouble and less fun.

Thomas Reed, the Labs’s Mac security expert, documented a newer variant of the adware installer that is taking advantage of the DYLD_PRINT_TO_FILE vulnerability in OS X, which we disclosed in early August. Although this latest adware is essentially similar to the one found before, it also installs a Genieo Safari extension by mounting a disk image and automatically allowing it access to the keychain. A number of reports have dubbed this the “BrokenChain vulnerability”.

Senior security researcher Jérôme Segura once again found a malvertising campaign, this time, targeting the online dating site, Match.Com. He added that this is similar to the PlentyOfFish campaign he spotted and wrote about not long ago. This campaign uses the Angler exploit kit to serve affected users with other malware.

Lastly, Chris Boyd, one of our malware intelligence analysts, documented a new Skype spam campaign that carries a Baidu link that was used to hide the location of it’s true destination. In this case, a fake weight loss or diet news page.

Notable news stories and security related happenings:

  • Who can Stop Malware? It Starts with Advertisers. “Malware masquerading as advertising is a growing problem, and the ad industry must figure out how to weed out scammers from legitimate companies.” (Source: InfoWorld)
  • Domain Hijacking Spear-Phisher Foiled by the Last Line of Defense — Paranoia. “As the old joke goes, “Just because you’re paranoid doesn’t mean that everybody isn’t out to get you.” Based on the contents of my e-mail inbox lately, I can confirm that my paranoia is well-founded.” (Source: Ars Technica)
  • Lawyers Are Prone to Fall for Email Scams. “The truth hurts, but that’s what Verizon’s 2015 Data Breach Investigations Report seem to suggest. As lawyers Karen Rubin and Tom Zych of Thompson Hine note with alarm, the report finds that a company’s legal department is ‘far more likely to actually open [a phishing] e-mail than all other departments.'” (Source: The American Lawyer)
  • How Employees Become Pawns for Hackers. “Employees are the greatest security risks, especially since they are prone to be used as pawns for hackers. That’s why they are vulnerable to attacks.” (Source: Security Affairs)
  • Warning from Millennials: Tighten Online Security or Lose Our Custom. “95% of Millennials believe their digital identities are not completely protected by appropriate and effective security measures. That’s according to a survey by Intercede as the findings of a new consumer survey that suggests Millennials in the U.S and UK are losing trust in today’s digital economy.” (Source: Talk Business Magazine)
  • iCloud Photo Leak and Cyber Security: What the Experts Say. “Security experts believe that many of the issues that existed before the iCloud photo leak still exist today, whether it be human error-based or new vulnerabilities in technology discovered by hackers.” (Source: The Irish Examiner)
  • Pendrives are Most Common Cyber-Attack Vector in LatAm. “An average of 42.3% of pendrive users in Latin America suffered offline infection attempts via such devices between January and August this year, whereas online attacks were suffered by some 20% of internet users in most countries, according to security solutions provider Kaspersky Lab.” (Source: BNamericas)
  • KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones. “Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims.” (Source: Kaspersky Labs’s ThreatPost)
  • Russian-Speaking Hackers Breach 97 Websites, Many of Them Dating Ones. “None of the dating sites are nearly as prominent as Ashley Madison, which saw sensitive company information, emails, internal documents and details of 30 million registered users released in a devastating data breach. Holden said this Russian-speaking group is not related to Impact Team, which claimed credit for the intrusion into Ashley Madison.” (Source: CIO)
  • Ransomware Growing Rapidly, Warns Intel’s McAfee Labs. “The total number of ransomware samples is also up, by 127% compared with the second quarter of 2014, the report said, attributing the increase mainly to rapidly-growing new ransomware families such as CTB-Locker and CryptoWall.” (Source: Computer Weekly)
  • Shifu Banking Trojan Comes with Its Own Antivirus to Keep Other Malware at Bay. “The defenses of Japanese banks and financial institutions are being put under a serious test these days by a new banking Trojan created from a mix of previously detected malware.” (Source: Softpedia)
  • Should the Removal of Personal Info Posted Online be a Human Right? “69% of online Americans agree that the ‘Right to be Forgotten’ should be a human right, 29% think it allows for censorship. Only 16% think the ‘right to be forgotten’ is not practical.” (Source: Help Net Security)
  • CoreBot Can Steal Your Credentials, Download and Execute Malware. “This stealer malware is specifically designed with ample strength that it is quite easy to steal data from targeted victim and have the capability to control the computer, reveals a security report published by IBM.” (Source: HackRead)
  • Apple vs. Android: Mobile Security Pros and Cons. “Both Apple’s iOS and Android have security strengths and weaknesses, experts say.” (Source: eSecurity Planet)
  • 26 Mobile Phone Models Contain Pre-Installed Spyware. “Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.” (Source: InfoSecurity)
  • Finance and HR Staff Labeled Biggest Security Risks. “Finance and HR employees represent the biggest cybersecurity threat to organizations of any department, according to new research from security firm Clearswift. Nearly half (48%) of respondents claimed finance departments and their employees posed the biggest threat, versus 42% for HR.” (Source: InfoSecurity)
  • Belkin Wi-Fi Routers at Risk from Multiple Vulnerabilities. “According to an advisory by US-CERT, The Belkin N600 DB Wireless Dual Band N+ router model F9K1102 v2 with firmware version 2.10.17 has flaws that could allow a hacker to arbitrarily inject files, perform man-in-the-middle attacks and forge cross-site requests.” (Source: SC Magazine)
  • RedHat Security Finds Multiple Network Devices Leak ‘RSA-CRT’ Keys. “PFS helps address the event an attacker captures HTTPS encrypted sessions and later acquires the key to decrypt them, say under a warrant. Instead of relying on a single key for multiple sessions, with PFS a new key is generated for every encrypted session, making it more costly for an attacker decrypt. But a side-effect of the increased use of PFS is that it’s exposed an additional weakness in TLS that an attacker with little computing power could use to recover a server’s private RSA key.” (Source: CSO)
  • Android Ransomware Uses XMPP Chat to Call Home, Claims It’s from NSA. “The updated version of Simplocker masquerades on app stores and download pages as a legitimate application, and uses an open instant messaging protocol to connect to command and control servers.” (Source: Ars Technica)
  • Cybercrime by Wire Fraud – What’s Covered? “Perhaps the only thing worse than falling victim to a business email compromise or “CEO fraud” that results in millions of dollars in wire fraud theft – is wondering whether your insurance will cover any of the loss.” (Source: CSO Online)
  • ReverbNation Notifies Users of Breach, Recommends Changing Passwords. “ReverbNation – an online platform that currently assists more than three million musicians in building their careers – experienced a breach in 2014, and is now notifying an undisclosed number of users and asking them to change their passwords.” (Source: SC Magazine)
  • Self-Hacking: Corporations Start Thinking Like Criminals. “According to Bloomberg, companies like Barclays are now trying a new tactic: self-hacking. Can security professionals acting like criminals really help enterprises stay one step ahead?” (Source: Security Intelligence)

Safe surfing, everyone!

The Malwarebytes Labs Team