Detail of a calendar page with dates

A week in security (Apr 24 – Apr 30)

Last week, we talked about another scam that promised to reward iPhone 6s units, a fake Donald Trump spam that leads to a supposed torrent site, and a bogus LastPass browser extension found on the Chrome Web Store.

Senior Security Researcher Jérôme Segura discussed the latest malvertising campaign on The Pirate Bay, somewhat a repeat of what we documented a couple of years back. Only this time, malicious adverts drop ransomware onto affected systems. Segura noted that this campaign was similar to the one he found on AdsTerra.

In another post, Segura detailed his findings on the official website of toy maker, Maisto, after our telemetry caught it unwittingly pushing the CryptXXX ransomware to systems that are used to access it. The malicious actors behind the Reveton ransomware was said to be the creators of CryptXXX.

Notable news stories and security related happenings:

  • Microsoft: Keep Calm But Vigilant About Ransomware. “The recent proliferation of ransomware attacks has significantly heightened the need for enterprises to be vigilant about the threat. But there’s little need for panic. For the moment, at least, enterprises are less likely to encounter ransomware than almost any other kind of malware like Trojans, worms and viruses, according to a new Microsoft report.” (Source: Dark Reading)
  • Skull Echoes Can Be A Password To Protect Facehugger Computers. “Researchers at the Max Planck Institute for Informatics and the universities of Stuttgart and Saarland conducted a controlled study – with only 10 participants – of the way a sound bounces around a skull and reverberates back, using the bone conduction speaker and microphone integrated into an eyewear computer like Google Glass.” (Source: Sophos’ Naked Security Blog)
  • Android Ransomware Attacks Using Towelroot, Hacking Team Exploits. “A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and unsupported Windows XP operating system.” (Source: Kaspersky’s Threat Post)
  • Phishing Emails Leverage Unique Subject Lines, Office Docs. “Phishing emails continued to evolve last year, according to a new report from PhishMe, with Microsoft Office documents and unique subject lines used to get past enterprise filters. Malicious Office macros have been around since the 1990s, said David MacKinnon, director of research at PhishMe, because there’s little that companies can do to block them.” (Source: CSO)
  • Uber Fraud: Scammer Takes The Ride, Victim Gets The Bill. “The traditional meaning of people ‘getting taken for a ride’ is that they are victims of a scam. But in the world of online ride-hailing services, the scammer gets taken for the ride – a free ride – while the victim ends up with the bill. The scams have come to be called ‘ghost’ or ‘phantom’ rides, made possible when cyber criminals steal login credentials from users of a ride service like Uber, and then sell them to fraudsters on the Dark Web.” (Source: CSO)
  • Presidential Primary Election Apps May Expose Sensitive Data. “Did you know that there are over 1,200 Android apps, both official and unofficial, that help voters keep track of the happenings in the US presidential primary? Better yet, did you know that over 50 percent of them can expose sensitive user data? We’re talking about account details, location, list of installed apps, device info, unique IMSI number, settings, your phone number – collected by the apps and sent to remote servers, often over unsecured connections.” (Source: Help Net Security)
  • My Bad! Employee Slipups Lead to More Government Hacks Than Cyber Espionage. “Governments in 2015 suffered more data breaches by goofing up and losing stuff, than by succumbing to the wiles of cyberspies. That is the finding of security analysts from Verizon, the Homeland Security Department, the Pentagon and dozens of other public and private sector organizations in a report published today.” (Source: Nextgov)
  • Breaking Steam Client Cryptography. “So as to not bury the lede: Older versions of Steam allow an attacker who observes a client connecting to Steam to read sensitive information sent over the network. This allows the attacker to take over the account, bypass SteamGuard, and sometimes view plain-text passwords.” (Source: Steam DB)
  • New Attack Technique Hides Spread of RATs In Asia. “SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn’t touch the victim’s computer disk in an unencrypted state.” (Source: TechNewsWorld)
  • Google Play Infested With Cash-stealing Web Apps. “Security researcher Joshua Shilko says phishing apps targeting some of the world’s biggest payment services have slipped past screening and landed on Google Play. Shilko says he’s aware of 11 well-designed fraud apps that have slipped into the official Play store, often by mimicking mobile payment sites.” (Source: The Register)

Safe surfing, everyone!

The Malwarebytes Labs Team