Detail of a calendar page with dates

A week in security (May 01 – May 07)

Last week, we reported about that fake Google Docs app in real time as it wrecks havoc among GMail users worldwide. We also pushed out part 2 of our series on adware. During World Password Day, we highlighted the fact that although using multiple passwords is good, this may be difficult if one cannot manage them efficiently.

As it’s spring in the Northern Hemisphere, we found it appropriate and timely to write up a spring cleaning post.

Lastly, we covered a fair amount of macOS malware, specifically OSX.Dok and Snake. Click those links to check out technical details for each.


Below are notable news stories and security-related happenings:

  • Super Free Music Player Is The Latest Malware On Google Play. “Another day, another piece of malware lurking on Google Play, masquerading as a free and helpful app. This time it’s called ‘Super Free Music Player’ and is supposedly a ‘great song app for discovering and listening to trending music’, and contains ‘unlimited free songs from Soundcloud.'” (Source: Help Net Security)
  • Schools Among The Most Sought After Cyber Targets: ESET Report. “What makes these organizations such an inviting target is schools, both those of higher education and local school districts, hold in one place all the types of data prized by hackers, health care information, student and employee personally identifiable information (PII), research and even payment card data, according to a report by ESET researcher Lisa Myers.” (Source: SC Magazine)
  • UK Office Workers ‘Too Trusting’ Of Email Attachments. “More than half (58%) of office workers among 1000 employees surveyed at mid-to-large UK businesses admitted to often opening email attachments from unknown senders, leaving companies open to breaches from documents carrying malicious exploits hidden inside common file-types.” (Source: InfoSecurity Magazine)
  • Criminals Turning To Fraudulent Gift Cards. “Traditionally, gift cards have been a quick way to make stolen credit card numbers pay off quickly. They buy the gift cards online, in bulk, then use the gift cards at their leisure or resell them, without worrying that the credit card number has been canceled — until the charge backs started coming in from the credit card companies and merchants wised up.” (Source: CSO)
  • HideMyAss! Privilege Escalation Flaws Exposed. “A set of serious security flaws in the HideMyAss! proxy service which could place user security and privacy at risk have been publicly disclosed. Over the weekend, Security researcher Han Sahin said that multiple privilege escalation vulnerabilities exist in HideMyAss! Pro VPN for Apple’s OS X operating system, a subscription-based virtual private network (VPN) service used to mask user traffic and online activities.” (Source: ZDNet)
  • 7 Steps To Fight Ransomware. “As ransomware perpetrators continue to hone their skills, we’re seeing a shift to more specific targets. The driver of this shift is the realization that companies, especially larger ones, are much higher-value targets than an average individual and are thus able to pay significantly higher ransoms. This change has elevated the need for companies to strengthen their defensive strategies. Executives must allocate resources and ensure strategies are active against ransomware intent on paralyzing their organization.” (Source: Dark Reading)
  • Fraudsters Draining Accounts With ‘SIM Swaps’ – What To Do. “A new phone can take over your old number because the number is actually tied to your SIM card – in fact, SIM is short for subscriber identity module, a special system-on-a-chip card that securely stores the cryptographic secret that identifies your phone number to the network. You may also need to get a new SIM from your mobile provider if you switch to a phone that requires a differently sized SIM card to the one in your current device.” (Source: Sophos’s Naked Security Blog)
  • Thieves Drain 2fa-protected Bank Accounts By Abusing SS7 Routing Protocol. “The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train.” (Source: Ars Technica)
  • iPhone Phishing Scam Crosses Over Physical Crime. “Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password.” (Source: TrendLabs’s Security Intelligence Blog)
  • NYPD: Fraud Ring Recruited Mules Via Social Media. “New York City police are claiming victory after smashing a multi-million-dollar financial fraud ring which is alleged to have recruited participants via enticing social media ads. The authorities have indicted 39 people for their part in a sophisticated operation which resulted in a whopping $2.5m in fraud.” (Source: InfoSecurity Magazine)
  • Europe Pumps Out 50% More Cybercrime Attacks Than US. “Cybercrime attacks launched from Europe reached more than 50 million in the first quarter, double the volume coming out of the US, according to the ThreatMetrix Q1 Cybercrime Report released today. And within Europe, Italy, France, Germany, and the UK accounted for half of all attacks originating out of the region, with the UK and Germany contributing the lion’s share.” (Source: Dark Reading)

Safe surfing, everyone!

The Malwarebytes Labs Team