Valid arguments about a possible industrial espionage campaign are being raised surrounding a Google Chrome extension that was caught collecting browsing history, ZDNet has learned from ExtraHop, a real-time IT analytics firm. The company said it detected the malicious code hidden inside a Google Chrome extension aimed at web developers. The extension, named Postman, is still available in the Chrome Web Store, despite ExtraHop reporting it to Google more than a month ago.
A group of online scammers has generated a list of 50,000 of executives including CFOs and other finance chiefs to use as targets for their schemes. The list was discovered by security company Agari after the scammers unwisely targeted the company with one of its scams, prompting the company to investigate further.
The group – which Agari is calling London Blue – seems to specialise in business email compromise (BEC) scams. While there are many variations, the basic aim is to trick someone within an organisation – usually working in finance – to send funds to a bank account controlled by the crooks, thinking that the transfer is a request from someone senior inside their own organisation.
Read more about the London Blue BEC group on ZDNet.
A new campaign delivering various remote access Trojans (RATs) is likely the work of a known Dridex/Locky operator, Morphisec security researchers warn. Dubbed Pied Piper, the campaign targets users in multiple countries and is likely operated by TA505, the threat group known to have orchestrated large Dridex and Locky attacks in the past. Observed starting last week, the phishing attempts use documents with malicious macros for malware delivery.
The campaign is multi-staged and still ongoing, with a version delivering the FlawedAmmyy RAT, while another variant dropping the Remote Manipulator (RMS) RAT. Earlier this year, TA505 was observed exploiting an Office zero-day to deliver the FlawedAmmyy RAT.
Cryptojacking, the hijacking of PCs and systems for the purpose of stealing CPU power in order to covertly mine for cryptocurrency, is becoming a thorn in the side of individuals and businesses alike. One in three organizations have been targeted by cryptocurrency mining malware.
Researchers from Check Point said in a blog post that one form of cryptomining malware, known as KingMiner, first appeared in June this year and is now out in the wild as a new-and-improved variant. The malware generally targets IIS/SQL Microsoft Servers using brute-force attacks in order to gain the credentials necessary to compromise a server. The miner is configured to use 75 percent of CPU capacity, but potentially due to coding errors, will actually utilize 100 percent of the CPU.
Read more about the newly discovered KingMiner malware on ZDNet.
Whenever there is a tragedy, some lowlife will try to take advantage of it. Such is the case with a new round of BEC scams that try to take leverage the California wildfires to defraud their victims.
In this campaign, the scammers pretend to be the CEO of a company who tells an employee that their clients have been affected by the California wildfires and that they need to send them assistance. This is when things get a bit weird, because instead of asking for money to be transferred, they request that the employee go out and buy Google Play gift cards, reveal the redemption codes, and then send them back to the attacker.
A new hacking tool making the rounds in underground forums has been deemed the latest “go-to” universal offering for attackers targeting Microsoft Windows PCs. The software is called L0rdix and according to cybersecurity researchers from enSilo is “aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, [and] can avoid malware analysis tools.”
In a blog post, enSilo researcher Ben Hunter said the tool is relatively new and is available for purchase. There are, however, indicators that L0rdix is still undergoing development despite an array of different functions already implemented within the malware. Written in .NET, L0rdix has been developed with stealth in mind.
Mobile security is at the top of every company’s worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle.
While it’s easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world, thanks to both the nature of mobile malware and the inherent protections built into modern mobile operating systems. The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing in the coming year.
Read more about the major mobile security threats for 2019 on CSO.
The hacking team behind a cyberattack which impacted the Winter Olympic Games is back with an updated cache of droppers and hacking tools. Researchers from Check Point said that Hades, the advanced persistence threat (APT) group believed to be behind an attack this year levied against systems used in the Winter Olympic Games, has begun a potential evolutionary shift.
“Over the last few weeks, we have noticed new activity from Hades,” the researchers say. “This new wave of attack shares a lot with those previously attributed to the group but it seems that this time we are witnessing significant changes that may hint at a new evolution from the group.”
Read more about the new activity of the Hades APT on ZDNet.
A prolific hacking group has returned with a new campaign which looks to deliver a new remote access trojan (RAT) to victims in order to create a backdoor into PCs to steal credentials and banking information.
A new, active campaign is using malware capable of dancing around traditional antivirus solutions in order to empty cryptocurrency wallets. The malware is being used in the DarkGate campaign, a previously undetected hacking operation uncovered this week by enSilo security researchers. According to the team, DarkGate is currently underway in Spain and France, targeting Microsoft Windows PCs by way of torrent files.
Torrent files are most commonly associated with pirated content, but the technology itself is not illegal. In this case, however, the infected .torrent files masquerade as pirated versions of popular television shows and films.
Read more about the malware used in the DarkGate campaign on ZDNet.