A Week in Security (Jun 22 – 28)
Here’s a review of last week’s posts on Malwarebytes Unpacked*:
- Fake Amazon Local Emails Deliver Malware (Security Threat) Malware Intelligence Analyst Chris Boyd found spam claiming to be from Amazon Local, Amazon’s daily deal service, under the guise of a receipt informing recipients of a purchase they purportedly made. It contained a ZIP-compressed attachment that may have been potentially malicious.
- This Dropbox Phish is Not After Your Dropbox Creds (Fraud/Scam Alert) The promise of something good behind a link has been a motivation for users. Unfortunately, this is commonly exploited by online criminals. This phish, in particular, advised the curious to login to their emails before they can see an image—a tactic that users must never fall for.
- Advisory: Seasonal Scam Returns (Fraud/Scam Alert) The Garcinia diet spam campaign is back for the summer holidays, and this time, the scammers banked on the popularity of the TMZ and Good Housekeeping brands to make their sales pitch more believable.
- Phishy Steam Guard File Steals SSFN (Fraud/Scam Alert) During the Steam Summer Sale, we found a unique yet nasty phish that allows attackers to steal an account’s SSFN, a file that prevents users from always verifying their machines whenever they log in to Steam. The campaign used an infostealer with the name SteamGuard.exe after Steam’s security feature. You can familiarize yourself with Steam Guard here.
- “Tracy Morgan Is Dead” Fake Video in Circulation (Fraud/Scam Alert) Actor-comedian Tracy Morgan is now part of the long list of fake celebrity deaths that circulated on the Web. This one we found on Facebook, which leads users to download a PUP pretending to be software update that used the Adobe notification interface.
- A look at a double-dipping advertising network (Malvertising) In this post, Senior Security Researcher Jérôme Segura discussed double dipping, and a particular online advertising company that does just that. This company, he later found, got ad impressions, pay per clicks (PPC), and commissions based on the number of malware they can install onto user systems.
- Scammers Continue to Hook Users with Free Facebook Hacking (Fraud/Scam Alert) We found, profiled and debunked one of the many Facebook hacking/cracking tools that can be found online with a simple search. Steer clear of FBSniffing(dot)com.
Top news stories:
- Selfmite: Attack using SMS worm to increase pay-per-install income. Mobile Security company Adaptive Mobile discovered the first SMS-propagating worm for Android devices they named “Selfmite”. (Source: Adaptive Mobile Blog)
- IE users get new protection against potent form of malware attack. “Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.” (Source: Ars Technica)
- F1 star Michael Schumacher dead? It’s the latest sick Facebook scam. False news of Michael Schumacher’s death hit Facebook last week. (Source: We Live Security ESET Blog)
- Poorly anonymized logs reveal NYC cab drivers’ detailed whereabouts. A software developer was able to deanonymize data regarding taxi drivers’ recorded whereabouts with the use of predictable patterns of hack license numbers and medallion numbers. (Source: Ars Technica)
- Google Glass Snoopers Can Steal Your Passcode With a Glance. Researchers at the University of Massachusetts Lowell conducted an experiment that allowed them to spy and record PIN codes entered via mobile devices using wearable smart gadgets. (Source: Wired)
- 2014: The Year Extortion Went Mainstream. Brian Krebs declared how 2014 would be remembered in the years to come, backing it up with stories from targeted pizza stores that received letters in the mail from extortionist. (Source: Krebs on Security)
- Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication. Researchers at Duo Labs took advantage of an inherent flaw in PayPal’s API web service and (partially) in their mobile app in order to gain access to secure accounts. (Source: Duo Security Lab)
Stay secure, everyone!