Friday February 28, 2014
Cybercriminals have distributed the OSX/CoinThief malware that steals Mac users' Bitcoins. The threat is disguised as various applications and games, including Angry Birds.
ESET Security Professionals warn that the malware is being distributed through torrents. In addition to Angry Birds, cybercriminals have disguised OSX/CoinThief as various popular Mac OS X apps such as BBEdit, Pixelmator, and Delicious Library. "There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates," security expert Graham Cluley stated on ESET's WeLiveSecurity blog.
Once the malware is executed, OSX/CoinThief installs a web browser extension and monitors the victim's web traffic. An additional component that runs in the background checks for wallet login credentials and sends the information to the attackers. The malicious web extension is called "Pop-Up Blocker." If this extension is present on your Mac Internet browser, you're probably infected. Another way to find out if you're infected with OSX/CoinThief is to open Activity Monitor in the Utilities Folder and look for a process called com.google.softwareUpdateAgent. This process is created by OSX/CoinThief.
Image ©Angry Birds
Saturday February 1, 2014
McAfee predicts that virtual currencies will fuel malware attacks globally in 2014. In general, growth in virtual currencies benefits and promotes economic activity. However, this has also provides cybercriminals with an anonymous payment infrastructure that they use to collect money from their victims.
Ransomware attacks, such as CryptoLocker, will continue to flourish as long as these attacks remain profitable. Furthermore, we may see new ransomware attacks aimed at enterprises.
The good news is that thought the ransomware payload is unique, the methods cybercriminals use to distribute ransomware (spam, drive-by downloads, infected apps) are not. Therefore, keeping systems current and practicing good security practices will keep you relatively safe from these threats.
Finally, the emergence of virtual currencies and its anonymous transaction infrastructure has led to the development of a number of "Deep Web" marketplace sites that specialize in retail distribution of illegal products and services. The largest of these sites was Silk Road, which was shut down by the FBI on October 2013. Although the closure of Silk Road was a huge win for law enforcement, there are many of these Deep Web marketplaces operating globally. This issue is not going away anytime soon.
Image ©Phil Williams
Friday January 3, 2014
On the first day of 2014, more than 4.5 million Snapchat user names and phone numbers were leaked online and made available for download. The hacker group responsible for the leak claims they had notified Snapchat of the vulnerability but Snapchat never responded.
SnapchatDB.info, the now suspended website, housed the leaked account information. On the site, the hacker group stated they censored the last two phone number digits to minimize spam and abuse but may release the digits under certain circumstances. The group explained their motivation was to raise awareness and stated "companies we trust with our information should be more careful in dealing with it."
Jeff Taylor, McAfee Consumer Operations Project Manager had this to say about the issue:
"The key privacy impact with this break seems to be in the data relationships... The best-kept secret related to privacy relates to PII (personally identifiable information) data relationships, so fundamental advice may include [using] unique user names and secondary email addresses for all social media accounts. Public profiles can be tied together otherwise, and data breaches become more damaging without such steps."
Irfan Asrar, McAfee Mobile Malware Researcher, warns about malicious websites claiming to have the capability of verifying if you're one of the victims of the hack. These sites are setup to farm/harvest information by asking you to enter your number and attempt to do a partial match of the data that was released by the hackers.
Tuesday December 31, 2013
LinkedIn is one of the top social media platforms for job seekers and cybercriminals are finding ways to exploit the site by posing as recruiters. According to the Better Business Bureau (BBB), scammers create fake profiles disguising themselves as recruiters and then send messages with links to malicious sites that steal your personal information. The legit looking websites often ask for your bank information, Social Security number, etc., and scammers use this information to access your bank accounts and attempt to steal your identity. Business professionals who use LinkedIn within their corporate network should also be alarmed as cybercriminals use these same methods to infect computer systems with malware.
BBB makes the following recommendations and reminders:
- Legitimate recruiters will never ask for your personal data such as banking information.
- Always research a "recruiter" who contacts you before providing your sensitive information.
- Most employers won't ask for a Social Security number until they actually provide you with a job offer.
- Don't just add anyone to LinkedIn. Do your due diligence and research their profile and connections prior to adding them.
- You should NEVER be asked to pay for a legitimate job. If a "recruiter" asks you to pay for training, block them immediately.
- Work-at-home jobs are scarce, so be cautious of these postings.
Finally, ask the "recruiters" if you can call them. If they avoid to speak with you, then you should probably block them.