IT Security Newsletter - 5/26/2020
Insidious Android malware gives up all malicious features but one to gain stealth
ESET researchers have analyzed an extremely dangerous Android app that can perform a host of nefarious actions, notably wiping out the victim's bank account or cryptocurrency wallet and taking over their email or social media accounts. Called "DEFENSOR ID", the banking trojan was available on Google Play at the time of the analysis. This banker is exceptionally insidious in that after installation it requires a single action from the victim - enable Android's Accessibility Service - to fully unleash the app's malicious functionality. READ MORE...
Mathway investigates data breach after 25M records sold on dark web
A data breach broker is selling a database that allegedly contains 25 million Mathway user records on a dark web marketplace. Mathway is a calculator that allows users to type in math questions and receive an answer for free through their website or via Android and iOS apps. The Mathway app is top-rated, with over 10 million installs on Android and ranked as #4 under education in the Apple Store. READ MORE...
Krebs on Security: Riding the State Unemployment Fraud 'Wave'
When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that's exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony claims. Meanwhile, a number of U.S. states are possibly making it easier for crooks by leaking their citizens' personal data from the very websites the scammers are using to file bogus claims. READ MORE...
Discord client turned into a password stealer by updated malware
A threat actor updated the AnarchyGrabber trojan into a new version that steals passwords and user tokens, disables 2FA, and spreads malware to a victim's friends. AnarchyGrabber is a popular trojan that is commonly spread for free on hacker forums and within YouTube videos that explain how to steal Discord user tokens. Threat actors then distribute the trojan on Discord, where they pretend it's a game cheat, hacking tool, or copyrighted software. READ MORE...
Malware opens RDP backdoor into Windows systems
A new version of the Sarwent malware can open the Remote Desktop Protocol (RDP) port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Whether that access is used later by the same crooks or sold to ransomware gangs or cyber espionage groups is unknown, but affected users should know that removing the malware does not close that particular "backdoor". READ MORE...
The ransomware that attacks you from inside a virtual machine
Yesterday, SophosLabs published details of a sophisticated new ransomware attack that takes the popular tactic of "living off the land" to a new level. To ensure their 49 kB Ragnar Locker ransomware ran undisturbed, the crooks behind the attack bought along a 280 MB Windows XP virtual machine to run it in (and a copy of Oracle VirtualBox to run that). It's almost funny, but it's no joke. READ MORE...
Why building backdoors into encryption won't make us safer
For much of the last decade, technology companies have been in an uphill battle to save encryption, a battle that has seen an increasing number of skirmishes that tech companies often lose. Throughout this ongoing clash, governments across the world have been pushing to backdoor encryption in the name of combating child abuse and terrorism. READ MORE...
- ...in 1864, President Lincoln signs an act establishing the Montana Territory.
- ...in 1868, the U.S. Senate narrowly fails to convict President Andrew Johnson of the impeachment charges levied against him by the House.
- ...in 1953, "It Came from Outer Space", the first science fiction film to be screened in 3-D, debuts in Los Angeles.
- ...in 1959, Harvey Haddix of the Pittsburgh Pirates pitches 12 perfect innings against the Milwaukee Braves, only to lose the game.