Security News

5 malware attacks making the news

Avast Security News Team, 25 May 2018

From hacking cars to cryptomining, botnets, social engineering, and phishing, the week was fraught with tales of cybercrime.

BMWs at risk of hacking

BMW is in the process of issuing security patches to drivers of its 2017 i3, 2016 X1 and 525Li, and 2012 730Li. The patches will cover fourteen newly-discovered vulnerabilities, four of which can be triggered only through physical connection to the car computer systems, while another four require USB connection to the car. The remaining six vulnerabilities can be exploited remotely. A diligent cybercriminal can gain access to the cars’ infotainment systems, T-Box components, and UDS communication. In light of the findings, BMW has embraced the value of third-party cybersecurity research, and they are working on fixes.

Malware makes Macs mine Monero

Mac users noticed that a program called mshelper seemed to be hogging all their CPU power. The issue arose on Apple discussion forums and sure enough mshelper was soon identified as cryptomining malware. The “dropper,” the program that sneaks the malware onto the system, has not yet been determined, but whatever it is installs a file named pplauncher in the Mac’s “application support” folder. From there, pplauncher activates mshelper and the mining begins. The mining process is not necessarily harmful to the computer unless it causes overheating. Nevertheless, the malware should be removed from every infected system.

FBI seizes key server of 500,000+ botnet

Last August, a Pittsburgh resident reported a malware infection that was of particular interest to the FBI, as it seemed to originate from the same cybercriminal group that interfered with the 2016 US presidential election. The malware infecting the woman’s system was called VPN Filter, and it attacked the home office router, adding it to a botnet army. This week, the FBI took control of one of the key domains associated with the botnet, effectively freezing its activity. Further, a simple solution has been discovered to remove VPN Filter from infected routers — simply restart the router.

Cybergang uses porn for social engineering

The Confucius cybergang has added two new malicious apps to their roster of social engineering attempts. With the end goal of installing malware on their victims’ Android devices, the cybergang has created the phony “Fuddi Duniya” app, which promises a wealth of nude photos. The second deceitful app also played to romance, posing as a chat function that could find you a partner. Both apps, once installed, download malicious files into the Android devices, allowing cybercriminals to steal any data stored there. Make sure your device is protected with mobile security, and, as always, avoid suspicious-looking apps.

Brain Food — a botnet so smart, it’s scary

A spam botnet called Brain Food is one of the smarter phish in the cyber-sea. It works like a typical phishing campaign, trying to get users to click on malicious links in order to inject malware into their systems that would then steal info. Brain Food is so named because its most common ploy is to push phony health supplements.

But the more interesting aspect to Brain Food is its exceptionally clever PHP script. It is able to effectively hide itself from antivirus software, and it changes itself every time it runs. The script has been found in over 5,000 websites, and users are forewarned to be wary of any health or nutrition-oriented phishing attempts.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.