Security News

Bitcoin scammers hijack major Twitter accounts

Avast Security News Team, 17 July 2020

Plus, more newsbytes of the week including a new ransomware based on a Google encryption and a cyberattack ordered by President Trump

A cryptocurrency scam took Twitter by storm on Wednesday as numerous high-profile accounts were hijacked and used to solicit their millions of followers for bitcoins with the false promise of giving each donor twice their amount back. The accounts of Barack Obama, Elon Musk, Bill Gates, Joe Biden, Jeff Bezos, Kanye West, Kim Kardashian, and other famous figures were hacked, each displaying tweets such as this one from Elon Musk’s account: “I’m feeling generous because of COVID-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” Within hours, the bitcoin address listed in the fallacious tweets had received over $113,000. 

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter Support posted in a tweet on Wednesday. CNET reported that for the first two hours of the attack, Twitter struggled to get on top of it, causing many users to get error messages when they tried to use the service. The Twitter Support team activated and deactivated restrictions throughout the day as they tried to get to the heart of the problem. “There is no way to protect our accounts against such an attack,” commented Avast Security Evangelist Luis Corrons.This should open our eyes and make us realize that ANY information we put on the internet, even if it is a Twitter DM, can eventually become public.” The phony tweets have been removed but Twitter is continuing to investigate the attack.

Google bans stalkerware app ads

In its advertising policies, Google has updated its “Enabling Dishonest Behavior” policy to prohibit ads for apps intended to track or monitor another person without their authorization. The new policy will take effect in August 2020, and it’s meant to curb the rising amount of spyware and stalkerware being used for intimate partner surveillance, monitoring texts, phone calls, browsing history, physical location, and more. Some critics, however, suggest the policy update is actually toothless, since it allows exceptions for private investigative services and tracking apps that let parents monitor their underage children, both of which can be repurposed for unsavory uses. 

Google security utility adapted as new ransomware

A new strain of ransomware called AgeLocker encrypts victims’ files using a method developed by a Google cryptographer. Security lead Filippo Valsorda created Age as an alternate encryption method, and bad actors have somehow gotten hold of it. It’s unknown how the attackers are installing AgeLocker on machines, but victims are receiving its ransom notes by email. The demand is for 7 bitcoins, or around $64,500. There is no free encryptor for AgelLocker yet. More on this story at Bleeping Computer

This week’s stat

337

The number of Android apps targeted by a new malware strain named BlackRock that comes with a broad range of data theft capabilities.

Botnet attacks surge in June

Security researchers analyzed the most common malware attacks for June 2020 and found a spike in the use of the Phorpiex botnet. According to ZDNet, Phorpiex is known for distributing various malware and spam, including large-scale sextortion email campaigns. In May, the Phorpiex botnet was the 13th most detected malware, but in June it jumped to the 2nd most detected, its main purpose seemingly to distribute Avaddon ransomware, which is spread through phishing emails that have a wink emoji as the subject. June’s top most detected malware was the remote access trojan Agent Tesla, which is an information stealer and keylogger

This week’s quote

“What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted, but those in the U.S. cannot,” said Jonathan Kewley, co-head of technology at law firm Clifford Chance, in relation to the recent ruling from a top European court that requires companies moving personal user data from the EU to other jurisdictions to provide the same protections given inside the bloc.

Trump confirms cyberattack on Russian troll farm

The Washington Post printed an interview with Donald Trump last Friday wherein the American president confirmed the U.S. had launched a cyberattack against Russan troll farm Internet Research Agency (IRA) during the 2018 U.S. midterm elections. The attack blocked the IRA’s internet access and lasted from the first day of elections until all the votes were tallied a few days later. The IRA had been indicted by FBI special counsel Robert Mueller in 2018 for conspiracy to interfere with the U.S. presidential election in 2016. Business Insider commented that Trump’s confirmation of the attack is unusual, as national leaders tend not to talk publicly about cyberwarfare tactics. 

This week’s ‘must-read’ on The Avast Blog

During this time in which more of us are doing everything we can online, dating remains a security sinkhole. Whether you’re looking to set up an IRL date or you’d like to know how to choose a privacy-friendly selfie, our guide to secure online dating has you covered.