Plus, over 500,000 Bitbucket users infected with malware, the Iowa app issue, and more
Phishing scams are known to shapeshift into whatever the current climate’s highest fears and anxieties are, and the newest to emerge include one that pretends to contain urgent information on the coronavirus and another posing as tax forms. Wired reported that the coronavirus scam uses subject lines such as “Singapore Specialist: Corona Virus Safety Measures.” The fraudulent email poses as a message from a doctor with a link that will supposedly download a PDF of preventative advice. However, by clicking the link, the victim opens the door to a malware infection.
Similarly, as the U.S. tax season is in full gear, a campaign infecting users with the Emotet trojan uses emails with malicious attachments that pretend to be signed W-9 tax forms. Bleeping Computer reported that the emails contain little text – just a personalized thank-you to the recipient and a “Please see attached” message. Clicking the attachment takes users to a Microsoft Word template that asks them to “enable content.” Once they do, their system is infected with the Emotet trojan, which has the ability to download more malware as well as send out more spam.
“One of the all-time favorite ways to spread malware is through email messages, and it has been like that since last century,” commented Avast security evangelist Luis Corrons. “Our most veteran readers will remember the infamous ‘Melissa’ macro worm back in 1999 and the notorious ‘I Love You’ in 2000. The main difference here is that those were self-replicating worms, while now we are mainly talking about trojans spread by cybercriminals, which make these messages harder to distinguish. Never click on links or open attachments in emails – even if they seem legit – unless it is something you are expecting from a known and trusted source.”
This week’s stat
The U.S. Department of Defense paid out over $275,000 to white hat hackers during its bug bounty program in Fall 2019.
Cryptomining bot found on DOD server
Reviewing the U.S. Department of Defense servers as part of the DOD’s bug bounty program, a security researcher discovered an open pathway allowing access without login credentials. Further investigation revealed cryptomining malware that had been nested in the server since 2018 or earlier, mining the cryptocurrency Monero. The DOD secured the server upon findings. More on ZDNet.
This week’s quote
“Iran’s response will be long and drawn out. There will very likely be a number of smaller and medium-sized attacks, culminating in a larger attack that will be highly coordinated and strike at just the right time.” - Stealthcare CEO Jeremy Samide, speaking to Avast guest blogger Byron Acohido about Iran’s most likely path of revenge.
Iowa caucus problems due in part to buggy app
NBC News reported that technical and design flaws in the smartphone app used to gather and report data from nearly 1,700 caucus sites substantially added to the delay of the day’s results. The Iowa Democratic Party cited a coding error in the app, which prevented the data from accurately transfering from the app to the party’s server. Experts who have examined the app commented that its code indicates neglectful or hurried work. Adding to the technical problems, the caucus hotlines were understaffed and overrun with calls.
Iranian hackers impersonate NYT journalist
A spearphishing campaign aimed at prominent Iranians such as journalists and activists is baiting victims with an interview invitation from noted New York Times journalist Farnaz Fassihi. Bleeping Computer reported that Iranian nation-state hacking group Charming Kitten–also known as Phosphorous, APT35, and Ajax Security Team–is behind the campaign. When recipients agree to the interview, they are directed to download the questions from a link designed to steal their login info and create a backdoor for future malware deployment. The ruse’s most glaring error is that in the email Fassihi claims to write for the Wall Street Journal, her previous employer which she left in 2019.
Malware on Bitbucket infects over 500,000 machines
Researchers have discovered a “potpourri of malware,” as reported by SC Magazine, being distributed in cracked versions of Adobe Photoshop, Microsoft Office, and other commercial software stored on hosting service Bitbucket. Cybercriminals hacked the official software programs, bundling them with multiuse malware, then sold them at discounted rates. Experts estimate over 500,000 machines downloaded the malicious files. Bitbucket disabled the malicious repositories within hours of learning about the scheme.
Philips Hue smart bulbs can be hacked
It’s a convoluted hack, but it works – first, the bad actors wirelessly infect a smart bulb to make its brightness and color erratically shift. This is intended to frustrate the homeowner into resetting and re-adding the bulb to the network. When that happens, the malware in the bulb infects the Hue hub, from where it can then spread to the homeowners Wi-Fi network and connected devices. In mid-January, Philips Hue issued a patch that protects their hub, the Hue Bridge, from being infected, though the bulbs themselves are still technically at risk. More on this on The Verge.
This week’s ‘must-read’ on The Avast Blog
What kinds of attacks can thwart AI, and how do we defend against them? Avast researcher Sadia Afroz illustrates some real world AI sabotage and explains how to move forward with machine learning.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus.