Security News

A scam, a scheme, a breach, and...wow, some GOOD news!

Avast Security News Team, 28 January 2019

Adware bundles laced with ransomware, your license plate could be online, new phishing scheme uses voicemail, and cybersecurity superheroes do good work.

Beware this ransomware adware

Pursuing information on a malicious encryptor, cybersecurity researchers stumbled upon a ransomware/adware bundle scheme. Several seedy online shops selling “cracked” software — that is, software that has been hacked and resold — were including an adware bundle laced with ransomware. The cracked software featured Microsoft Windows programs, Adobe Photoshop, antiviruses, and more. The seller included the adware bundle undoubtedly to generate revenue, but in addition to the regular adware assault, a variant of the STOP ransomware was also included. This particular strain confuses victims with a series of ruses, including a phony Windows update screen, while the malware seizes the system. Some ransoms have been close to $1,000, with the added offer of cutting the amount in half if the victim paid in a timely manner.

License plate readers exposed online

Automated license plate readers (ALPRs) are used by local police forces all across the United States. While news stories arose almost 5 years ago claiming that these cameras and the info they keep can be accessed by competent hackers online, a recent report by cybersecurity researchers confirms that these cameras are still at risk. Over the course of a week, the white hat hackers found over 150 ALPRs that could be accessed via the internet. While many were entirely exposed, some were thinly protected by a default password that anybody could look up and enter. Each ALPR database of stored photos, plate numbers, location, direction, and time stamps is a massive amount of information, the researchers’ work points out, that should be protected by tighter cybersecurity.

“By now, it’s clear that smaller public institutions — local police forces, for example — do not have employees with the skill set required to manage cybersecurity,” explains Avast security evangelist, Luis Corrons. “More and more, we’re seeing cases in the United States, like the SamSam attack, let’s say, where malicious attackers work hard to identify the most vulnerable targets so that they can funnel money, steal information, or perform other devastating types of attacks.”

100,000 malware sites identified

In a bit of good news, 265 cybersecurity researchers have been collaborating on a massive info-share of malware and malicious URLs since last March, aggregating a list that they announced this week consist of 100,000 malicious URLs. The group has reported all 100,000 sites to their respective hosting providers, though some providers are moving slower than others at taking down the sites. The most common malware found among the 100,000 sites was Emotet, a jack-of-all-trades malware that can work as a trojan, a backdoor, a spam bot, a credentials copier, and more. Second to Emotet was the Gozi bankbot, followed by GrandCrab ransomware.

New phishing scheme uses voicemail

There’s a new scam hitting inboxes that tells users they have a voicemail received through online communications company RingCentral. The phishing email contains buttons users can click to preview or listen to their voicemail, but doing so takes the users to a phony Microsoft login page where they are instructed to log in. Even if they enter their password correctly, they are told it is incorrect and prompted to enter it a second time. This devious step double-verifies the password for the cybercriminals. Upon the second password-entering, the user is presented with a :15 voicemail where the caller sounds confused, as though it’s a wrong number. The unsuspecting user might think it was all just a big mistake, not realizing the cybercriminals now have their Microsoft login and password.

Avast researcher Martin Hron comments, “This again proves the point that you have to be extra cautious when following any URL sent to you by email. Ideally, don't click anything that's inside the email.”

For those curious users who cannot resist clicking, Martin continues, “If the link takes you to a page that asks for any of your credentials, it's a red flag! Also use common sense, and check the URL in the address bar of your browser. Don't rely solely on the ‘lock icon’ which shows if the page uses encryption — also check the address itself. In this case, it is obvious that the page is not hosted by a Microsoft domain. Remember that ‘SSL’ doesn't mean the content is safe, it only tells you that the communication between you and the server is encrypted.”


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.