Child’s play

A disturbing new trend is emerging from the dark web underworld. Cybercriminals are now using the personal data of children to set up credit lines and perpetrate identity theft. Because children naturally have fresh, unblemished credit, there are far less “ifs” than there are with an adult’s credit. Parents do not typically make it a habit to check their infant’s credit score, so the crime can continue for fifteen or twenty years before being discovered.

There are two sides of criminal elements at work here — those that steal the children’s data and those that buy it and use it. The thieves are pilfering the info from databases such as pediatricians’ offices, then selling individual identity kits being called “child fullz”, which include a child’s name, birthday, address, and social security number at a going rate of $25 per kit. Concerned parents are advised to stay aware of their child’s credit, checking on it regularly and even going so far as to freeze it, if it provides peace of mind.

“This is really nasty,” comments Avast Security Expert Luis Corrons. “And we’re placing all the blame on the cybercriminals who are trafficking and using this data. However, we should ask ourselves why this problem doesn't happen in other countries. What is it that allows cybercriminals to use stolen data from kids to obtain large loans or to make big purchases in the US, while the same does not happen in Germany, France, or Spain? There is no way you can get a loan in these countries without providing your ID — and I’m not talking about just your ID number — the customer has to provide a copy of the full ID. And for kids 18-years-old and younger, their parents need to approve everything. So, yes, the problem is with cybercriminals abusing the system and stealing information, but we need to make their lives harder, not easier.”

Crazed YouTube fan creates ransomware

Social media star PewDiePie has 91.5 million YouTube subscribers, but one rabid fan felt the video game reviewer deserved to have 100 million. In a criminal effort to make that happen, the fan created a ransomware called PewCrypt that locks up victims’ files, then presents them with a ransom note that urges them to subscribe to PewDiePie’s YouTube channel, stating that when the star’s number of subscribers surpasses 100 million, a decryptor tool will be issued. The note goes on to stipulate that if T-Series — another popular YouTube channel — receives more total subscribers than PewDiePie, the victims’ files will be lost forever.

Then, in an apparent change of heart, the malware creator sent out the decryptor tool to the victims anyway. Called “JustMe”, the decryptor was not very user-friendly and obviously suspect. Cybersecurity experts released a decryption tool of their own for PewCrypt, so victims do not have to trust “JustMe”.

UC Browser users at risk

Mobile internet company UCWeb, owned by Chinese conglomerate Alibaba Group, offers a web browser called UC Browser, which is one of the most popular browsers in the world, coming in fourth in market share after Google Chrome, Safari, and Firefox. UC Browser boasts over 600 million installs, but cybersecurity researchers warn that those users could be at risk to man-in-the-middle attacks.

UC Browser downloads and installs its new libraries and modules, which add new features and update software, using unprotected channels between the user’s network and UC Browser’s servers. The digital traffic bypasses Google Play servers and leaves itself open to bad actors intercepting the communication and pushing malware to infect hundreds of millions of Android devices.

Researchers also found that the desktop UC Browser app was vulnerable to man-in-the-middle attacks, but that the UC Browser Mini app is not at risk because it does not use the same libpicsel library. However, the UC Browser Mini app does circumvent the Google Play store for updates, so if the UC Browser internal servers were compromised, malware could be pushed to UC Browser Mini users.

Luis Corrons notes, “Supply chain attacks are on the rise, and while circumventing Google Play store for updates might seem quite innocuous, the truth is that it can make these attacks easier. Most of the recent supply chain attacks have targeted computer users, but if we start getting rid of extra security layers that mobile platforms have, it is just a matter of time before we see them jumping to Android.”

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.