Friday 17 September 2021, Safety Guide

Fraudsters impersonate Spirotech

Lost24

Fraudsters send emails to corporate addresses of Polish companies claiming to be Spirotech.
The content of the message prompts you to click on the image that imitates the typical attachment from Gmail. The message is sent from Jarosław Kowalczyk, an “employee” of Spirotech. However, the domain from which the message has been sent is angst-pflstar.com, at this time this should trigger a red flag.


The content of the message is as follows:
Please note the following inquiry received from the owners. We kindly ask you for a refund with a quote with 5% commission for our office and 30 days credit as payment terms. Your quote should include shipping costs, customs or other fees and a total cost estimate. Please also send the co

Monday 13 September 2021, Safety Guide

BPS Bank customers targeted by fraudsters

Lost24

Clients of Bank Polskiej Społdzielczości (BPS) S.A. receive fraudulent messages with notices of received transfer.


According to CERT Poland, a link confirming the transfer is attached to the message. The fake message originated from the cobra-europa.eu domain, fraudsters inform in the message about the money transfer of over PLN 70,000 as well as inform who the sender of the transfer is.


According to Komputer Św

Wednesday 8 September 2021, Safety Guide

Fake WhatsApp version. Triada Trojan

Lost24

A fake version of WhatsApp – one of the most popular messenger apps – has been found on the web.
According to Kaspersky experts, the installation of the fake version of WhatsApp messenger on Android leads to device being infected with the Triada Trojan.


The application is listed under the name FMWhatsApp, after its installation, identifiers are collected from the device, which are then sent to a remote server, after which the Triada Trojan is installed.
The Trojan is able to subscribe the victim to premium services or install addition modules that allow the injection of additional malicious code.


According to

Read more

0 - Comment

Friday 3 September 2021, Safety Guide

A large leak of bank cards

Lost24

Payment card details stolen in 2018-2019 were made available online, the leak affects people from all over the world.


According to Komputer Świat, which references Bleeping Computer, payment cards were made available online as part of the promotion for the new carding market. Leaked data includes information about the card user, address, place of residence, email, phone number and CVV number.


Lost24

A hospital in the United States – Eskenazi Health, fell victim to cybercriminals, as a result of a ransomware attack there was no access to the hospital’s key systems.


It should be remembered that the purpose of the ransomware attack is to block access to computer system to prevent reading of data stored on it. As soon as the attack was detected by the hospital, all ambulances were redirected to other locations. Hospital turned off some of its services, such as access to email and medical records, and started to verify which parts of its system were compromised. In addition, the website of the hospital was disabled.


The hospital has issued a statement informing that no breach of patients and employees data had been detect

Lost24

The leak of customer data from Tauron, which we informed about a few days ago, has its continuation. Niebezpiecznik portal was contacted by a hacker who came into possession of the files of Tauron’s clients.


A hacker named Edison claims he was provoked to attack because he was attacked himself. Edison detected the attack from the addresses 93.105.88.X and 93.105.88.Y, and then traced the IP carefully. The script came across a server that had a directory listing of numerous files, a total of 200 GB. The files contained recordings of conversation with Tauron’s clients and entries regarding 2 million unique numbers.


The hacker, realizing what data he was dealing with, made several phone calls informing the owners of the numb

Lost24

The Polish company grouping companies from the energy sector – Tauron – informed its clients about the data leak.
According to Tauron, cybercriminals could take possession of phone calls, and thus obtain information such as: name, surname, date of birth, PESEL number, address of the energy collection point, phone number with email address.


In the announcement issued by Tauron, it can be read that there has been unauthorized access to customer data located in the technical infrastructure of external partners cooperating with Tauron.


Tauron informed its clients about the consequences of a data leak, such as attempts to obtain a loan by a third party or attempts to extort funds accumulated in the account by imperson

Thursday 19 August 2021, Safety Guide

Vulture malware on the Google Play Store

Lost24

New Vultur malware is spreading via the Google Play Store. Malware intercepts login details for online banking and cryptocurrency applications by recording device’s screen.


According to experts from ThreatFabric, Vultur monitors the screen of the device after launching the online banking application. This is possible thanks to an overlay that looks like the user interface of the actual banking application. The victims are convinced that they are entering the data into the actual app, while in fact they pass it to the scammers. According to the experts, malware is able to apply a window overlay to over 100 official applications of banks and supported wallets.


According to the dobreprogramy portal, attempting to remove Vultur

Tuesday 10 August 2021, Safety Guide

Malware - Windows 11

Lost24

Access to test builds of Windows through Windows Insider Program channel has been used by cybercriminals. According to Kaspersky, more and more people are downloading and installing application posing to be Windows 11 installer, which in fact is a camouflaged malware.


According to Kaspersky’s malware experts, it contains a file which matches the size of Windows 11 installer - 1.75GB and name matches the actual Windows 11 build number 86307_windows 11 build 21996.1 x64 + activator.exe. However, there is one but - the file contains a single DLL file that is tasked with downloading another file. This file then displays the “License Agreement” dialog box where in its summary you can read that “sponsored applications” will be installed on the compu

Lost24

Pegasus is a software used by government agencies of multiple countries, which allows to take control of almost any smartphone. For this purpose, it is sufficient, for example, to receive a message sent via WhatsApp messenger. Pegasus is software marketed by the Isreali company NSO.


According to the Niebezpiecznik website, journalists from the Forbidden Stories and Amnesty International have obtained a list of 50,000 personal phone numbers from around 40 countries that were targeted by Pegasus.


Unfortunately, Pegasus has not been used only for fighting criminals, the obtained list includes journalists, activists, businessmen, academics, government officials and lawyers that are inconvenient for individual countries.


Lost24

In order to encourage Poles to vaccinate against COVID-19, the government has organized a lottery, and from July 1st, 2021, vaccinated people can take part in the draw by registering on the patient’s online account or via the hotline, a fact that fraudsters will certainly not miss.


According to Computer World, phishing campaigns based on the National Vaccination Program Lottery should be expected soon. As you can find out from the gov.pl website, the system of informing about the winnings is to be done via SMS from the number marked as “Lottery”. After receiving the information of winning, go to the lottery website and check if your details: masked phone number, first name, first letter of the family name are on the list of winners. The lottery pr

Sunday 25 July 2021, Safety Guide

A new type of scam on the OLX

Lost24

Until now, the scam scheme on the OLX was based on sending messages to the victim via the WhatsApp messenger. CERT Orange Poland warns against a new pattern of fraud.


Scammers send an email that looks credible, it contains the correct OLX logo, as well as official sounding content. By sending an email from the olx-alerts.com domain, scammers inform the seller that their item has been purchased and that the sale must be confirmed within 24 hours. To do this, one must click the “confirm order” button included in the email, after which they will be redirected to the OLX partner’s page - InPost / Poczta Polska.


According to the CERT, all links but the last contained in the message lead to the actual subpages on the OLX webs

Lost24

Fraudsters send fake messages to Millenium bank customers regarding the receipt of a wire transfer.


The message concerns the confirmation of the transfer for a high amount. The message is accompanied by an attachment in the form of a pdf in which the invoice for the received transfer is supposed to be contained.


According to the Computer World portal, in the attachment there is an ISO image with Ave Maria malware in it.
Ave Maria is a Trojan that allows cybercriminals to remotely execute code on the victim’s device, which can be used as a keylogger, to intercept passwords entered when logging into a bank account or a social network.


Remember not to rashly open links attached to the messa

Lost24

In the Public Information Bulletin of the Warsaw City Hall, there was information about the data of property owners being sent out in an email by mistake.


Content of the message:
“The Mayor of the Capital City of Warsaw informs that we mistakenly sent to unauthorized persons the numbers of land and mortgage registers, which are included in the real estate price registers. The security incident consisted in the fact that the IT system operated incorrectly and generated a list containing unnecessary, redundant information - land and mortgage register numbers ".


Attached to the above message was an inventory of real estate, which was sent to four recipients on MAy 27, June 27 and June 29, 2021. The first three me

Lost24

A new phishing campaign has been launched, in which criminals send a text message suggesting that the recipient has a pending voice message.


According to CERT Orange Poland, the SMS contains only the text “New voicemail” with a link. Be careful, because the link directs to software from the Flubot family. Flubot is responsible for the overlay attack. This type of attack is based on activating the overlay while using the banking application in order to intercept login data and an SMS with authorization code.


Flubot malware is able to send SMS messages using the victim’s contacts to continue the spread.