Antivirus software company Avast warns against downloading illegal copies of games. According to the company, cryptocurrency mining malware is hidden inside the games.

The name of the malware “Crackonosh” refers to the Czech Republic, as there are suspicions that its creator comes from there.
Games that may contain malware are NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4 and Jurassic World Evolution. Crackonosh is able to disable multiple antivirus software and by using the computing power of the intected equipment, it enables cybercriminals to illegally mine digital currencies.

According to the portal dobreprogramy, citing an analyst from Avast, Crackonosh attacks up to 800 devices a day, and at the momen

Volkswagen informed about the possible data leak of 3.3 million Volkswagen and Audi customers. The leakage occurred as a result of improper security of the service provider’s database.

According to the cited information, the database was not protected for almost two years, and the data included customers from 2014-2019. The data that reached the network, in particular the authorized dealers from the USA and Canada, included information on the method of financing cars, registration numbers and VINs. IN addition, as the manufacturer informs, the data included personal data of customers, potential buyers, residential addresses, email addresses and phone numbers.

In case of US and Canadian customers, the leak may also include i

Santander Bank struggled with the failure, customers were charged 100 times more from their account than the actual payment.
Downdetector was flooded with reports from affected customers, in which customers complained about the excessive blocking of funds, for example, instead of PLN 13.37, the amount was PLN 1337.

According to dobreprogramy, there were relatively few reports, but not everyone could immediately notice the current account balance.

The breakdown started before 15:00 and was fixed at 21:40. In the issued statement, the bank informed that incorrect, higher amounts blocked on transactions with payment cards were automatically lifted. The problem concerned less than 1% of transactions executed by the bank

The UNIQA company - the owner of AXA, sent emails without the BCC (blind carbon copy) field, revealing the data of 1000 customers in each email. As a reminder, the BCC option allows you to send messages to multiple recipients, preventing the disclosure of sensitive data - recipients cannot see each other's emails.

According to the Niebezpiecznik portal, UNIQA first sent out emails revealing the data of 1000 customers in each email, and then revealed the same data again, as the “email cancellation” mechanism was used.

The message concerned information about the change in the terms and conditions of using the PPK online service for the Employing Entity. It should be noted that the message recall feature

Fraudsters send fake text messages pretending to be PGE, Polska Grupa Energetyczna. Fraudsters threaten to disconnect the electricity due to arrears of a few zlotys.

In order to settle the arrears, one needs to click on the link attached to the SMS message.

According to the portal Niebezpiecznik, messages are sent from multiple numbers and direct to various links, which are redirected through the cli.co domain. The website the victim visits poses to be the PGE’s website and redirects to the fraudulent payment gateway. Depending on the bank’s choice, the theft of funds takes place via BLIK or an attempt to intercept personal data (PESEL, mother’s maiden name) used to connect the mobile application to the appropriate acco

CERT Orange Poland warns against a fake version of the WhatsApp application for Android phones. The installation file is whatsapp.apk and within it is hidden Anubis malware. It is one of the banking Trojans, appearing most frequently on malicious websites, however, there have also been cases where it could be downloaded from the Google Play Store by downloading additional content.

As reported by the dobreprogramy portal, Anubis malware runs in the background and also hides its application icon. It is able to save all data from the phone’s keyboard, intercept text messages and calls. Of course, this is the way to hijack your online banking credentials by cybercriminals.

As suggested by CERT, cybercriminals wanting to increas

In order to take out a loan, you usually need to present your identity card in addition to your personal data and PESEL identification number. Niebezpiecznik portal, based on the example of its reader, shows how a fraudster can take out a loan, based on publicly known data.

The reader of the portal, by including the notification from the Credit Information Bureau, found out that someone had taken a loan in the amount of PLN 5,000 in his name via the SuperGrosz.pl loan service, which is run by the AIQLabs company. The downloaded report show that the reader’s data had already been verified at the beginning of this year by AIQLabs.
On the SuperGrosz.pl website, the final verification of the borrower takes place at the agency of Polish Post or Po

A woman from the United Kingdom lost GBP 9,000, scammers created a fake advertising campaign using the image of a famous person - Elon Musk, owner of Tesla and SpaceX.

The deceived woman came across a specially crafted BBC website, from which she found out about the said campaign. The advertising campaign assured that after making a deposit in bitcoin, a payout of double the amount would be made. The victim, after realizing that she was a victim of fraud, immediately contacted her bank. However, the money was no longer recoverable as the transaction was made voluntarily.

According to the Ladbible portal, the BBC has taken steps to close the fraudulent website.

A woman from the United Kingdom lost GBP 9,000, scammers created a fake advertising campaign using the image of a famous person - Elon Musk, owner of Tesla and SpaceX.

The deceived woman came across a specially crafted BBC website, from which she found out about the said campaign. The advertising campaign assured that after making a deposit in bitcoin, a payout of double the amount would be made. The victim, after realizing that she was a victim of fraud, immediately contacted her bank. However, the money was no longer recoverable as the transaction was made voluntarily.

According to the Ladbible portal, the BBC has taken steps to close the fraudulent website.

Scams based on hijacking WhatsApp user accounts are becoming more and more popular.

According to CyberDefence24, fraudsters take over the accounts of randomly selected users, which is possible thanks to reading the verification code during registration. The scammers then contact the target’s WhatsApp friends impersonating the person. The scam is similar in practice to the scams utilizing Blik, which are often used after hijacking a user's Facebook account.

The above method of deception is popular in India, where the fraudsters most often suggest to their victims that money is needed to support the health service fighting the coronavirus.

In the issued announcement, PKO BP bank warns its clients against fraudulent emails. Be careful of messages with the subject “Invalid IBAN”.

The sender of the message polisysme@pkobp.pl. In the text of the message, the victim learns that, on behalf of another bank customer, the bank tried to send a transfer that was rejected. In order to receive the payment, the victim is prompted to click on the link confirming the correctness of the attached IBAN number.

The link in the email leads to malware. Clicking on a link may result in loss of money and control of your bank account.

Polish Oil Mining and Gas Extraction (PGNiG) warns against fraudulent SMS messages, scammers suggest the need to settle a payment.

Example of the text message: PGNIG: Please be advised that due to debt in the amount of PLN 12.45, we ordered the gas to be disconnected for the next working day.

According to PGNiG, text messages are sent from different phone numbers and should be considered as SPAM. Moreover, PGNiG customers may receive fake emails where the subject of the email concerns information on arrears. The victim, as in the text message, is informed about the debt, which should be settled as soon as possible, using the link to eBOK (the message contains a hyperlink). Fraudulent emails come from no-reply@epgnig.pl, and t

Persons who have used Passwordstate’s password manager must be careful as there has been a large data leak.

Hackers placed malicious files inside the application, breaching the security of 29,000 companies and 370,000 employees using Passwordstate.

According to the dobreprogramy portal, the scale of the leak is so huge, because the malicious code planted by hackers on Click Studios’ servers was sent as part of the update. The update was automatic and the malicious code made it possible to download information about the victim’s computers along with passwords from Passwordstate application.

The data leak is serious due to the fact that Passwordstate is used by many of the largest companies in

Niebezpiecznik portal warns against text messages about the parcel being detained by the customs services.

The text of the message does not change: “Your package has been seized by the customs services: [LINK]”. However, messages are sent from different numbers and contain different links.

According to Niebezpiecznik, the link redirects you to a website claiming to be a courier company. Clicking on the link leads to the download of a malicious application on your Android device. Cybercriminals have one goal - to steal money from a bank account. According to the portal dobreprogramy, it is probably a FluBot Trojan. The goal of the malware is to hijack passwords and logins to the online banking application. The transaction

Fraudsters used the image of InPost to create a fake page, demanding payment for a courier delivery.

Potential victims are convinced that InPost branches have been closed to the coronavirus pandemic. The victim is encouraged to pay for the shipping in order to deliver it home by courier, rather than waiting for pickup at an InPost branch.

The scammers inform that after making the payment, the victim will receive an SMS notification along with a courier number. Additionally, we are assured that the package will be delivered within 24 hours.

According to the experts from Threat Labs, fraudsters have created a fake BNP Paribas payment gateway to extort money.