Tuesday 13 November 2018, Safety Guide

Scammers impersonate DHL Express

Lost24

Mailboxes of users are being hit with a spam in which scammers are impersonating DHL Express’ courier service.


According to AVLab the subject of the message informs about the shipment number and implies that it is a international shipping – “DHL Customs Agency – Shipment No. …”. Later users are informed that courier already made an attempt to deliver the package and are asked to make a payment.


Message contains no attachment, instead malware is delivered through a hyperlink to site hxxp://dr-dastmardi.ir/bxicnv/rwzmevq.php. If the receiver of the message decides to click on the provided link a ZIP archive will be downloaded.


Experts from the AVLab have iden

Lost24

The internet security experts from the Marken company distributing the Bitdefender antivirus software warn against cyber criminals impersonating system administrators.

According to the researchers the unknown group of hackers has send e-mail messages to numerous victims from the cborges@inea.gob.ve address, in attempt to extort e-mail inbox data.

In the message, the scammers inform the users that their inbox has exceeded the limit of storage space set by the administrator. They try to intimidate the victims by saying that they will not be able to send and receive any messages if they do not verify their e-mail inbox data once again. In reality the cyber criminals want to extort sensitive login information from the victims, such as: the users

Lost24

A new type of threat applied by cyber criminals are attacks on the codes in SMS messages. A cyber criminal intercepts the user's SIM card and clones it and, in this way, the SMS transaction authorization codes in internet banking may end up in the wrong hands.

This dangerous form of attack on banking customers is described by the manager responsible for safety in the net from Alior Bank – Paweł Ogonowski, who has given an interview to the CyberDefence24.pl website

The attack on the customer's work place results in the customer seeing something totally different than that which can be seen on the device screen. T

Lost24

The internet serurity experts from ESET have discovered a dangerous virus – LoJax, which is a threat to the devices of the residents of central and eastern Europe, this including Poland. The threat is dangerous in the sense that it nests in the computer motherboard integrated circuit, where the UEFI – the successor of BIOS – is located.

The virus is difficult to delete since even completing a disc format will not help. As the researchers from ESET explain, LoJax, after taking control over the operating system, overwrites the UEFI, that is the system steering the operation of the computer, a malicious code which is responsible for the activation of a Trojan horse in the victim's operating system. Next, the device communicates with the C&C server, do

Saturday 27 October 2018, Safety Guide

A safety gap in NUOO industrial cameras

Lost24

The safety experts from Tenable have discovered a safety gap in the NUOO Network Video Recorder camera software, owing to which the cyber criminals can, with the assistance of zero-day exploit devices, follow video recording and thus manipulate their content.

The discovered gap is "Peekaboo" which has been found in the CCTV industrial television system management software which enables viewing and modifying the material and stealing data.

The problem is serious in a sense that NUUO is one of the best in the video surveillance industry and its products have been implemented in over 100 hundred thousand installations all over the world. What is more, as the DI puts it, many companies are not aware that their surveillance systems are us

Lost24

The Internet users have recently received e-mail messages with false payment requests from unknown group of cybercriminals impersonating as Kruk – a debt collection company.


Experts from the Zaufana Trzecia Strona portal have found that the attack was conducted by a same group that has previously impersonated the polish Social Security Institution (ZUS).


The false payment request calls for payment of debt, and if no payment is made in due time, the “debtor “ must reckon with the fact that the case will end-up in court.


Aside from the fake requests, the e-mail messages included an attachment, containing the RAR file with in rea

Lost24

Researchers discovered a new malware, named Xbash, targeting servers of various platforms, with four different versions seen in the wild actively seeking unprotected services, exploiting vulnerabilities, and deleting databases in modern OS systems.

A newly discovered malware was reported to have combined ransomware, coinminer, botnet and worm feature together.

The malware attacks both Windows and Linux systems in different ways. It deletes database on Linux while mines for cryptocurrency on Windows.

Generally, Xbash malware is likely to attack the system that is protected with a weak password or running with unpatched known vulnerabilities. On Linux, researcher found that Xbash malware is clearly instructed to delete the vic

Sunday 9 September 2018, Safety Guide

FBI warns of impending ATM scam

Lost24

According to a information given by the US Federal Bureau of Investigation the Automated Teller Machine (ATM) around the world are at risk of an imminent cyber attack.

A confidential FBI alert sent to banks stated that the scheme, known as an “ATM cash-out”, could take place in a matter of days.

“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global ATM cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”

The ‘unlimited operation’ that the FBI is concerned about is when the cybercriminals deploy malware to obtain bank customer card information and network access in a way

Lost24

The Eurogamer’s cybersecurity experts have recently detected a new game (published on Steam gaming platform) accused of mining cryptocurrency without user consent.

The game is called Abstractism and presents itself as a minimalist platformer title. Multiple players have left negative reviews with screenshots showing evidence the game installs a Trojan virus disguised as a steam.exe process along with malware under the name "abstractism launcher". According to the Eurogamer’s report the viruses are likely installing cryptocurrency mining software, which presents a huge risk for the players.

The cryptocurrency mining malwares are known to damage computer performance, increase electricity bills, and even infect cloud infrastructure.

Lost24

A fake BZWBK bank application for Android systems has recently appeared in the Google Play store. As reported by the Niebezpiecznik portal, the application's task is to steal login details and intercept the text messages.

The application was displayed under the name BZWBK light, and even though it was available just for one day, the fake app was installed more than 1000 times. Such a large number of downloads is most likely connected with the launching of a wide advertising campaign, which allowed to popularize the app on various websites, like for example Wykop.pl.


The fake application has been removed from the Google Play store, however, it is still available in other, unofficial app stores.

Cyb

Lost24

A while ago, Microsoft Corporation has encountered a rapidly spreading cryptocurrency-mining malware, dubbed Dofoil, aka Smoke Loader, that infected hundred of thousands of computers within just several hours.

According to the Microsoft internet security experts, Dofoil includes a resource-draining cryptocurrency-mining payload. It connects to a remote site and downloads and executes arbitrary files, which can also download and run other malware.

Cryptocurrency-mining malware, or just cryptomining malware, is a relatively new term that refers to software programs and malware components developed to take over a computer's resources and use them for cryptocurrency mining without a user's explicit permission.

Besides the crypto

Lost24

Cybercriminals have taken control of the NEO24.pl online store by sending out messages about a false special offer.


The customers have received SMS messages informing about a 30% discount on all items in the store. The message contained a link redirecting to mistrzostwa.neo24.pl. NEONET appeared as the sender of the message on the users' devices.


As per the information from the Next portal, where the press office has sent its statement, the NEO24.pl company has undertaken all necessary steps in order to minimize the results of the operation of the hackers, shutting down the mistrzostwa.neo24,pl domain and the server which was the target of the attack.


Lost24

The mBank warns smart phone owners with the Android system of a new malicious application. The device may get infected by using authorized application stores or links sent in an SMS message, which may redirect to the Google Play Store or to an unauthorized store.


The malicious application simulates the smart phone's operating system update which results in infecting the device. When an attempt to log into the mBank application is made, the user sees a so-called overlay - an additional window where you normally enter the ID and password to log into the mobile banking system. The above data is transferred to the cybercriminals.


The application's permissions allow to take over control of SMS

Lost24

Cryptocurrency has made a number of profits for the holders, and it attracts hacker to mine for the money in the past time. These days, it was revealed that hackers use so called “clipboard hijack attack” to change the users’ bitcoin addresses and replace the address with their own to get the cryptocurrency.

What is a clipboard hijack attack? A clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site.

How does the attacker steal money with the clipboard hijacker attack? To send cryptocurrency, users should use a flexible address to finish the transfer. As a result, most of them are likely to paste their addresses t

Friday 13 July 2018, Safety Guide

OLX portal – false announcements

Lost24

The OLX advertising portal warns against false announcements. According to the portal some of the recently added messages contain a link with infected application.


Fake messages usually refer to job offers and in some cases also to free toy giveaways. Any person who, in response to an advertisement, has sensed his or her CV receives a link allegedly leading to a new application, which the victim is asked to test.


However, in reality the application infects the victim's device with a vicious malware, capable for example of intercepting the victim's bank logging data.


The security experts from Next portal have denoted the malwares as Spy.Banker