Data Viper, a company dealing with monitoring threats, data leaks and cybersecurity breaches, announced the leak of 1.2 billion users that hit the black market, the so-called darknet.

The database contains 4 terabytes of data, which includes names, surnames, phone numbers as well as Facebook, Twitter and LinkedIn profiles.
It may seem that the leak is quite serious, however, the collected data comes from data scraping, i.e. technique for collecting information from public profiles that is shared by users themselves.

According to the Data Viper assessment, the data comes from two different companies dealing with expanding of personal data, i.e. having one information such as name and surname and su


The ai.type application with 40 million download has been identified as malware by Upstream experts.
The application modifies the appearance of the virtual keyboard, learns the user’s writing style and applies automatic spelling correction.

Malicious software sends users request for premium digital services. Upstream experts have noted that ai.type delivers millions of invisible ads, and one of the modules makes false clicks. In addition, the app uses authentic user data related to the displayed pages, clicks and purchases, and forwards the collected data to online advertising companies. It is estimated that the value of purchases of unwanted digital services generated through the ai.type application totals almost 19 million dollars


Cybercriminals have exploited the release of another Windows update to launch an attack.
According to the experts from Trustwave, Internet users receive emails in which they are informed about the need to install an important system update.

Email content: “Please install the latest critical update Microsoft attached to this email”

Attached to the message is a fabricated file with *.JPG extension, which is actually a script that launches the download of the Cyborg ransomware.
Ransomware encrypts data on the disk, thus forcing a ransom. The data decryption value is estimated at $500. 

Thursday 28 November 2019, Safety Guide

SMS phishing - “win” an iPhone 11


Cybercriminals have once again used Lidl and Auchan brands. Multiple users are receiving SMS phishing, where potential victims are informed about a lottery in which they can win iPhone 11.

According to CERT Orange Poland, if the victim decides to participate in the lottery, after four questions, 9 boxes appear, in which the prize should be hidden. When victims see the icon of iPhone 11 in one of the boxes, they are informed that they were selected for pre-release testing of the smartphone. There is only one step necessary to receive the phone - a bank transfer of 1-2 euros to cover ‘shipping cost’.

As experts from CERT warn, participation in the lottery can cost us all the savings from the bank account

Monday 25 November 2019, Safety Guide

Callback scam


Telephone fraud scam where fraudsters make money on inter-operator charges, is becoming more and more popular.

The scammers have gone so far as to pick their phone number, so that it looks like the call is originating from Polish area code, while in fact it is an international prefix. This is, of course, related to the appropriate charge for the connection. A person who will try to call back on such a phone number may be unpleasantly surprised once monthly bill arrives with charges of up tens of PLN.

Recently, the Office of Electronic Communications has warned against fraudster from Africa, such connections, with multiple connections in the Śląskie Voivodeship.



Santander Bank issued a mesage in which it warns of fraudsters impersonating various banks. Cybercriminals send SMS messages of various types.

The text message contains a link that directs users to the fake quick payment page. The content of the message may relate to:
-    Courier surcharge,
-    Bailiff payment, in which the victim is informed of a debt of several PLN,
-    Settling of fees on the auction site so that the listing does not disappear,
-    Information about blocked access to online banking.

The bank warns that one click on the provided link gives th


Cybercriminals try to fool Polish Post’s customers. They send text messages, in which they inform about changes in service fees, due to which an additional payment is required.

The surcharges are as small as PLN 1, so many people may try to make the payment in order to have their debt cleared.

The content of the SMS is as follows:
“In connection with the change in the service fees on 04.11.19, we inform that your parcel requires a surcharge of PLN 1.00 to continue the delivery. https://pp-sa.net/doplata”

The text message is signed as “Polish Post”, it is also listed under real messages from the company, if the victim received any in the past.

Friday 15 November 2019, Safety Guide

xHelper Trojan - attack on Android users


Starting in May 2019, the xHelper Trojan has been attacking Android users. Since then, its activity has increased significantly, and now it is listed as one of the 10 most frequently detected mobile threats. The Trojan is very difficult to remove.

Symantec reports that 45,000 devices are infected with the virus, and on average 131 mobile devices are infected per day. The source of the infection was narrowed down to websites with applications from outside of the Google Play Store.
MalwareBytes experts say the Trojan is distributed through fake gaming sites. In contrast, Symantec claims that xHelper is downloaded by a malicious system app.

Currently, antivirus software cannot cope with the above thr

Tuesday 12 November 2019, Safety Guide

Spotify data leak


There has been a large data leak from the database of subscribers of Spotify streaming service. Spotify platform is used by over 200 million users, of which 100 million are subscribed to the paid version.

The leak concerns 25,000 emails and passwords, there are at least 326 Polish accounts in the publicly available data package.
Anyone with access to the above data could in to the listed users accounts. Therefore, the CERT Polska team has decided to directly notify all persons from Poland whose data was listed in the leak. Each user received a leak notification, with a recommendation to change their password.

At present, it is not known who is responsible for the data leak and how the data of Spot

Monday 4 November 2019, Safety Guide

Trojan in the Tor browser


Tor browser provides anonymity on the web, allows you to visit websites using the Tor network, where it is possible to hide real user data.

According to the experts from ESET, the malicious version of Tor is distributed via a link placed on Internet forums, more precisely two, that impersonate the original installer page. The software installation package is undetectable by antivirus programs, and is modified in a way that disables automatic update functionality.

Cybercriminals modified the HTTPS Everywhere extension so that it contains a JavaScript that loads on every visited website.

According to experts from ESET the script modifies QIWI online money trans

Friday 1 November 2019, Safety Guide

InPost warns about Cerberus malware


InPost warns its email recipients about cybercriminals trying to impersonate the company using text messages. Cybercriminals send messages with a download link a mobile app for tracking information.

According to InPost, the link included in the message is dangerous and leads to infected domain inpost24[.]tk. 

If the victim clicks on the link it will to installation of Cerberus malware on Android devices. Thanks to this, cybercriminals will be able to steal data and funds from the bank account.

InPost states that it never sends links to pages outside of the inpost.pl domain in a text message. At the same time, it asks that in the even a similar incident


Biometric seems to be a sure way of ensuring the safety of a smartphone by preventing unauthorized persons from accessing our data. However, in the case of Samsung Galaxy S10 biometrics is fiction.

According to BBC, everyone is able to unlock the phone, there is only one required condition, smartphone must have a screen protector or a piece of transparent plastic applied on the screen.

The vulnerability was discovered by a British woman that noticed she could unlock her husband’s phone after covering it with foil. The incident was reported to Samsung, which replied that they would take a look at the matter, and at the moment recommends using authorized accessories designed for use with Samsung products.&


Google Chrome and Firefox have become a target of the attack by Russian hackers. Hackers have created a code that allows them to track and eavesdrop on the encrypted traffic.

Hackers are able to take control of the browser by spoofing security certificates. The code authenticates the activities of the protocol ensuring confidentiality during data transfer, the so-called TLS - Transport Layer Security. The TLS protocol ensures confidentiality and integrity of data transmission, and also provides server authentication.

According to Kaspersky, the hackers come from the well-known Turla group and have targeted Internet users from Russia and Belarus. However, cyberminals’ motives are yet to be known. It is sp


Rossmann store has issued a message in connection with fraudulent “you have won a competition” messages. The shop’s customers received fake text messages informing them about the win in the contest, directing the victim to a website where credit card number needs to be provided.

If one of the clients provides his details, a paid subscription is immediately charged on the card, with withdraws up to PLN 300 per month from the account!

According to Rossmann, the content of the text message varies:

-       “We were trying to contact you about your winnings. Get it here: http: // …..”



The dangerous Emotet Trojan, which after a few months of inactivity made itself felt by attacking Internet users with fake emails, has this time targeted mBank customers.

mBank warns of dangerous phishing campaign. Cybercriminals send virus by email in the form of a Word file attachment or a link to a page containing the malicious file.

As the bank explains, the goal of cybercriminals is to intercept login credentials for banking systems in order to extort money. What’s more, the Emotet virus steals passwords saved in browsers and intercepts messages and contact details from mailboxes, so it can pretend to be the victim.

You should pay close attention to the sender