Friday 3 September 2021, Safety Guide

A large leak of bank cards


Payment card details stolen in 2018-2019 were made available online, the leak affects people from all over the world.

According to Komputer Świat, which references Bleeping Computer, payment cards were made available online as part of the promotion for the new carding market. Leaked data includes information about the card user, address, place of residence, email, phone number and CVV number.


A hospital in the United States – Eskenazi Health, fell victim to cybercriminals, as a result of a ransomware attack there was no access to the hospital’s key systems.

It should be remembered that the purpose of the ransomware attack is to block access to computer system to prevent reading of data stored on it. As soon as the attack was detected by the hospital, all ambulances were redirected to other locations. Hospital turned off some of its services, such as access to email and medical records, and started to verify which parts of its system were compromised. In addition, the website of the hospital was disabled.

The hospital has issued a statement informing that no breach of patients and employees data had been detect


The leak of customer data from Tauron, which we informed about a few days ago, has its continuation. Niebezpiecznik portal was contacted by a hacker who came into possession of the files of Tauron’s clients.

A hacker named Edison claims he was provoked to attack because he was attacked himself. Edison detected the attack from the addresses 93.105.88.X and 93.105.88.Y, and then traced the IP carefully. The script came across a server that had a directory listing of numerous files, a total of 200 GB. The files contained recordings of conversation with Tauron’s clients and entries regarding 2 million unique numbers.

The hacker, realizing what data he was dealing with, made several phone calls informing the owners of the numb


The Polish company grouping companies from the energy sector – Tauron – informed its clients about the data leak.
According to Tauron, cybercriminals could take possession of phone calls, and thus obtain information such as: name, surname, date of birth, PESEL number, address of the energy collection point, phone number with email address.

In the announcement issued by Tauron, it can be read that there has been unauthorized access to customer data located in the technical infrastructure of external partners cooperating with Tauron.

Tauron informed its clients about the consequences of a data leak, such as attempts to obtain a loan by a third party or attempts to extort funds accumulated in the account by imperson

Thursday 19 August 2021, Safety Guide

Vulture malware on the Google Play Store


New Vultur malware is spreading via the Google Play Store. Malware intercepts login details for online banking and cryptocurrency applications by recording device’s screen.

According to experts from ThreatFabric, Vultur monitors the screen of the device after launching the online banking application. This is possible thanks to an overlay that looks like the user interface of the actual banking application. The victims are convinced that they are entering the data into the actual app, while in fact they pass it to the scammers. According to the experts, malware is able to apply a window overlay to over 100 official applications of banks and supported wallets.

According to the dobreprogramy portal, attempting to remove Vultur

Tuesday 10 August 2021, Safety Guide

Malware - Windows 11


Access to test builds of Windows through Windows Insider Program channel has been used by cybercriminals. According to Kaspersky, more and more people are downloading and installing application posing to be Windows 11 installer, which in fact is a camouflaged malware.

According to Kaspersky’s malware experts, it contains a file which matches the size of Windows 11 installer - 1.75GB and name matches the actual Windows 11 build number 86307_windows 11 build 21996.1 x64 + activator.exe. However, there is one but - the file contains a single DLL file that is tasked with downloading another file. This file then displays the “License Agreement” dialog box where in its summary you can read that “sponsored applications” will be installed on the compu


Pegasus is a software used by government agencies of multiple countries, which allows to take control of almost any smartphone. For this purpose, it is sufficient, for example, to receive a message sent via WhatsApp messenger. Pegasus is software marketed by the Isreali company NSO.

According to the Niebezpiecznik website, journalists from the Forbidden Stories and Amnesty International have obtained a list of 50,000 personal phone numbers from around 40 countries that were targeted by Pegasus.

Unfortunately, Pegasus has not been used only for fighting criminals, the obtained list includes journalists, activists, businessmen, academics, government officials and lawyers that are inconvenient for individual countries.


In order to encourage Poles to vaccinate against COVID-19, the government has organized a lottery, and from July 1st, 2021, vaccinated people can take part in the draw by registering on the patient’s online account or via the hotline, a fact that fraudsters will certainly not miss.

According to Computer World, phishing campaigns based on the National Vaccination Program Lottery should be expected soon. As you can find out from the website, the system of informing about the winnings is to be done via SMS from the number marked as “Lottery”. After receiving the information of winning, go to the lottery website and check if your details: masked phone number, first name, first letter of the family name are on the list of winners. The lottery pr

Sunday 25 July 2021, Safety Guide

A new type of scam on the OLX


Until now, the scam scheme on the OLX was based on sending messages to the victim via the WhatsApp messenger. CERT Orange Poland warns against a new pattern of fraud.

Scammers send an email that looks credible, it contains the correct OLX logo, as well as official sounding content. By sending an email from the domain, scammers inform the seller that their item has been purchased and that the sale must be confirmed within 24 hours. To do this, one must click the “confirm order” button included in the email, after which they will be redirected to the OLX partner’s page - InPost / Poczta Polska.

According to the CERT, all links but the last contained in the message lead to the actual subpages on the OLX webs


Fraudsters send fake messages to Millenium bank customers regarding the receipt of a wire transfer.

The message concerns the confirmation of the transfer for a high amount. The message is accompanied by an attachment in the form of a pdf in which the invoice for the received transfer is supposed to be contained.

According to the Computer World portal, in the attachment there is an ISO image with Ave Maria malware in it.
Ave Maria is a Trojan that allows cybercriminals to remotely execute code on the victim’s device, which can be used as a keylogger, to intercept passwords entered when logging into a bank account or a social network.

Remember not to rashly open links attached to the messa


In the Public Information Bulletin of the Warsaw City Hall, there was information about the data of property owners being sent out in an email by mistake.

Content of the message:
“The Mayor of the Capital City of Warsaw informs that we mistakenly sent to unauthorized persons the numbers of land and mortgage registers, which are included in the real estate price registers. The security incident consisted in the fact that the IT system operated incorrectly and generated a list containing unnecessary, redundant information - land and mortgage register numbers ".

Attached to the above message was an inventory of real estate, which was sent to four recipients on MAy 27, June 27 and June 29, 2021. The first three me


A new phishing campaign has been launched, in which criminals send a text message suggesting that the recipient has a pending voice message.

According to CERT Orange Poland, the SMS contains only the text “New voicemail” with a link. Be careful, because the link directs to software from the Flubot family. Flubot is responsible for the overlay attack. This type of attack is based on activating the overlay while using the banking application in order to intercept login data and an SMS with authorization code.

Flubot malware is able to send SMS messages using the victim’s contacts to continue the spread.


Antivirus software company Avast warns against downloading illegal copies of games. According to the company, cryptocurrency mining malware is hidden inside the games.

The name of the malware “Crackonosh” refers to the Czech Republic, as there are suspicions that its creator comes from there.
Games that may contain malware are NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4 and Jurassic World Evolution. Crackonosh is able to disable multiple antivirus software and by using the computing power of the intected equipment, it enables cybercriminals to illegally mine digital currencies.

According to the portal dobreprogramy, citing an analyst from Avast, Crackonosh attacks up to 800 devices a day, and at the momen


Volkswagen informed about the possible data leak of 3.3 million Volkswagen and Audi customers. The leakage occurred as a result of improper security of the service provider’s database.

According to the cited information, the database was not protected for almost two years, and the data included customers from 2014-2019. The data that reached the network, in particular the authorized dealers from the USA and Canada, included information on the method of financing cars, registration numbers and VINs. IN addition, as the manufacturer informs, the data included personal data of customers, potential buyers, residential addresses, email addresses and phone numbers.

In case of US and Canadian customers, the leak may also include i


Santander Bank struggled with the failure, customers were charged 100 times more from their account than the actual payment.
Downdetector was flooded with reports from affected customers, in which customers complained about the excessive blocking of funds, for example, instead of PLN 13.37, the amount was PLN 1337.

According to dobreprogramy, there were relatively few reports, but not everyone could immediately notice the current account balance.

The breakdown started before 15:00 and was fixed at 21:40. In the issued statement, the bank informed that incorrect, higher amounts blocked on transactions with payment cards were automatically lifted. The problem concerned less than 1% of transactions executed by the bank