Users of Allegro are more frequently becoming targets of attacks. Newest of them, apart from typical phishing attempts, includes one in which scammers are impersonating Allegro staff.

The victim is convinced that it was granted a refund of PLN 1000 if a form of a voucher, as part of Allegro’s “policy”.

Here’s the content of the email:
“Hello (recipient’s address here)
In accordance with our policy we have granted you a refund in a form of a voucher for PLN 1000 to be spent in Allegro website.
Your coupon is in the attachment!
We are waiting for you!”

“Voucher” can be found in the attachment for the message. Accordin


Cybercriminals are using increasingly sophisticated ways to con as many people as possible with a Premium Rate SMS.

According to Niebezpiecznik someone in Poland is trying to pull off Premium Rate SMS con without attracting attention of UOKiK (local equivalent of OCCP). At first glance Filmfilmy.pl website contains only YouTube trailers and their descriptions. If, however, we enter the site through a Google search ad, meaning the address will contain gclid parameter (Google Click ID), we will be presented with not only a trailer but also a full movie.

However, you need to pay with a Premium Rate SMS. At this point victim might think that watching a movie costs only PLN 0.31, but grey fine print mentions th

Thursday 22 November 2018, Safety Guide

Another OLX discount code scam


For some time now editorial team of Niebiezpiecznik has received worrying  signals about an OLX scam in which users are tempted with discount codes.

Victims receive information from the seller that in order to increase the security of the transaction the purchase needs to be carried out through the online store. At this point scammers provides victims with a website address along with a discount code.

Of course online store hosted at Pinamo.pl is fake and according to Niebezpiecznik the account to which victims transfers money is either a money mule’s account or is tied to some sort of cryptocurrency exchange.
Victims baited by an additional discount that decide to purchase through the

Saturday 17 November 2018, Safety Guide

Free bitcoin on Twitter?


Cybercrooks have used a well known name of billionaire Elon Musk in order to trick Twitter users into paying them in bitcoins. In order to carry out the attack they have hijacked multiple verified Twitter profiles and disguised them as fake profiles impersonating an eccentric billionaire and later posted a message saying “I’m giving 10 000 Bitcoic (BTC) to all community! I left the post of director of Tesla, thank you all for your suppoot”.

If any of the users attempted to receive his “free” bitcoins he had to undergo “verification” of his bitcoin wallet by paying the amount of 0.1 to 1 BTC to the designated account. Cybercriminals are reported to collect up to $170,000 thanks to this.


Tuesday 13 November 2018, Safety Guide

Scammers impersonate DHL Express


Mailboxes of users are being hit with a spam in which scammers are impersonating DHL Express’ courier service.

According to AVLab the subject of the message informs about the shipment number and implies that it is a international shipping – “DHL Customs Agency – Shipment No. …”. Later users are informed that courier already made an attempt to deliver the package and are asked to make a payment.

Message contains no attachment, instead malware is delivered through a hyperlink to site hxxp://dr-dastmardi.ir/bxicnv/rwzmevq.php. If the receiver of the message decides to click on the provided link a ZIP archive will be downloaded.

Experts from the AVLab have iden


The internet security experts from the Marken company distributing the Bitdefender antivirus software warn against cyber criminals impersonating system administrators.

According to the researchers the unknown group of hackers has send e-mail messages to numerous victims from the cborges@inea.gob.ve address, in attempt to extort e-mail inbox data.

In the message, the scammers inform the users that their inbox has exceeded the limit of storage space set by the administrator. They try to intimidate the victims by saying that they will not be able to send and receive any messages if they do not verify their e-mail inbox data once again. In reality the cyber criminals want to extort sensitive login information from the victims, such as: the users


A new type of threat applied by cyber criminals are attacks on the codes in SMS messages. A cyber criminal intercepts the user's SIM card and clones it and, in this way, the SMS transaction authorization codes in internet banking may end up in the wrong hands.

This dangerous form of attack on banking customers is described by the manager responsible for safety in the net from Alior Bank – Paweł Ogonowski, who has given an interview to the CyberDefence24.pl website

The attack on the customer's work place results in the customer seeing something totally different than that which can be seen on the device screen. T


The internet serurity experts from ESET have discovered a dangerous virus – LoJax, which is a threat to the devices of the residents of central and eastern Europe, this including Poland. The threat is dangerous in the sense that it nests in the computer motherboard integrated circuit, where the UEFI – the successor of BIOS – is located.

The virus is difficult to delete since even completing a disc format will not help. As the researchers from ESET explain, LoJax, after taking control over the operating system, overwrites the UEFI, that is the system steering the operation of the computer, a malicious code which is responsible for the activation of a Trojan horse in the victim's operating system. Next, the device communicates with the C&C server, do

Saturday 27 October 2018, Safety Guide

A safety gap in NUOO industrial cameras


The safety experts from Tenable have discovered a safety gap in the NUOO Network Video Recorder camera software, owing to which the cyber criminals can, with the assistance of zero-day exploit devices, follow video recording and thus manipulate their content.

The discovered gap is "Peekaboo" which has been found in the CCTV industrial television system management software which enables viewing and modifying the material and stealing data.

The problem is serious in a sense that NUUO is one of the best in the video surveillance industry and its products have been implemented in over 100 hundred thousand installations all over the world. What is more, as the DI puts it, many companies are not aware that their surveillance systems are us


The Internet users have recently received e-mail messages with false payment requests from unknown group of cybercriminals impersonating as Kruk – a debt collection company.

Experts from the Zaufana Trzecia Strona portal have found that the attack was conducted by a same group that has previously impersonated the polish Social Security Institution (ZUS).

The false payment request calls for payment of debt, and if no payment is made in due time, the “debtor “ must reckon with the fact that the case will end-up in court.

Aside from the fake requests, the e-mail messages included an attachment, containing the RAR file with in rea


Researchers discovered a new malware, named Xbash, targeting servers of various platforms, with four different versions seen in the wild actively seeking unprotected services, exploiting vulnerabilities, and deleting databases in modern OS systems.

A newly discovered malware was reported to have combined ransomware, coinminer, botnet and worm feature together.

The malware attacks both Windows and Linux systems in different ways. It deletes database on Linux while mines for cryptocurrency on Windows.

Generally, Xbash malware is likely to attack the system that is protected with a weak password or running with unpatched known vulnerabilities. On Linux, researcher found that Xbash malware is clearly instructed to delete the vic

Sunday 9 September 2018, Safety Guide

FBI warns of impending ATM scam


According to a information given by the US Federal Bureau of Investigation the Automated Teller Machine (ATM) around the world are at risk of an imminent cyber attack.

A confidential FBI alert sent to banks stated that the scheme, known as an “ATM cash-out”, could take place in a matter of days.

“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global ATM cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”

The ‘unlimited operation’ that the FBI is concerned about is when the cybercriminals deploy malware to obtain bank customer card information and network access in a way


The Eurogamer’s cybersecurity experts have recently detected a new game (published on Steam gaming platform) accused of mining cryptocurrency without user consent.

The game is called Abstractism and presents itself as a minimalist platformer title. Multiple players have left negative reviews with screenshots showing evidence the game installs a Trojan virus disguised as a steam.exe process along with malware under the name "abstractism launcher". According to the Eurogamer’s report the viruses are likely installing cryptocurrency mining software, which presents a huge risk for the players.

The cryptocurrency mining malwares are known to damage computer performance, increase electricity bills, and even infect cloud infrastructure.


A fake BZWBK bank application for Android systems has recently appeared in the Google Play store. As reported by the Niebezpiecznik portal, the application's task is to steal login details and intercept the text messages.

The application was displayed under the name BZWBK light, and even though it was available just for one day, the fake app was installed more than 1000 times. Such a large number of downloads is most likely connected with the launching of a wide advertising campaign, which allowed to popularize the app on various websites, like for example Wykop.pl.

The fake application has been removed from the Google Play store, however, it is still available in other, unofficial app stores.



A while ago, Microsoft Corporation has encountered a rapidly spreading cryptocurrency-mining malware, dubbed Dofoil, aka Smoke Loader, that infected hundred of thousands of computers within just several hours.

According to the Microsoft internet security experts, Dofoil includes a resource-draining cryptocurrency-mining payload. It connects to a remote site and downloads and executes arbitrary files, which can also download and run other malware.

Cryptocurrency-mining malware, or just cryptomining malware, is a relatively new term that refers to software programs and malware components developed to take over a computer's resources and use them for cryptocurrency mining without a user's explicit permission.

Besides the crypto