Saturday 14 October 2017, Safety Guide

A fake version of Adblock Plus extension


Unfortunately, we may have a bad news for all the Google Chrome users, who have recently installed the AdBlock Plus expansion.

According to the twitter user describing as @SwiftOnSecurity, up until 10th of October, a fake AdBlock Plus clone was listed in Google Chrome’s official Web Store. @SwiftOnSecurity tweeted that: “Google allows 37,000 Chrome users to be tricked with a fake extension by a fraudulent developer who clones popular name and spams keywords.”

It is unclear if the fake plug-in was designed to drop malware or other malicious payloads. However, just to be on the safe side, it is advised to check its developer’s credentials (by selecting: Chrome > More Tools > Extensions) or even better, to reinstall the web

Wednesday 11 October 2017, Safety Guide

Disqus users’ data leakage exposed


Disqus – a worldwide blog comment hosting service for web sites and on-line communities, has admitted that it was hacked 5 years ago in July 2012.

The stolen data included e-mail addresses, usernames, sign-up dates, and last login dates in plain text for over 17.5 million users. The hackers also got their hands on passwords for about 71% of the affected users, which were salted and hashed using the weak SHA-1 algorithm.

The theft was discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company claims that although there was no evidence of unauthorized logins, affected users will be e-mailed about the breach, and their previous p


Do you remember our article on so-called skimmers, a malicious credit card readers installed by criminals directly on to ATM machines? It turns out that there is an app, available on  Google Store, that can help us detect the skimmers.

The app is known as Skimmer Scanner, and it was developed by the programmers from the SparkFun Elektronics company. The application runs on open source licence, and is available for all Android users.

How does it work?
All you need to do is to simple launch the Skimmer Scanner and turn on Bluetooth. This will aloud the app to scan for HC-05 module, which is the one of the most popular modules used in skimmers. The application will detect the skimmer, even from a distance of 5 meters.


The ING Bank has issued an warning to its clients about a new phishing campaign, orchestrated by the yet unknown group of  fraudsters.

For the scam to be successful, the fraudsters first requires to obtain several essential pieces of information. To that end, the unsuspecting client is contacted by a person who claims to be a ING bank’s representative. The “consultant” skilfully manipulates the victim to firstly reveal his or hers login and password to the banking system. Secondly, the client is asked to pass the newly generated SMS code, displayed on the victim’s phone.
The obtained login credentials allow the scammer to permanently change the phone’s number, on which all the future authentication codes will be send.


A British supermarket Costcutter located at Brunel University in London is testing out a new cash-free biometric payment system. This technology uses the unique aspects of a customers’ body tissue and lets them pay for groceries using the vein pattern in their fingers.

The biometric payment system – denoted as Fingopay – was designed by the Sthaler company. The firm is convinced that the vein technology is the most secure biometric identification method as it cannot be copied or stolen. A spokesperson for Sthaler explains that the method can be used for multiple bank accounts, allocating different fingers with different bank accounts. There is also no need to remember any PIN codes, and to carry cash, or credit cards.
The company confirms that doz


CCleaner – a very popular maintenance utility for cleaning registry and removing unnecessary files – was recently hacked and used to deliver malware to unsuspecting users. Even though 2.3 million computers were potentially exposed to the malware, Avast Piriform – the producer of the utility – has stated that the attackers had not used the malicious software to do any damage.

Now it seems that the spreading of the malware was just a beginning, and that a second stage of the attack may open the hackers a secret back door into all infected computers.

This finding is particularly dangerous, because according to the Cisco

Sunday 24 September 2017, Safety Guide

Another cyberattack on the mBank clients


The mBank has issued an another warning to its clients that the unknown group of cybercriminals has been sending false e-mails. According to the bank, the messages contain a malicious attachment – pdf file, and inconspicuous-looking text, confirming the execution of the bank transfer.

Here you can see an example of the false e-mail message.

If the recipients of the false message click on the attached link, the bank advises its clients to scan the computer for malicious content with antivirus software and to change passwords to the on-line banking service, preferably on anothe

Wednesday 20 September 2017, Safety Guide

CCleaner utility compromised


CCleaner is a very popular maintenance utility for cleaning registry and removing unnecessary files. However, according to the producer of this software – the Avast's Piriform – the CClener version 5.33 was infected with malware.

The experts from the Cisco Talos company have discovered a malicious bit of code injected by the hackers that could have affected more than 2 million users who downloaded the most recent update. The security researcher estimates that CCleaner attracts more than 5 million new downloads a week.

Avast claims that its download servers were compromised between 15th of August and 12th of September, when it updated the servers with a new 5.33 version. During that time, a trojan was loaded into the download package. The m

Sunday 17 September 2017, Safety Guide

Data leakage from mBank


The Niebezpiecznik portal has informed about a data leakage from mBank costumer’s base. However, unlike in most similar cases, the leakage was not caused due to the hackers’ activity, but due to the negligence and inattention of the mBank’s employee.

How did it happen?
According to a bank representative, careless employee mistook the CC field with the BCC, when sending e-mail messages with the latest news about the bank’s investment funds. Overall, a total of 750 e-mail addresses of individual clients were revealed.

The Niebezpiecznik portal emphasized that the leaked e-mail addresses concerned a group of the wealthier bank’s costumers, which may later on attract cybercriminals specializing in data theft and phishing.

Wednesday 13 September 2017, Safety Guide

Equifax hacked!


Equifax – one of the largest financial companies in the US was hacked.

Social security numbers, birth dates, addresses and even the driver's license numbers have fallen to the hacker’s hands. Moreover, the cybercriminals have also stolen over 209 thousands credit card numbers and approximately 182 thousands documents containing sensitive personal data.

The hackers have exploited a vulnerability in one of the applications. It seems odd, that the attackers had unauthorized access to the Equifax’s  systems from mid-May until the end of July.

Equifax has hired an outside company to investigate the incident. Representatives of the company have also cooperated closely with law enforcement agencies.


The notorious hacking group, dubbed as Dragonfly 2.0, has hacked the operational networks of multiple energy companies, located in the U.S., Turkey and Switzerland.

According to the Symantec cyber security researchers, who have discovered the Dragonfly 2.0 campaign, the group “has the ability to sabotage or gain control of [energy companies’] systems should it decide to do so".

The experts also claim that the hackers have already gained a wide access to operational systems of Western energy firms. The control includes the ability to turn on or off breakers inside the companies' infrastructure and hijack systems that monitor the health of the grid.

So far, the Symantec security researchers did not link Dragonfly 2.0


mBank warns its customers of a new virus that was designed to faithfully resemble the bank’s mobile application, available on Android systems.

According to the bank’s information, every user who has tried to login to the banking system, and has received an unusual message, asking for “the phone number’s authorization”, should stop his or her action and notify the bank immediately.

During the authorization process the unsuspecting clients are, firstly, asked to enter their login data (which includes: phone number, login, password, and PIN code) and, then, to confirm the given information with the SMS code.

After the confirmation, the virus transmits all the acquired information to its creators, who can now freely de

Saturday 2 September 2017, Safety Guide

Prey app – an anti-theft software


Prey is a theft protection application which was designed to help locate stolen or missing devices, such as laptops, tablets and smartphones.

After installation, the app is controlled from a website, at which the owner can track the device's location, capture its IP address, activate the camera, sound an alarm, message the device, and finely lock it down.

Moreover, if the device is stolen, the Prey allows the owner to remotely recover the stored data and wipe the entire operating system. This means that any data stored on the device will not fall in the hands of a thief.

The Prey app can be downloaded from this website. However, the number of d


Security experts from Lookout company have found over 500 apps in the Google Play store that allow the installation of harmful spyware. The total number of downloaded apps exceeds 100 million. Infected

Lookout experts do not provide a complete list of infected applications. However, they do confirm that the infection was found in various types of apps, such as: Internet radios, photo editors, weather applications, or emoji kits.

All the infected apps have one thing income, namely they all contained the malicious software developer kit (SDK) called IGEXIN. Once an app using a malicious version of IGEXIN is installed on a phone, the developer kit can update the app to include spyware at any time, with no warning.



This time the cybercriminals have turned their attention towards the users of taxi booking apps. According to the Kaspersky Lab researchers, the unknown group of hackers has realised a new version of the well-known mobile banking Faketoken Trojan.

The malware performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim. Moreover, the trojan can monitor and record the users’ calls, transmit the data to the command and control servers, and even steal the incoming SMS message, allowing the cybercriminals to get access to one-time verification passwords sent by a banks.

For now, the Faketoken trojan targets mostly the Russian Android users. However, th