Just a little FYI: Filtering doodad in Adblock Plus opens door to third-party malware injection (The Register)

The Register: Just a little FYI: Filtering doodad in Adblock Plus opens door to third-party malware injection . “A feature introduced last year in Adblock Plus and a few other related content blocking browser extensions allows providers of filtering lists, under certain conditions, to execute arbitrary code on web pages.” Sure glad I use uBlock Origin instead of uBlock…

TechCrunch: TrickBot malware attacks are ramping up ahead of Tax Day

TechCrunch: TrickBot malware attacks are ramping up ahead of Tax Day. “TrickBot, a financially motivated trojan, infects Windows computers through a malicious Excel document sent by a specially crafted email. Once infected, the malware targets vulnerable devices on the network and combs for passwords and banking information to send back to the attacker. The collected information can be used to steal funds for fraud. The ever-expanding malware is continually developed to collect as many credentials as possible.”

BetaNews: Check to see if your computer was targeted by the ASUS ShadowHammer malware

BetaNews: Check to see if your computer was targeted by the ASUS ShadowHammer malware. “Yesterday we reported about a warning from Kaspersky that the ASUS Live Update Utility had been hacked to deliver ShadowHammer backdoor malware. ASUS has now released a patch to secure systems, and Kaspersky has released a tool that you can use to check whether you have been affected by the malware.”

CNET: MyPillow, AmeriSleep websites were hit with hacks stealing credit card data

CNET: MyPillow, AmeriSleep websites were hit with hacks stealing credit card data. “Hackers planted malware to steal credit card information from customers at two major sleep retailers, researchers have found. The two companies, MyPillow and Amerisleep, are popular pillow and mattress companies, boasting millions of dollars in sales on their websites. What was not on their websites was breach disclosures for skimmers that security researchers at RiskIQ discovered, going back to April 2017.”

Ubergizmo: A Worrying Two-Thirds Of Android Antivirus Apps Are Apparently Frauds

Ubergizmo: A Worrying Two-Thirds Of Android Antivirus Apps Are Apparently Frauds. “Antivirus apps are meant to give you peace of mind where in the event you accidentally click on that suspicious link or email, you know that your device should be somewhat protected. Unfortunately there are so many antivirus apps out there that it can be a bit difficult to choose which one to go for, and the sad thing is that most of them are apparent frauds.”

Ars Technica: Nasty WinRAR bug is being actively exploited to install hard-to-detect malware

Ars Technica: Nasty WinRAR bug is being actively exploited to install hard-to-detect malware. “Malicious hackers wasted no time exploiting a nasty code-execution vulnerability recently disclosed in WinRAR, a Windows file-compression program with 500 million users worldwide. The in-the-wild attacks install malware that, at the time this post was going live, was undetected by the vast majority of antivirus product.”

BetaNews: Researchers find two Android malware campaigns with over 250 million downloads

BetaNews: Researchers find two Android malware campaigns with over 250 million downloads. “Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had a combined total of over 250 million downloads globally. Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.”