Paloalto Networks: Fake Flash Updaters Push Cryptocurrency Miners. “In most cases, fake Flash updates pushing malware are not very stealthy. In recent years, such imposters have often been poorly-disguised malware executables or script-based downloaders designed to install cryptocurrency miners, information stealers, or ransomware. If a victim runs such poorly-disguised malware on a vulnerable Windows host, no visible activity happens, unless the fake updater is pushing ransomware. However, a recent type of fake Flash update has implemented additional deception.”
Columbia Journalism Review: Spyware hijacks smartphones, threatens journalists around the world. “IN MAY 2016, the Mexican investigative journalist Sebastián Barragán was working on an explosive story. An anonymous source had sent Aristegui Noticias, the investigative outlet where he worked, a grainy video that appeared to show a scene of brutal torture; in it a group of police officers surround a man handcuffed to a chair; they strike him over and over again, and pull a plastic bag over his head. One of the men in the video is wearing a jacket with the letters PGJEM, The Prosecutor General for the State of Mexico, a state that surrounds Mexico City like a horseshoe. Barragan called the PGJEM and the Mexican Attorney General’s (PGR) office for comment.”
Ars Technica: First UEFI malware discovered in wild is laptop security software hijacked by Russians. “ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a ‘rootkit,’ active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. While the malware had been spotted previously, ESET’s research is the first to show that it was actively attacking the firmware of computers to establish a tenacious foothold.”
Ars Technica: Google taking new steps to prevent malicious Chrome extensions. “Google has announced plans to further restrict Chrome extensions in a bid to crack down on the number of malicious extensions found in the Chrome Web Store. We’ve seen a spate of malicious extensions this year; the extensions do things like steal credentials and participate in click fraud schemes. The malicious extensions take advantage of the considerable access to webpages that extensions have.”
ZDNet: Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks. “Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks. Around 88% of these routers are located in Brazil, and the campaign has been raging since at least mid-August when security firm Radware first spotted something strange.”
TechCrunch: Russian hackers ‘Fancy Bear’ now targeting governments with rootkit malware. “Security researchers say that they have found evidence that for the first time Russia-backed hackers are now using a more sophisticated type of malware to target government entities. ESET presented its case Thursday that the hacker group, known as Fancy Bear (or APT28), is using rootkit malware to target its victims. That marks an escalation in tactics, which the researchers say the group’s hacking capabilities ‘may be even more dangerous than previously thought.'” ESET sounds like it should be an explained acronym but it’s the name of a security company.
Ars Technica: Researchers find Russian “VPNfilter” malware was a Swiss Army hacking knife. “Researchers at Cisco’s Talos have discovered that VPNfilter—the malware that prompted Federal Bureau of Investigation officials to urge people to reboot their Internet routers—carried an even bigger punch than had previously been discovered. While researchers already found that the malware had been built with multiple types of attack modules that could be deployed to infected routers, further research uncovered seven additional modules that could have been used to exploit the networks routers were attached to, thus stealing data and creating a covert network for command and control over future attacks.”