BetaNews: ‘New Mafia’ cyber attacks on businesses up 23 percent in 2017. “A new report from anti-malware specialist Malwarebytes says that the volume and sophistication of cyber attacks is growing thanks to an increase in organized cyber crime it dubs the ‘New Mafia’. Ransomware attacks up to the end of October have surpassed total figures for 2016 by 62 percent. In addition, there has been an almost 2,000 percent increase in ransomware detections since 2015 — rising to hundreds of thousands in September 2017 from less than 16,000 in September 2015.”
ProPublica: Facebook Allowed Political Ads That Were Actually Scams and Malware. “Russian disinformation isn’t the only deceptive political advertising on Facebook. The pitch designed to lure President Donald Trump’s critics is one of more than a dozen politically themed advertisements masking consumer rip-offs that ProPublica has identified since launching an effort in September to monitor paid political messages on the world’s largest social network. As the American public becomes ever more polarized along partisan lines, swindlers who used to capitalize on curiosity about celebrities or sports are now exploiting political passions.” And it’s been going on for a while – I mentioned this a year ago in a fake ad mentioning Michelle Obama.
The Register: International team takes down virus-spewing Andromeda botnet. “Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Armageddon botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware onto infected PCs. It was shut down on November 29 in a combined operation by Europol, the FBI, security vendor ESET and Microsoft.”
Ars Technica: Websites use your CPU to mine cryptocurrency even when you close your browser. “Researchers have discovered a new technique that lets hackers and unscrupulous websites perform in-browser, drive-by cryptomining even after a user has closed the window for the offending site.”
Phandroid: Malware targeting several bank customers found on Google Play . “Avast has released a new report detailing a new kind of malware called BankBot that targets customers of large banks including Wells Fargo, Chase, Citibank, and DiBa (formerly ING). Customers of these banks across several different countries were affected by the malware which has now been removed from Google Play.”
BetaNews: MediaProjection vulnerability leaves 77 percent of Android phones open to screen and audio recording attacks. “More than three quarters of Android phones are vulnerable to screen and audio recording by attackers. By exploiting the MediaProjection service, an attacker can easily trick a user into granting the relevant rights to a malicious app. Although the vulnerability has been fixed in Android 8 Oreo, users running Lollipop, Marshmallow or Nougat remain at risk. MediaProjection is — by design — able to capture screen activity and audio, and it does have legitimate uses, but by using a technique known as tap-jacking permission can be given for it to be used for more nefarious things.”
Bleeping Computer: Terdot Banking Trojan Grows Into a Sophisticated Threat. “A banking trojan first observed in October 2016 has grown into a sophisticated hacking tool that works primarily as a banking trojan, but could also be used as an infostealer or backdoor. Named Terdot, this new malware is not a widespread threat, just yet. For now, the banking trojan has been seen targeting the customers of Canadian banks, distributed via the Sundown exploit kit and through spam email.”