Bleeping Computer: Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns

Bleeping Computer: Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns. “Hundreds of vulnerable and exposed Docker hosts are being abused in cryptojacking campaigns after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month.”

The Register: Qbot malware’s back, and latest strain relies on Visual Basic script to slip into target machines

The Register: Qbot malware’s back, and latest strain relies on Visual Basic script to slip into target machines. “A new version of the decade-old banking credential-stealing Qbot malware is doing the rounds, according to infosec firm Varonis. The latest version, spotted after an unfortunate customer’s systems were infected, retains the anti-analysis polymorphism features of the original, Varonis researchers said.”

Ars Technica: Google Play apps with >10 million installs drain batteries, jack up data charges

Ars Technica: Google Play apps with >10 million installs drain batteries, jack up data charges. “Is your Android phone feeling hot to the touch, acting sluggish, in need of frequent charges, or using dramatically more data than it used to? It may be a victim of DrainerBot, a major fraud operation distributed through Google Play apps with more than 10 million downloads, researchers said Wednesday.”

Google Play: We’ve cracked down on bad apps (CNET)

CNET: Google Play: We’ve cracked down on bad apps. “The Play Store rejected at least 55 percent more app submissions in 2018 than in 2017, according to the blog. Google didn’t immediately respond to a request for how many apps were rejected in 2018. But for reference, the company removed over 700,000 apps in 2017.”

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions. “A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.”

Ars Technica: Google Play apps with >4.3 million downloads stole pics and pushed porn ads

Ars Technica: Google Play apps with >4.3 million downloads stole pics and pushed porn ads. “Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.”