Categories
APT Breach Cyber Security Malware Phishing Ransomware Trojan Vulnerability

Zeus Sphinx returns, Android apps engage in grab data, Ponzi scheme on YouTube, and more

Major cybersecurity events on 30th March 2020: Zoom faces multiple attacks on video meetings. More than 4000 Android apps gather details of all the other installed apps. COVID-themed fraud sites and phishing emails circulate on the internet. Lexus, Toyota AVN systems exposed to attacks. Zeus Sphinx banking trojan fetches log-in details of unaware users.

Round Up of Major Breaches and Scams

FBI warns of ongoing Zoom-bombing attacks on video meetings

The US Federal Bureau of Investigation (FBI) warned today of hijackers who join Zoom video conferences used for online lessons and business meetings with the end goal of disrupting them or for pulling pranks that could be later shared on social media platforms.

>4,000 Android apps silently access your installed software

More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found. The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone.

Personal details for the entire country of Georgia published online

The personal details for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum over the weekend, on Saturday. Personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers were shared online in a 1.04 GB MDB (Microsoft Access database) file.

COVID-19 pandemic – Beware of fraudulent websites advertised selling masks

Threat actors continue to attack the various organization, including the ones that research the COVID-19 virus. Talos observed a fraud and disinformation campaign using that takes advantage of the COVID themes. The website was advertised to sell medical masks and they also advertised as free shipping of the face mask. This website appears to be fraudulent.

Utah investigating hacking of candidate’s virtual event

Republican Aimee Winder Newton was about five minutes into the virtual event on the Zoom platform when the trouble began as all 130 state delegates on the call were unmuted, said Caroline Bena, a spokeswoman for the campaign. The call was hosted on a Utah GOP account, but hacker disabled administrative control, so the moderators were unable to stop the images when they began flashing on the screen, Bena said in an email message.

Hacker hijacks YouTube accounts to broadcast Bill Gates-themed crypto Ponzi scam

A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company’s former CEO Bill Gates. Victims are tricked into sending a small sum of cryptocurrency to the scammer in order double their earnings but never get any funds in return.

State-backed players join pandemic cyber crime attacks

Sophisticated state-supported actors are following cybercriminals in exploiting the coronavirus pandemic and posing an “advanced persistent threat” (APT), French defence technology giant Thales warned Monday. Hades, linked to the APT28 which is believed to be of Russian origin and behind an attack on the US Democrat party in 2016, was the first state-backed group to use the epidemic as bait, Thales’ cyber intelligence service reported.

Round Up of Major Malware and Ransomware Incidents

Zeus Sphinx banking trojan arises amid COVID-19

Sphinx is a modular malware based on the leaked source code of the infamous Zeus banking trojan, the researchers explained. Sphinx’s core capability is to harvest online account credentials for online banking sites (and some other services). When infected users land on a targeted online banking portal, Sphinx dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals.

Source code of Dharma ransomware pops up for sale on hacking forums

The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative ransomware operation in recent years, having extorted more than $24 million in payments from victims between November 2016 and November 2019. Now, its source code is being sold for a price as low as $2,000 — which has security researchers on edge.

Phishing attack says you’re exposed to Coronavirus, spreads malware

A new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested. In a new low, a threat actor is pretending to be from a local hospital telling the recipient that they have been in contact with a colleague, friend, or family member who has tested positive for the COVID-19 virus.

Round Up of Major Vulnerabilities and Patches

A mysterious hacker group is eavesdropping on corporate email and FTP traffic

Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. Researchers detected two different threat actors, each exploiting a different zero-day vulnerability in DrayTek Vigor — load-balancing routers and VPN gateways typically deployed on enterprise networks.

Vulnerabilities expose Lexus, Toyota cars to hacker attacks

Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same system is also used in other models, including LS and ES series — has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car. According to Keen Security Lab, these flaws could be abused to compromise the AVN and internal CAN network and related electronic control units (ECUs).