Browser malware spreading, Emotet botnet offers different ransomware, and more.
Welcome to Cyber Security Today. It’s Wednesday, September 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
More malware is circulating that infects browsers, according to researchers at VMware and Microsoft. VMware says it’s seeing a new version of an infection it calls ChromeLoader. An earlier version just stole usernames and passwords from browsers. The latest version not only injects ads into browsers for click fraud it can also be used to spread different malware like ransomware. Often victims get infected by clicking on ads or files that promise pirated or cracked versions of games or software.
Microsoft said victims of the malware it’s seeing get hit when they click on a malicious ad or a link in a YouTube comment. IT security teams should warn employees about the risks of clicking on and downloading files from sources promising free or cracked versions of games and software. IT departments and individuals should always make sure the latest security updates for browsers are installed. The use of a good antivirus or anti-malware solution is also vital.
American Airlines has acknowledged suffering a data breach in July. The Bleeping Computer news service says the airline has begun notifying customers that attackers may have copied the personal information of employees and passengers. That includes their names, mailing addresses, email addresses, phone numbers, driver’s licence numbers, passport numbers and possibly some medical information. The airline said a “very small number” of victims were involved. It said the data came from the email accounts of several staff who were compromised after being sent a phishing message.
The Emotet botnet is now being used to spread the Quantum and BlackCat strains of ransomware. Researchers at Advanced Intelligence said the botnet used to specialize in the Conti strain of the malware. But after that gang dissolved in June those behind the botnet have found new ransomware to distribute. Typically threat actors will create a phishing email package to send to victims. Those who click on the attachment first get infected with a Cobalt Strike beacon, which leads to the takeover of an IT network. From there the attacker uploads ransomware.
In separate news, Bitdefender, Europol and the NoMoreRansom Project announced that a free decryptor for the LockerGoga strain of ransomware is now available. You know you’ve been hit by this strain if the encrypted files have the extension “.locked”. The alleged operator of this strain has been detained pending a trial.
Finally, researchers at NordVPN have been looking into the popularity of Google searches that include the word “hack.” Almost two million searches from 50 countries were analyzed. Fifty per cent of Canadians using that term were looking for “how to hack” Facebook, Instagram or WhatsApp. Other popular searches were how to hack Wi-Fi, Snapchat and Gmail. It isn’t known who’s doing the searching or why. Are there lots of people who want to break into the apps of other people? Are these searches from people looking for ways to protect themselves from being hacked? Are there millions more crooks out there than we suspect? Lots of unanswered questions.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.