Cyber Security Today: Closing a Valve on a suspicious game, infected Android apps, another resume scam

A Valve has closed on on a suspicious video game that eats CPU power, Windows-infected Android apps have been discovered and another resume scam is hitting North America.

Welcome to Cyber Security Today. It’s Wednesday August 1st. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

Trust is big in the Internet age. We trust the web sites we go to are secure, we trust the software we buy is secure. However, sometimes that trust is violated. That appears to have happened at game-maker Valve Corporation, which this week pulled a game called Abstractism from its online Steam store after allegations that it was exploiting players’ computer resources to mine for cryptocurrency. According to British security reporter Graham Cluley, Valve confirmed that it had removed Abstractism and banned its developer from Steam for “shipping unauthorized code, trolling, and scamming customers with deceptive in-game items.” One of the tip-offs that something was wrong was the game was slowing down users computers. That’s because it was using an unusual amount of processing power.

Windows malware in Android apps

Also this week security vendor Palo Alto Networks said it had discovered 145 apps in the Google Play store infected with malicious Microsoft Windows executable files. This malware wouldn’t affect an Android device, but if that device is connected to a PC and the files were downloaded and executed, the malware would spread. It isn’t clear if that was the intent. Researchers think the computer or computers used by the app developers were infected, and that’s how the malware got on to the Android apps they were creating. Some of the infected apps include “Learn to Draw Clothing”, an app teaching people how to draw and design clothing; “Modification Trail”, an app showing images of trail bike modification ideas; and “Gymnastics Training Tutorial”, an app letting people find healthy ideas for gymnastic moves. Google was warned and these apps have been removed from the Play store. But this is also a warning for mobile app developers: You’ve got to do a better job of scanning your computers and your app software before release.

Resume scam

Finally, there’s a new email-based malware campaign going around Canada and the U.S. with malicious resume attachments. The header in the email might say something like “About a role” or “Job Application.” The message says the attachment is password protected, and helpfully includes the password for the file. But if you open the file, you’re stung. The file code itself isn’t malicious – that would tip off your anti-virus software. Instead, the file connects to a server which then downloads the malware. That malware could try to steal data on your computer, steal cryptocurrency from a digital wallet, or infect the computer with ransomware. The discovery was made by security vendor Proofpoint. Two ways to stop this. First, you should make sure that macros don’t automatically run in any office productivity software you have. If an application asks you to enable macros, make sure you’re confident about the security of the file. Second, ignore email with attachments from people you don’t know. Even if you think you know who’s sending you a message, be careful clicking on any attachments.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast