A new malware strain chooses which weapon to install, the latest macro attack targets shortcuts on your desktop and the latest Android security update is released
Welcome to Cyber Security Today. It’s Monday July 9th. To hear the podcast, click on the arrow below.
I mentioned last week that criminals are finding ways to hide cryptomining software on computers. Kaspersky just detailed an even craftier scheme – malware that makes a choice of what to put on a victim’s PC. The capability has been added to the ransomware Kaspersky calls Rakhni, which has been around since 2013. This nasty piece of work can choose whether to install ransomware or a cryptocurrency mining module on a machine. As usual, the way you get infected is by downloading an attachment. Most common is an alleged financial document. After clicking on it Windows will push up a message asking for permission to run an executable file from an unknown publisher. If you say yes, you’re stung. If the malware finds a Bitcoin folder, it installs ransomware. If not, it installs the cryptocurrency miner.
To avoid being hit, be careful of clicking on attachments, even if they come from someone you know. Don’t run apps from unknown publishers, especially if the names sound similar to popular programs.
For those of you who don’t know, a macro is a set of computer commands a user creates that automatically run. It saves you time in repetitive tasks. But macros can also be used by attackers to automatically run a script you don’t want, usually through Microsoft Office. A researcher at Trend Micro last week found a new one: A macro that looks for and replaces shortcuts on your Windows desktop. When you click on the shortcut, the macro automatically downloads malware. This attack appears to be in its early stages. So far the shortcuts it looks for are for Skype, Google Chrome, Mozilla Firefox, Opera, and Internet Explorer on the desktop or the Quick Launch toolbar. However, new versions may be in the works. Microsoft disables macros by default, and gives users a warning if software asks you to enable macros. If that pops up and it’s not a macro you have created, just say ‘No.’
Finally, Google has released a new set of patches for Android. Hopefully your handset maker and carrier have agreed to distribute these updates. Unfortunately some don’t care to patch devices that are more than two years old. A number of the recent set of patches deal with critical vulnerabilities. If your device no longer gets security updates it’s a good reason to not download attachments or add any apps. It also may be time to buy a new device.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.