Tag: Alerts | SpinSafe

Fake WordPress security alerts are being used to send malware

December 5, 2023/in Computer Security

If you are a WordPress site admin, be wary of incoming emails – one could be a phishing message looking to infect your site with malicious plugins.

This is the warning given out by WordPress security experts Wordfence and PatchStack, which have found WordPress site admins receiving emails impersonating the legitimate wordpress.com site.

In the emails, the admins were warned of a new (but actually bogus) remote code execution (RCE) flaw and were urged to immediately install a plugin to defend their site from hackers. The non-existent flaw is tracked as CVE-2023-45124, the fraudsters claim.

Injecting WordPress sites with ads

Gullible admins that click the “Download Plugin” button are then redirected to a fake landing page where they can review, and download, the “plugin”. The reviews are a mix of five-star, four-star, and even one-star ratings, to add legitimacy to the whole ordeal. The site also claims the plugin has had more than 500,000 downloads, and comes with reviews that are a mix of praise and critique.

The plugin does a number of malicious things to the infected WordPress instance. Firstly, it creates a hidden admin user, giving the attacker administrative privileges, but also exfiltrates important information about the website to the plugin’s operators, and downloads a backdoor that comes with file management features, an SQL client, a PHP console, and more. Finally, it tries to remain hidden and out of sight, which means admins need to manually search on the site’s root directory for it, in order to find and remove the malware.

While the malicious plugin’s end goal is still unclear at this time, researchers speculate that it could be used to inject unwanted ads on the compromised website. In some scenarios, plugins such as this one were used to redirect visitors to different sites, steal sensitive data, and more.

Via BleepingComputer

More from TechRadar Pro

Source…

HHS alerts health care sector to ransomware, data extortion gang

November 4, 2023/in Internet Security

The Department of Health and Human Services recently released an advisory to help health care organizations protect their systems and networks from 8Base, a ransomware and data extortion gang targeting small- and medium-sized organizations in health care and other sectors. Recommendations include prioritizing cybersecurity best practices, from regularly updating and patching systems to educating employees to avoid and report phishing emails and malicious attachments.

“This emerging ransomware group appears primarily focused on data extortion rather than data encryption at this point,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Their rapid rise and large number of attacks indicates this group may be a rebranding of a former group or contain elements of a former ransomware group. I have observed a general trend in which ransomware attackers claim to be ‘penetration testers’ performing a ‘service’ and discussion of ‘vulnerability reports’ for the victim, raising the possibility that these hackers may be affiliated with ‘legitimate’ cybersecurity firms in non-cooperative foreign jurisdictions or have formal cybersecurity training. These data extortion attacks highlight the need to ensure that protected health information (PHI) within our networks, especially PHI outside the electronic medical record, is fully mapped and encrypted at rest and in transit.”

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Source…

Disturbing trend of malware being spread to Android devices through fake alerts

October 18, 2023/in Computer Security

Malicious actors have once again found a new way to exploit unsuspecting victims. Recently, Italian cybersecurity researchers at D3Labs uncovered a disturbing trend of malware being spread to Android devices through fake volcano eruption alerts. These criminals are exploiting the IT-Alert service, a public alert system used by the Italian government to disseminate crucial information during emergency situations.

Deceptive Strategy

To lure unsuspecting victims into downloading malicious software, the cybercriminals created a deceptive website that mimicked the IT Alert service. This fake website warned users about the possibility of volcanic eruptions and the potential for a national earthquake. It urged visitors to download an app that would help them monitor the situation in their region. Importantly, this ruse was directed exclusively at Android users, as the website redirected to the actual IT Alert website when accessed via a desktop browser or an iOS device.

Malicious Payload

Once a user fell for this trick and clicked on the download button, a file labeled “IT-Alert.apk” was downloaded to their device. This innocuous-seeming file, however, contained the SpyNote malware. SpyNote is a notorious strain of malware known for targeting financial institutions and is typically sold via Telegram by its creator, who goes by the alias CypherRat.

Infiltrating User Devices

After the malware is installed, it prompts users to grant permission for the app to run in the background. This seemingly innocent request opens the door to malicious actors gaining full control over the victim’s smartphone, thanks to its accessibility services. With this control, these malevolent actors can monitor, manage, and even modify the device’s resources and features, along with enabling remote access capabilities.

This insidious technique also makes it incredibly challenging for victims to uninstall the application, update already uninstalled apps, or install new ones, further complicating the removal of the malware.

Spying and Data Theft

SpyNote’s capabilities are vast and invasive. It can independently manipulate…

Source…

‘Daam’ virus can steal all records from your phone, alerts cyber security agency

May 26, 2023/in Computer Security

New Delhi:An Android malware called ‘Daam’ that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera has been found to be spreading, the national cyber security agency has said in its latest advisory.

The virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”, the Indian Computer Emergency Response Team or CERT-In said.

The agency is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks.

The Android botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources, the agency said.

“Once it is placed in the…

Source…

Tag Archive for: Alerts

Deceptive Strategy

Malicious Payload

Infiltrating User Devices

Spying and Data Theft