Tag Archive for: code
QR code scams, Chinese hackers win big & speed up your old computer
May 8, 2023
Plus, Temu and Shein pose big security threats — here’s what to look out for. I talk to a guy that wants to play music in his car through a thumb drive. One state was blocked by world’s largest p*rn site, an ADHD-friendly web browser and how to set a photo timer on your Android or iPhone.
Previous episode
May 5, 2023
Plus, are robots overworked? One tired bot faceplanted on the factory floor. Strangely, parrots love to gossip online. Find the best seat for your flight, upgrade your email management and new tricks to transform how you use Google Docs.
Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware
Cybersecurity firm SentinelOne warns of an increase in the number of new ransomware families designed to target VMware ESXi that are based on the leaked Babuk source code.
Targeting both Windows and Linux systems, the Babuk ransomware family was initially detailed in January 2021 and was used in attacks against numerous organizations.
In September 2021, the malware’s source code was leaked online by one of its operators, which allowed security researchers to release a free decryption tool for it roughly two months later.
The leaked source code has been used to create new ransomware variants, including RTM Locker and Rook, and was also used in the Rorschach ransomware. Both RTM Locker and Rorschach (aka BabLock) target ESXi servers too.
Over the past year, SentinelOne says in a new technical report, the source code was used to create at least 10 ransomware families specifically targeting VMware ESXi servers.
Other smaller ESXi ransomware operations also adopted the code, including House’s Mario, Play, Cylance (unrelated to the security firm with the same name), Dataf Locker, Lock4, and XVGV.
Infamous ransomware gangs such as Alphv/BlackCat, Black Basta, Conti, Lockbit, and REvil have been observed targeting ESXi deployments as well.
However, SentinelOne’s analysis of these malware families has revealed that only Conti and REvil ESXi lockers show overlaps with the leaked Babuk code.
The ESXiArgs locker that caused havoc earlier this year, however, showed very few similarities with Babuk, aside from the use of the same open-source Sosemanuk encryption implementation, the cybersecurity firm says.
“While ties to REvil remain tentative, the possibility exists that these groups – Babuk, Conti, and REvil – potentially outsourced an ESXi locker project to the same developer,” SentinelOne notes.
The identified links suggest that the two ransomware operations may have experienced small leaks or that they share code to collaborate, SentinelOne says.
Overall, the cybersecurity firm stresses on the fact that threat actors are increasingly using the Babuk code to build ESXi and Linux lockers and that they might also adopt the group’s…
Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping
SINGAPORE – She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.
Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.
That night, as she was sleeping, her mobile phone suddenly lit up.
Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account.
Worryingly, she is not the only victim of such malware scams.
In April, the police and the Cyber Security Agency of Singapore warned the public about downloading apps from dubious sites that can lead to malware being installed onto victims’ mobile phones.
They said such malware has resulted in confidential and sensitive data, including banking credentials, being stolen.
That month, the police also alerted the public to the resurgence of phishing scams involving malware installed on victims’ Android phones. The police had said that since March, there have been at least 113 victims who lost at least $445,000.
The case of the bubble tea survey scam was related to The Sunday Times by Mr Beaver Chua, head of anti-fraud at OCBC Bank’s group financial crime compliance department, last week.
He said: “While malware scams are not particularly new, scammers are getting increasingly innovative.
“Besides website pop-up banners, which are most common, pasting bogus QR codes outside F&B establishments is another cunning way to hook victims as consumers may not be able to differentiate between legitimate and malicious QR codes.”