Tag Archive for: Downloads

Hiring? New scam campaign means ‘resume’ downloads may contain malware

/in


A cybercrime gang is targeting hiring managers and recruiters in a new campaign to spread the “more_eggs” backdoor malware.

Emails from supposed job seekers are luring victims to malicious “resume” downloads using sophisticated social engineering and infrastructure, Proofpoint said in a security briefing Tuesday.

The briefing outlines the evolving tactics of the threat actor tracked as TA4557, which Proofpoint researchers have been monitoring since 2018.

Spear phishing strategy convinces recruiters to stray from safety

Secure email gateways are one of the most common endpoint security measures used by organizations; new methods by TA4557 seek to bypass these measures and lure job recruiters to attacker-controlled websites.

“The social engineering is very compelling leading up to the download of the file from the resume website,” Proofpoint Senior Threat Analyst Selena Larson told SC Media.

The attacks, which Proofpoint first detected in October 2023, begin with an email inquiring about an open position. With no links or attachments, the seemingly benign email gets the foot in the door to start building trust.

If the victim responds, the attack chain continues with the supposed job candidate inviting the hiring manager or recruiter to download a resume from their “personal website.”

Unlike classic jobs scams targeting job seekers themselves, there is no need to impersonate an established business through methods like typosquatting. Additionally, researchers began seeing in early November that attackers avoided sending links altogether by directing their victims to “refer to the domain name of my email address to access my portfolio.”

Requiring the victim to copy and paste the malicious domain name increases the likelihood the emails will make it past secure email gateways. Plus, with unassuming domain names like “wlynch[.]com” for a candidate named William Lynch and “annetterawlings[.]com” for a candidate named Annette Rawlings, the emails are less likely to raise alarm bells than those from free email providers like Gmail or Yahoo.

The attacker-controlled “candidate” websites were found to apply filters based on details like the victim’s IP address to…

Source…

Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware 

/in


Mozilla issued a warning this week over malicious websites offering Thunderbird downloads after a ransomware group was caught using this technique to deliver malware.

Cybersecurity journalist Brian Krebs reported last week that a website where the Snatch ransomware group names victims had been leaking data, including visitor IPs and information on internal operations.

According to Krebs, the leaked data suggests that the Snatch cybercrime group has been using paid Google ads to deliver its malware disguised as popular applications such as Adobe Reader, Discord, Microsoft Teams, and Mozilla Thunderbird. 

Following Krebs’ findings, Mozilla issued a ‘ransomware alert’ this week, advising users to only download Thunderbird from trusted websites.

Mozilla noted that it’s actively trying to take down malicious websites offering Thunderbird, but they are hosted in Russia, which makes takedowns “difficult and often not effective”.

Thunderbird has a market share of less than one percent in the email client category. However, that still translates to a significant number of individuals and organizations, which could be targeted by the Snatch ransomware.

The US government issued an alert recently, warning critical infrastructure organizations of ongoing Snatch ransomware attacks.

Advertisement. Scroll to continue reading.

Related: FBI Warns Organizations of Dual Ransomware, Wiper Attacks

Related: After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery

Related: Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird

Source…

Comodo Internet Security 6 Pre-Beta

/in



Android game with 1m downloads leaked users’ private messages

/in


Popular mobile role-playing game (RPG) Tap Busters: Bounty Hunters spilled sensitive user data.

The research by Cybernews has discovered that the Tap Busters: Bounty Hunters app had left their database open to the public, allegedly exposing users’ private conversations for at least five months.

Also, app developers had sensitive data hardcoded into the client side of the app, making it vulnerable to further data leaks.

Tap Busters: Bounty Hunters is an idle RPG game with more than one million downloads on Google Play Store and a 4.5-star rating based on more than 45,000 reviews. In the game, players take on the role of bounty hunters trying to become masters of the galaxy. They defeat villains and collect loot as they travel through different alien realms. Idle game mechanics mean that players can progress in-game without constant input.

Significance

Researchers discovered that Tap Busters: Bounty Hunters leaked data through unprotected access to Firebase, Google’s mobile application development platform that provides cloud-hosted database services. Anyone could have accessed the database in the meantime.

The 349MB-strong unprotected dataset contained user ids, usernames, timestamps, and private messages. If the data leaked had not been backed up and a malicious actor had chosen to delete it, it is possible that the user’s private messages would have been permanently lost without the possibility of recovery.

Along with an open Firebase instance, the developers left some sensitive information, commonly known as secrets, hardcoded in the application’s client side. The keys found were: fir ebase_database_url, gcm_defaultSenderId, default_web_client_id, google_api_key, google_app_id, google_crash_reporting_api_key, google_storage_bucket.

Hardcoding sensitive data into the client side of an Android app is unsafe, as in most cases, it can be easily accessed through reverse engineering.

No response

The game’s developer is Tilting Point, which owns several other successful games with a large player community. Some of these games have over five million downloads. The app developer was informed of the data spill but failed to close public access to the database.

The app developers…

Source…