Tag: infected | Page 2

Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign • The Register

October 8, 2023/in Computer Security

Infosec in brief Bot defense software vendor Human Security last week detailed an attack that “sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites … preloaded with a known malware called Triada.”

Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human’s researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX.

Analysis of infected devices yielded intel on an ad fraud module Human’s researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android. The attackers also created malicious iOS apps, which ran on 159,000 Apple devices a day at the peak of the PEACHPIT campaign.

Those infected devices delivered over four billion ads a day – all invisible to users.

Human Security’s technical report [PDF] on BADBOX and PEACHPIT describes the campaign: “A Chinese manufacturer (possibly many manufacturers) builds a wide variety of Android-based devices, including phones, tablets, and CTV boxes.

“At some point between the manufacturing of these products and their delivery to resellers, physical retail stores and e-commerce warehouses, a firmware backdoor … gets installed and the product boxes are sealed in plastic, priming these devices for fraud on arrival at their destination.”

Human Security worked with Apple and Google to disrupt PEACHPIT, but warned BADBOX devices remain plentiful.

“Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plug it in, and unknowingly open this backdoor malware,” wrote Human Security’s Rosemary Cipriano. “This malware can be used to steal PII, run hidden bots, create residential proxy exit peers, steal cookies and one-time passwords, and more unique fraud schemes.”

– Simon Sharwood

It’s been four months since mass exploitation of vulnerabilities in Progress Software’s MOVEit file transfer software was publicly announced, and only a little more recent that the Clop ransomware gang added Sony to its list of victims.

In early…

Source…

If kid’s game gets infected, you may bring that to work: what to do?

August 4, 2023/in Internet Security

“That cheating software your kid downloaded for his game is probably safe,” said not a single cybersecurity specialist, ever. At best, your kid will ruin the gaming experience for others. At worst, they’ll introduce malware to their device. Due to repeated incidents, Cybernews experts recommend keeping kids’ gaming platforms separate, virtually or physically, or consider sandboxing their games.

Some kids would do a lot to become a mafia boss LVL 50. In this case, parents were left deeply frustrated to discover that their child had become engrossed in a mobile game called Grand Mafia. Unbeknownst to them, the child had made a whopping 62 transactions using their credit card between September 4th and October 8th, 2022.

These transactions amounted to €1,240, and to add to their frustration, Revolut declined to reimburse the unauthorized charges, a report from the regulating authority reveals.

And this isn’t even the most significant risk that parents can face if they leave their kid’s actions online unchecked. Malware, likely, was not a culprit here, so the kid might be able to keep their impressive mafia boss level.

Recent game hacks reveal that crooks could steal not only your kid’s loot and the accounts they spent years grinding, but also remotely control their computer and spread infections to other devices.

For example, if you are logged in with your Google account in Chrome on the same compromised computer, all the malicious extensions and add-ons that hackers put here may automatically sync in your work computer if the same Google account is used.

Minecraft has been declared the most malware-infected game. Recently, cybercriminals used Minecraft Mods to execute code remotely, after a Bleeding Pipe vulnerability was discovered. Mods in the Minecraft community are used extensively, and the game is one of the most popular.

Bad actors used the technique to steal the game’s servers, personal game accounts, Steam, and Discord session info. Still, the possibilities are nearly endless as they could also steal user data for use in identity theft and use computers in botnet attacks while showing the user pop-ads.

Roblox, the other very popular game among kids,…

Source…

Call of Duty players being infected with self-spreading malware

July 28, 2023/in Computer Security

San Francisco, July 28: Players of an old Call of Duty game are being infected by hackers with a worm that automatically spreads in online lobbies.

On June 26, a player of Call of Duty: Modern Warfare 2 warned other players on a Steam forum that hackers “attack using hacked lobbies,” and advised using an antivirus, reports TechCrunch.

It looks like the malware mentioned in the thread is on the malware online repository VirusTotal.

Another player claimed to have analysed the malware and said in the same forum thread that the malware seems to be a worm, based on a number of text strings inside the malware.

The presence of those strings in the malware, which suggests a worm, was confirmed by a game industry insider who asked to remain anonymous because they were prohibited from speaking to the press.

Neil Wood, spokesperson of Activision, which released the game in 2009, referenced a tweet posted by the company from the ‘Call of Duty Updates’ account on Thursday that indirectly mentioned the malware.

“Multiplayer for Call of Duty: Modern Warfare 2 (2009) on Steam was brought offline while we investigate reports of an issue,” the tweet read.

It is still unclear why the hackers are spreading this malware.

The malware is a worm since it seems to automatically spread from one infected gamer to another through online lobbies.

“This means the hackers must have found and are exploiting one or multiple bugs in the game to execute malicious code on the other players’ computers,” the report said.

Source…

Hacker Infected & Foiled by Own Infostealer

July 19, 2023/in Computer Security

Malicious actor “La_Citrix” built a reputation on gaining access to organizations’ Citrix remote desktop protocol (RDP) VPN servers and selling them off to the highest bidder on Russian-language Dark Web forums.

The threat actor was using an infostealer to rip off credentials in campaigns dating back to 2020 — until La_Citrix accidentally infected his own computer with the malware and sold off his own data, along with a cache of other stolen data, to threat researchers with Hudson Rock who were lurking on the Dark Web to gather threat intelligence.

The first clue that there was something unusual afoot was when Hudson Rock’s API detected a single user in the stolen data who appeared as an employee at nearly 300 different companies, the report explained.

“Surprisingly, it was discovered that this threat actor orchestrated all of the hacking incidents using his personal computer, and browsers installed on that computer stored the corporate credentials used for the various hacks,” Hudson Rock’s report noted.

Ujpon digging further, Hudson Rock’s team was quickly able to ascertain the threat actor’s identity, along with his address, phone, as well as evidence of his malicious activities.

“Hudson Rock will forward the data to relevant law enforcement agencies,” the report added.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source…

Tag Archive for: infected