Tag: infostealing | Page 2

Pepsi Bottling Ventures says info-stealing malware swiped sensitive data • The Register

February 13, 2023/in Computer Security

Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.

The breach happened on or around December 23, 2022. However, Pepsi Bottling Ventures – America’s largest manufacturer and distributor of Pepsi-Cola beverages – didn’t discover the unauthorized activity until January 10, we’re told.

“We took prompt action to contain the incident and secure our systems,” CEO Derek Hill wrote in a breach notification letter [PDF].

The preliminary investigation determined the intruder accessed internal IT systems, installed malware and downloaded “certain information” contained on the infected systems. That information included names, home addresses, email addresses, government-issued identification including drivers license numbers, social security numbers, and passport information, according to the notification.

Additionally, crooks stole some financial information including a “limited number” of people’s passwords, PIN codes, and other access numbers, along with digital signatures, benefit and employment information, and health insurance claims and policy numbers.

“While we are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19” Hill wrote, adding that Pepsi Bottling Ventures is not aware of any identity theft or other fraud involving people’s stolen data.

After discovering the breach, the fizzy biz claims it took “prompt action” to secure its IT systems, and reported the attack to law enforcement. It also has “taken a number of steps” to boost its network security in light of the breach, although we don’t have much information as to what those steps include, aside from “requiring the change of all company passwords.”

The Register reached out to Pepsi Bottling Ventures requesting more information about its new security measures, as well as the size and scope of the breach, but we’ve yet to hear back. We will update this story with additional information if we do.

To help “restore confidence” in Pepsi Bottling Ventures the company says it will…

Source…

This info-stealing malware is hiding in downloads for popular apps — how to stay safe

January 18, 2023/in Computer Security

Downloading new apps on your computer is usually a simple and straightforward process, but you now need to be extra careful when doing so as hackers have begun impersonating popular apps to spread malware.

According to a new blog post (opens in new tab) from the cybersecurity firm Cyble, hackers have begun using phishing pages designed to impersonate a number of popular apps online. While a user may think they’re downloading a widely used app, they’re actually installing malware on their computer.

On January 16, the firm’s researchers discovered a phishing site that was impersonating a popular chat app. The very next day, the same phishing site had been transformed to mimic the site of the remote desktop tool TeamViewer. This shows that the hackers behind the campaign are actively changing and customizing their phishing sites to target a number of popular apps.

Once a user clicks the download button on these phishing sites, malware named “messenger.exe” and “teamviewer.exe” is downloaded onto their PC. However, the hackers behind this campaign are using a clever trick to bypass the best antivirus software: they’re padding these downloads with extra zeros to increase their file size. This helps their malicious executables bypass security checks, as larger software can be harder for antivirus software to detect.

Aurora malware

In this case, the malware being distributed is the Aurora infostealer which as the name suggests, can collect all kinds of sensitive data from the browsers, browser extensions, crypto wallets and user directories on an infected machine. Surprisingly, the malware can also extract data from Telegram if a user has the desktop app installed.

Once all of this sensitive information — including passwords — is gathered up by Aurora, it’s saved in JSON format, compressed using GZIP and converted into the Base64 encoding format before it’s sent off to a Command-and-Control (C&C) server controlled by the hackers behind this campaign.

With a user’s cookies, browsing history, login data and web data in hand, an attacker can commit fraud, drain a user’s bank accounts or even commit identity theft. While the consequences of downloading a fake app that…

Source…

Telegram and Discord Bots Delivering Infostealing Malware

July 28, 2022/in Computer Security

Intel471 researchers have warned users about how cybercriminals are converting popular apps against them.

A new report from security vendor Intel471 reveals how cybercriminals are using bots already deployed in messaging apps Discord and Telegram to deliver malware and steal user credentials.

In addition, these actors are targeting Roblox and Minecraft gaming platforms in similar attacks. Researchers pointed out that Discord’s content delivery network (CDN) is actively used for hosting malware because the platform doesn’t impose restrictions on file hosting.

The report revealed that these file hosting links are accessible to anyone without requiring authentication. This allows cybercriminals a credible “web domain to host malicious payloads.”

For your information, bots are used on Discord and Telegram so that users can play games, share data, and moderate channels to eliminate unwanted content. However, Intel471’s researchers identified that these can be used for delivering malware.

Some malware strains researchers found deployed in Discord’s CDN include Pay-Per-Install malware (PPI) Discoloader, PrivateLoader, Smokeloader, Agent Tesla, Autohotkey, Raccoon stealer, njRAT and many more.

Bots Stealing User Info from Systems

Researchers explained that threat actors use trojan malware to steal information from devices/systems attached to legit bots in the apps. The malware can steal a wide range of information. This includes the following:

Passwords
Bookmarks
Autofill data
Payment card data
Cryptocurrency wallets
Browser/session cookies
Microsoft Windows product keys
VPN (virtual private network) client logins

It is worth noting that using bots to spread malware on such platforms is nothing new. A report published last year explained how Telegram bots are stealing OTP (One-Time Password).

When it comes to Discord, there are a plethora of reports from cybersecurity companies explaining how one of the most frequently used messenger services in the world is used in spreading malware.