Tag: links | Page 3

Panda Stealer malware targets digital currencies via Discord links, spam emails

May 16, 2021/in Computer Security

There’s a new malware that’s targeting digital currency wallets, spreading through spam emails and Discord channels. The malware, dubbed Panda Stealer, has mostly targeted victims in the U.S., Germany, Japan and Australia.

Security company Trend Micro was the first to detect the malware. In a recent blog post, the Tokyo-based firm revealed that Panda Stealer is delivered through spam emails posing as business quotes to lure unsuspecting victims into opening malicious Excel files.

The malware has two infection chains, the security company revealed. In the first, the criminals attach a .XLSM document that contains malicious macros. Once the victim enables the macros, the malware downloads and executes the main stealer.

In the second infection chain, the spam emails come with a .XLS attachment containing an Excel formula that hides a PowerShell command. This command attempts to access paste.ee, a Pastebin alternative, that in turn accesses a second encrypted PowerShell command. According to Trend Micro, this command is used to access URLs from paste.ee for easy implementation of fileless payloads.

“Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum,” the company noted.

The malware doesn’t limit itself to digital currency wallets, however. It steals credentials to other applications such as Telegram, NordVPN, Discord and Steam. It’s also capable of taking screenshots of the infected computer and capturing and transmitting data from browsers like cookies and passwords.

Trend Micro found another 264 files similar to Panda Stealer on VirusTotal. Over 140 command and control (C&C) servers and over 10 downloaded sites were used by these samples.

It concluded, “Some of the download sites were from Discord, containing files with names such as “build.exe,” which indicates that threat actors may be using Discord to share the Panda Stealer build.”

Security researchers have linked the Panda Stealer malware campaign to an IP address assigned to virtual private servers rented from Shock Hosting. However, the hosting…

Source…

Meet The Super Rich Czech Tech Company — And Its Russian CEO —Denying Links To The Huge SolarWinds Hack

January 7, 2021/in Computer Security

JetBrains denies links to cyber attacks and bemoans Russian links — JetBrains CEO says that his company’s links to Russia are likely behind the sudden suspicion around the tech company and the SolarWinds attacks.

getty

Maxim Shafirov is looking grizzled, grumbling through a stubbled muzzle about having just two hours sleep, hunched over his computer as the snow falls behind him in a window that looks out to a wintry St. Petersburg. The Russian native’s grouchiness is understandable.

Shafirov is the CEO of Czech company JetBrains, which was likely one of the biggest tech companies you’d never heard of, until Wednesday when reports cited government sources saying it was being investigated for links to huge cyberattacks on U.S. government agencies and tech giants, via the hack of another low-profile IT provider, SolarWinds, and scores of its clients, including federal agencies. For millions of coders, the Prague-based business’ tools are invaluable, providing all manner of software to make their app building that much easier. Founded in 2000, it claims over 8 million paying users in over 213 countries. Company revenue for 2019, according to the most recently-available results for the privately-held business, stood at $270 million, with year-on-year growth of 33%. Shafirov, in an upbeat moment in an interview with Forbes, says that despite the Covid-19 pandemic, its revenue growth this last year was 10%, indicating near $300 million for 2020. The business was a so-called “unicorn” worth more than $1 billion, according to a JetBrains spokesperson.

Few outside the tech world would’ve paid the company much attention until reports in the New York Times, Reuters and the Wall Street Journal indicated those investigating what’s become one of the most severe acts of cyber espionage in recent memory were looking at the possibility JetBrains was involved. The reports hint JetBrains, or one of its apps, TeamCity, was hacked, leading to an infiltration at SolarWinds, which, in turn, had one of its own tools compromised and used to hijack customer networks. Amongst the victims are the Department of Justice, which yesterday revealed 3% of its Office 365 emails had been compromised. It joined the Department of Energy, the Treasury, Microsoft,…

Source…

Chinese cyber warfare? Hackers with Chinese, North Korean, Pakistani links attack Indian websites – India Today

June 26, 2020/in Internet Security

Chinese cyber warfare? Hackers with Chinese, North Korean, Pakistani links attack Indian websites India Today
“cyber warfare news” – read more

Amazon Tells Ukraine Publication To Alter Its Article After It Links The Company To Ring’s Problematic Ukraine Branch

January 30, 2020/in Internet Security

An extremely-problematic wing of an extremely-problematic company is back in the news. Ring’s Ukraine division made headlines last fall when the presence of a “Head of Facial Recognition Tech” in the Ukraine office appeared to contradict Ring’s claims it was not interested in adding facial recognition to its cameras.

More disturbing news surfaced earlier this month, when it was discovered this office had allowed its employees to view Ring camera footage uploaded by users. Ring doesn’t just produce doorbell cameras. It also sells in-home cameras, making this revelation particularly worrying.

Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click. The Information, which has aggressively covered Ring’s security lapses, reported on these practices last month.

Not only did the R&D team have complete access to customers’ recordings, so did Ring’s US-based engineers and executives. And who knows how many other people have accessed these recordings illicitly? When this access was granted to an untold number of Ring employees, Ring did not encrypt uploaded recordings. The company apparently felt encryption was too expensive to implement and would possibly limit revenue opportunities for the company as it aggressively moved into the home security market.

It turns out the company was using customers’ footage to train its AI to recognize faces and other objects. This would be the same facial recognition Ring swears it isn’t going to be implementing anytime soon.

Apparently, this abuse of trust has resulted in growth opportunities for Ring-Ukraine. A recent article by Ukranian publication Vector stated the office would be lending its expertise to other Amazon products, which possibly includes Rekognition, Amazon’s homegrown facial recognition program.

But that story was buried by Amazon PR shortly after it appeared, according to Sam Biddle of The Intercept.

I asked multiple Amazon representatives and Ring’s head of communications about the Vector article, including specifically what were the “many other Amazon projects” Ring’s Ukrainian staff now worked on.

Although Amazon ignored repeated requests for comment and Ring refused to discuss the subject on the record, it seems that the company did take action: Within hours of my inquiries, the text of the Vector piece was quietly edited to remove references to Amazon. Most notably, the entire quoted sentence about the “many other Amazon projects” the Kyiv office was working on was excised.

The author of the story told The Intercept he had nothing to do with the belated deletion. In fact, he was not aware of any editing until The Intercept brought it to his attention. An email from Vector’s editor-in-chief explained the situation, although not all that satisfactorily.

We published a news about rebranding, later pr-manager of Ring Ukraine called me and asked to take Amazon mention out from the article. Since I had a good relationship with manager, the article got just several dozens of views and I understood that everyone know that Ring is part of Amazon anyway, I didn’t even asked questions, said ok and took Amazon part out

It appears Amazon doesn’t want people to know it has given a problematic division even more responsibility. It also may be trying to head off another Ring-related PR nightmare by removing any text that might suggest Ring customer recordings are being used to train facial recognition software used by government agencies.

But it’s too late to change public perception. The scrubbing may keep Amazon from being linked to unfettered access to Ring camera recordings in search results, but there’s no separating Amazon from Ring. And there’s nothing here that suggests either company is moving away from leveraging user-generated content to fine-tune AI for the customers they really want: law enforcement agencies.

Permalink | Comments | Email This Story

Techdirt.

Tag Archive for: links