Tag Archive for: popular

Popular Social Media App Discord Clamps Down To Fight Cyber Attacks – Forbes Advisor

/in


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

Multimedia social platform Discord is cracking down on malicious links, known as malware, by activating stronger security measures. From now on, Discord links that are shared outside the platform will expire after 24 hours. The goal is to lessen users’ exposure to malware, making it harder for identity thieves to steal users’ personal and financial information.

Hackers commonly exploit Discord servers to host malicious files and distribute malware. Malware can include spyware, key-loggers and viruses that infect users’ computers and reveal personal data and access codes, enabling identity theft and other crimes. In the past, familiarity with the Discord brand has often led users to click seemingly safe links that turned out to be malware, bringing on a cyberattack.

The new 24-hour expiration feature will only apply to links shared outside of Discord. Within Discord, shared file links will update automatically, so internal users can access files without the threat of expiration.

Featured Partners

Price

$19.99 your first year

“There is no impact for Discord users that share content within the Discord client. Any links within the client will be auto-refreshed,” said Discord communications manager Hannah Stabingas.

Stabingas said the new measures, rolling out in December 2023 and early 2024, will enhance privacy and security for the app’s 150 million-plus active monthly users.

“This will help our safety team restrict access to flagged content and generally reduce the amount of malware distributed using our CDN (content delivery network),” Stabingas said.

Malware has been an ongoing problem for Discord. According to Discord’s latest transparency report, during the third quarter of 2023, 11,885 accounts and 2,389 servers were removed from the platform for deceptive practices. These practices include malware, fraud and scams, according to the report.

Cybersecurity expert Jake Williams, a faculty member at the Institute for Applied Network Security (IANS), says the new changes will likely be…

Source…

CheckMate ransomware targets popular file-sharing protocol

/in


The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks.

Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best of our knowledge, it doesn’t operate a data leak site.

That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites. They do this to raise the pressure for a victim to pay the ransom.

Cybernews research has recently detected new CheckMate activity. It turns out the gang has been actively targeting weakly-protected SMB shares.

After gaining access to SMB shares, threat actors encrypt all files and leave a ransom note demanding payment in exchange for the decryption key.

Gang linked to Russia

The ransomware gang is known to be operating Kupidon, Mars, and CheckMate ransomware. All three types of malicious programs were discovered in 2021-22 and are believed to be of Russian origin.

According to Cybernews researchers, the impact of ransomware can be significant and wide-ranging. Risks to victims include:

  • Financial loss
  • Data loss
  • Disruption of business operations
  • Reputation damage
  • Spread of malware
  • Legal and regulatory consequences

While we don’t have enough information on the average ransom amount the gang demands from its victims, some publicly shared ransom notes indicate the group might be relatively modest. Typical amounts demanded are around $15,000 for the decryptor.

That’s a relatively small demand by usual standards. According to the recent report by the cybersecurity firm Coveware, average ransom payments during the last quarter of 2022 were over $400,000.

The Cybernews investigation identified crypto wallet addresses associated with the CheckMate operators and found thousands of incoming transactions in the first quarter of 2023. However, we can’t say with certainty that those transactions came from CheckMate’s victims.

CheckMate transactions

Last year, QNAP, a network-attached storage (NAS) vendor, warned customers about the CheckMate ransomware activity going after internet-exposed SMB…

Source…

Hackers infect popular 3CX communications application with malware

/in


Hackers have compromised 3CX, a popular videoconferencing and business phone management application used by more than 600,000 companies.

Multiple cybersecurity providers, including CrowdStrike Holdings Inc., issued warnings about the breach on Wednesday. CrowdStrike believes the hackers behind the breach are associated with a North Korean state-backed threat actor known as Labyrinth Chollima. According to the company, the hackers are using the compromised 3CX application to launch cyberattacks against users.

The 600,000 companies that use 3CX include major enterprises such as Coca-Cola Co., McDonald’s Corp. and BMW AG. The software has about 12 million daily users worldwide. 

According to BleepingComputer, signs that CX3 has been compromised began emerging more than a week ago. On March 22, multiple customers reported that their antivirus software had flagged the application as malicious. The malicious version of the CX2 application was shipped more than two weeks earlier, on March 3.

The malware sends data it steals to remote infrastructure controlled by the hackers. According to a SentinelOne Inc. analysis, some of that infrastructure was prepared as early as last February.

As part of the cyberattack, the hackers packaged malicious code into the 3CX desktop client’s installer. The Windows and Mac versions are both affected. Moreover, customers that already have 3CX installed received an update that likewise contains the malicious code.

According to CrowdStrike, the malicious installer and update are signed. Code signing is a cybersecurity method that allows a company to confirm it developed a piece of software. Using the method, a computer can verify that an application it’s about to install was downloaded from the original source and not a malicious server.

Pierre Jourdan, chief security information officer at 3CX, stated in a blog post that the malicious code appears to have originated from one of the “bundled libraries” the company uses. A library is an externally developed code component that engineers incorporate into their software. Jourdan didn’t provide technical details about the malicious component.

According to SentinelOne, the malicious 3CX…

Source…

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

/in


Feb 16, 2023Ravie LakshmananAd Fraud / Malware

FatalRAT Malware

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.

The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today. The ads have since been taken down.

Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office.

“The websites and installers downloaded from them are mostly in Chinese and in some cases falsely offer Chinese language versions of software that is not available in China,” the Slovak cybersecurity firm said, adding it observed the attacks between August 2022 and January 2023.

A majority of the victims are located in Taiwan, China, and Hong Kong, followed by Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia, and Myanmar.

The most important aspect of the attacks is the creation of lookalike websites with typosquatted domains to propagate the malicious installer, which, in an attempt to keep up the ruse, installs the legitimate software, but also drops a loader that deploys FatalRAT.

In doing so, it grants the attacker complete control of the victimized computer, including executing arbitrary shell commands, running files, harvesting data from web browsers, and capturing keystrokes.

“The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible,” the researchers said. “The fake websites are, in most cases, identical copies of the legitimate sites.”

FatalRAT Malware

The findings arrive less than a year after Trend Micro disclosed a Purple Fox campaign that leveraged tainted software packages Adobe, Google Chrome, Telegram, and WhatsApp as an arrival vector to propagate FatalRAT.

They also arrive amid a broader abuse of Google Ads to serve a wide range of malware, or alternatively, take users to credential phishing pages.

In a related development,…

Source…