Tag: spreading | Page 2

Free tax filing software caught spreading malware — have you been using it?

April 5, 2023/in Computer Security

Watch out! Tax-filing platform eFile.com got caught red-handed spreading malware to unsuspecting users, according to cybersecurity investigators (h/t Bleeping Computer).

Adding salt to injury, eFile.com is touted as a free, IRS-approved tax-filing service provider, giving users a false sense of security. As it turns out, researchers discovered that eFile.com hosted a malicious JavaScript file on its website for weeks.

Authenticating the researchers’ findings, Bleeping Computer said that it, too, spotted the aforementioned malicious JavaScript file across eFile.com’s webpages. The ill-intentioned file in question is called “popper.js.”

What did it do? Well, according to PCWorld, it loaded a legitimate-looking faux error page instructing users to install a browser update. But of course, it’s not a real browser update — it’s a trojan designed to deliver your PC a gnarly serving of malware (a Windows-based botnet attack, to be specific).

The issue was present on eFile.com since March 17, according to Johannes Ullrich, a security researcher from SANS Technology Institute. Ullrich added that only two malware scanners flagged the malware: Crowdstrike Falcon and Cynet.

It’s worth noting that eFile.com was reportedly hijacked two weeks ago, according to security research group MalwareHunterTeam (MHT). But that’s no excuse; MHT is still putting its foot on eFile.com’s neck for not sweeping out the mess.

“So, the website of (efile[.]com), ‘is an IRS authorized e-file provider’ got compromised at least around middle of March & still not cleaned,” MalwareHunterTeam tweeted on April 3.

As of this writing, eFile.com has not released a statement about the malware findings discovered on its website. The moral of the story? Stick to TurboTax and H&R Block.

Source…

Hackers now spreading malware via Microsoft OneNote attachments

January 22, 2023/in Computer Security

Hackers now spreading malware via Microsoft OneNote attachments

Source…

Fake versions of popular apps spreading Monero miner malware for years: report

September 5, 2022/in Computer Security

Check Point Research (CPR), the research team of American-Israeli cybersecurity provider Check Point Software Technologies, has uncovered a Monero mining malware dubbed “Nitrokod” that has been sneakily infecting computers across 11 countries since 2019.

In a report, the research team stated the malware often masqueraded as desktop versions of popular applications such as Google Translate, YouTube Music, and Microsoft Translate. These spoof versions are available on dozens of free software download websites, including Softpedia and Uptodown.

In the case of the fake Google Translate desktop app, on which the team based their findings, the research notes that the Turkish-based entity that operates the digital asset mining malware campaign is counting on the lack of an official desktop app to attract users to the app.

“Most of the programs Nitrokod offers are popular software that do not have an official desktop version. For example, the most popular Nitrokod program is the Google Translate desktop application. Google has not released an official desktop version, making the attackers’ version very appealing,” the report said.

The study found that the malware campaign has remained undetected until now due to how it operates. The malware delays initiating the stealth digital asset mining operation for several weeks after the initial software download. It does this by using a scheduled task mechanism that triggers the malware installation over several days and steps while deleting traces of the installation.

Surprisingly, the hackers do not even have to build fake apps from scratch as they are easily created from the official web pages of the owners using a Chromium-based framework that allows them to spread functional programs.

Monero getting increasingly linked to cyber criminals

Check Point estimates that at least one hundred thousand victims across Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have been inadvertently mining Monero (XMR) with their CPU.

Meanwhile, this is not the first time malwares that insidiously mine the privacy token have been found infecting machines. In an incident in…

Source…

Ransomware attacks increasing in frequency, spreading in reach | Local

August 22, 2022/in Internet Security

Ransomware attacks, like the one that cost Hanesbrands Inc. about $100 million in second-quarter sales, are increasing in frequency among corporations facing uncertain prospects of a complete restoration and recovery.

Ransomware is a type of malicious software employed by hackers that can block access to a computer system until a ransom is paid.

The Winston-Salem-based apparel manufacturer reported in a May 31 regulatory filing that it began experiencing the ransomware attack on May 24.

Hanesbrands disclosed Aug. 11 in its second-quarter earnings report that its global supply chain network and ability to fulfill customer orders were affected for about three weeks.

“At this time, we believe the incident has been contained,” the manufacturer said in a separate quarterly regulatory filing Aug. 11.

Source…

Tag Archive for: spreading

People are also reading…