/ 07.01.19 / Alan Hernandez

Weekly Cybersecurity Review - Fake jQuery Attack Vector Reappears

Share This Post:

Weekly Cybersecurity Review - Fake jQuery Attack Vector Reappears

Google Play Store Game Contains Malware for Android Users

cyware.com - Author: Ryan Stewart - Date: June 28th, 2019 

Security researchers have uncovered a malicious application which was siphoning personal data of users with the pretense of being a game. The application masquerading as a puzzle game was stealing data from users’ Google accounts. Known as “Scary Granny ZOMBY Mod: The Horror Game 2019”, it had features similar to another popular game called Granny. When users loaded a game session in the app, a full-screen advertisement would pop up asking them to pay 18 pounds ($22). After this, for a fraction of users, a phishing page impersonating Google Sign In was displayed. Entering the credentials let the app to log in to the Google account and access private data.

READ MORE


Hackers Deploy Malware to Russian Search Engine Company, Yandex

cyware.com - Author: Ryan Stewart - Date: June 28th, 2019 

Cybercriminals associated with Western Intelligence agencies had broken into the Russian internet search company Yandex by deploying a rare malware named Regin. The incident had occurred in late 2018 in an attempt to spy on user accounts. According to Reuters, the malware Regin is known to be used by the ‘Five-Eyes’ intelligence-sharing agencies of the United States, Britain, Australia, New Zealand, and Canada. Such information could help a spy agency impersonate a Yandex user and access their private messages.

READ MORE


New Instagram Phishing Scam Steals Credentials In “exchange” For Account Verification

threatpost.com - Author: Lindsey O'Donnell - Date: June 27th, 2019 

A new Instagram phishing scam circulating the internet lures victims in with promises of exclusive “verified account” status – and then makes away with their personal information. Researchers became aware of the scam when they recently came across a phishing landing page that capitalizes on this scam. The page masquerades as a real Instagram verification submission page, prompting victims to apply for verification. An Instagram spokesperson told Threatpost that they always advise users to be wary of any communication alleging to come from Instagram.

READ MORE


Fake jQuery Reappears

blog.malwarebytes.com - Author: Jérôme Segura - Date: June 27th, 2019 

Recently new domains used by an old malware campaign known as ‘fake jquery’, previously documented by web security firm Sucuri have been discovered. Thousands of compromised websites are injected with a reference to an external JavaScript called jquery.js. Unsurprisingly, this redirects users to a web of malicious redirects via malvertising campaigns with a strong focus on mobile users who are tricked into installing rogue apps. The end goal is to monetize via fullscreen adverts that pop up on your phone at regular intervals.

READ MORE


Bizarre messages found on traffic sign are really art

abc13.com - Courtney Fischer - Date: June 12th, 2019

What looked like a hacked traffic sign on Allen Parkway reading 'We are the asteroid' turned out to be a bizarre art installation. ABC13's Courtney Fischer spotted something strange on her way to work Wednesday just before 3 a.m. "Warning: Hurricane Human. Triassic weather ahead. Global warming at work. Goodbye Arctic Ice, and We are the asteroid" were part of the messages on the digital sign. Described as a conceptual, text-based artwork by Brooklyn-based artist Justin Brice Guariglia, the repurposed highway sign features texts by Rice University professor Timothy Morton. Instead of alerting viewers to road conditions, the solar-powered LED message board features a variety of messages intended to call attention to ecological issues.

Watch the video here

Posted by Alan Hernandez

Comments
Top