Malwarebytes Browser Guard Filters out annoying ads and scams while blocking trackers that spy on you. Download free...
Posted by DASOS security info on Wednesday, January 22, 2020
Wednesday, January 22, 2020
Malwarebytes Browser Guard
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
Posted: January 22, 2020 by Jérôme Segura
In the early days, practically all tech support scammers would get their own leads by doing some amateur SEO poisoning and keyword stuffing on YouTube and other social media sites. They’d then leverage their boiler room to answer incoming calls from victims.
Today, these practices continue, but we are seeing more advanced operations with a clear separation between lead generation and actual call fulfillment. Malvertising campaigns and redirections from compromised sites to browser locker pages are owned and operated by experienced purveyors of web traffic.
There is one particular browser locker (browlock) campaign that had been eluding us for some time. It stands apart from the others, striking repeatedly on high-profile sites, such as the Microsoft Edge Start page, and yet, eluding capture. In addition, and a first to our knowledge, the browser locker pages were built to be ephemeral with unique, time-sensitive session tokens.
In November 2019, we started dedicating more time to investigating this campaign, but it wasn’t until December that we were finally able to understand its propagation mechanism. In this blog, we share our findings by documenting how threat actors used targeted traffic-filtering coupled with steganography to create the most elaborate browser locker traffic scheme to date. More: Malwarebytes Labs
World's Biggest Data Breaches & Hacks
Great presentacion !
Safely check if your details have been compromised in any recent data breaches: https://haveibeenpwned.com/
Tuesday, January 21, 2020
Malwarebytes has discovered a strain of malware on the Unimax (UMX) U686CL, a low-end smartphone sold by Virgin Mobile Group subsidiary Assurance Wireless.
Low-end smartphones across the United States have a new problem to deal with, malware. Malwarebytes has discovered a strain of malware on the Unimax (UMX) U686CL, a low-end smartphone sold by Virgin Mobile Group subsidiary Assurance Wireless.
Unremovable malware found preinstalled on low-end smartphone sold in the US zdnet.com/article/unremo…
Adups and HiddenAds
To begin with, they discovered that one of the apps on the phones- named Wireless Update- contained a malware known as Adups. The malware was created by a Chinese company bearing the same name, and was billed as a means of allowing firmware vendors to update their code.
However, researchers at Kryptowire found in 2017 that its manufacturers were able to ship updates to the software without getting permission from the devices’ vendors and users. Malwarebytes explained that the software still does the same thing to this day.
“From the moment you log into the mobile device [the UMX U686CL], Wireless Update starts auto-installing apps. To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own,” researchers explained.
Although they pointed out that the apps were initially free of any malware, the fact that they’re installed without consent means that Adups (the software manufacturers) could just as well do the same thing at any time.
Our new mobile malware report is now available. Whilst the number of malicious apps are down, the number of attacks doubled.
For the full details, check out the report here: kas.pr/1g8d #KLReport #mobile
That’s not all. They also found suspicious code in the Settings app. As they explained, the app was filled with a heavily obfuscated malware strain,’ and from the set of characters used in writing its code, they opined that it was of Chinese origin.
They explained that it was meant to act as a dropped for HiddenAds; a popular second-stage malware payload.
Difficult to Uninstall
The company explained that they couldn’t confirm if the malware was installed by the device manufacturers. They might as well have been installed by any of the third parties that had access to the devices while in transit. But, that’s unlikely.What’s troublesome is the fact that the two malware were said to be non-removable, thanks to their strategic location. Adups is hidden in the Wireless Update app, and any user that uninstalls or disables that will miss out on critical updates going forward.
Monday, January 20, 2020
Microsoft Issues Windows Security Update for 0Day Vulnerability
Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively.
The first one is a zero-day RCE vulnerability tracked as CVE-2019-1367 and disclosed by Clément Lecigne of Google’s Threat Analysis Group.
The CVE-2019-1367 scripting engine memory corruption vulnerability is known to have been exploited in the wild and it "exists in the way that the scripting engine handles objects in memory in Internet Explorer."
Out of band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 have been released today. For more information please see portal.msrc.microsoft.com/en-US/security… and portal.msrc.microsoft.com/en-US/security… .
"The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user" says Microsoft. More: bleepingcomputer.com
Subscribe to:
Posts (Atom)