This Week in Security: A Song of Phishing and Passwords

Phishing for Developers

Hackers are targeting Chrome extension developers with phishing attacks to hijack control over their extensions in the Chrome Webstore. The phishing attacks are very well crafted to display a replica of the real Google login page and use new domains to bypass Google’s Safe Browsing blacklist.

After gaining control of the extension, the hackers insert malicious code into the browser extensions. These hijacked extensions are then distributed to unsuspecting users via the auto-update mechanism in Google Chrome and insert affiliate advertisements into webpages.

In the past, attackers would deploy banking trojans which would install malicious browser extensions to steal financial credentials. It’s not a far cry to believe they will eventually hijack browser extensions on the Chrome web store to start stealing credentials to financial institutions in order to initiate outbound external transfers to an offshore bank account.

If you’re an extension developer, protect yourself by:

  • Requiring two-factor authentication on your developer account
  • Manually navigate to sites the e-mails purport to originate from, don’t click on links
  • Use a unique password for your developer account

Google Chrome users should be cautious about which extensions are installed.

A New Mortgage Backed Security Problem

Business e-mail compromise doesn’t just target businesses, as a Washington, D.C. couple learned when they were scammed out of $1.5 million when purchasing a home.

It’s been almost a decade since the great recession caused by mortgage-backed securities (MBS) and now we have a mortgage backed cybersecurity problem.

Scammers have targeted their phishing and social engineering skills to target home buyers in the process of closing on their homes. The scammers hack into the title company (or real estate agent) and send out settlement statements, which contain the final payment amount and a bank account to wire the final payment to. The scammers change (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Threat Guidance Team. Read the original post at: Cylance Blog