IcedID malware branches out
In September 2017, IcedID was first spotted in the wild. The malware was being used in phishing schemes, and if the unsuspecting user downloaded it onto their system, it would go to work stealing bank credentials. One of its ruses was putting up a lookalike bank app login page, which would capture the user’s credentials as soon as they entered them. Another ruse was adding fields to legitimate online pages to prompt users into giving out more info than they would otherwise.
IBM Security has been studying the malware since its first appearance, and this past November they found it active in a new endeavor — stealing payment credentials for online retailers. They grab the user’s payment info, then make purchases in various online shops with it. The fact that IcedID is still using the banking ruse leads some cybersecurity experts to speculate that it is also being sold as malware-as-a-service. While it could be the same cybergang using it to steal bank credentials AND e-tail payment credentials, experts believe it is more likely that the malware was sold to other criminal groups to be used for their own purposes. IBM Security expects we will be seeing more of IcedID throughout 2019.
Siri Shortcuts at risk
Last September, Apple introduced Siri Shortcuts with iOS 12. The feature allows users to trigger Apple’s digital assistant to perform a multi-layered task, often involving a third-party app, with one simple verbal command. IBM Security reports that this feature and its associated app could be compromised with malicious intent, as shortcuts are essentially a chain of commands given to one’s device. Users share shortcuts through the cloud, so it’s possible someone could be fooled into downloading a phony shortcut. Once inside the user’s system, the malware could perform a multitude of malicious tasks, including wreaking havoc on the device’s settings, such as brightness, sound, vibration, and flashlight mode. It could also possibly speak a ransom note, in Siri’s own voice, directing the user how to make the ransom payment. The researchers did not say the malware would have the ability to truly lock up files, but they said it could certainly pretend to be holding the user’s data in check, functioning as “scareware.” Also, the malware would have easy access to the user’s contact list, and could send emails pretending to be from the user, infecting exponentially more as its contact lists grow.
Cybergang APT10 attacks another cloud service
The Norwegian cloud-based software provider Visma joins at least nine other cloud services, including IBM and HPE, in the distinction of having been attacked by the Chinese nation-state cybergang APT10. The hackers successfully breached Visma last August using stolen credentials to log in to the software client Visma employees use to access the internal company network. Once inside, the hackers launched two malware programs designed to gather as much Visma data as possible. Fortunately, the attack was detected early enough that the hackers did not have the time to burrow into Visma’s customers’ internal networks.
Tracing the type of hardware compromised and the techniques used, cybersecurity researchers released a report this week that APT10 was also behind the hack of a US law firm that deals with Chinese companies and an international apparel company. In December 2018, the FBI charged two Chinese nationals who they believed were part of APT10 with 45 hacking instances in the United States as well as other cyberattacks around the globe. The Beijing government denies all accusations.
Avast named Product of the Year 2018
It’s with no small amount of joy that we get to report on ourselves this week. Independent test lab AV-Comparatives has awarded Avast Free Antivirus the grand title of Product of the Year.
The software won the award for scoring the highest average across all categories in the lab’s 2018 Public Main Test Series, which challenges the software with thousands of real-world malware samples and assesses its performance impact on the system as a whole. Read the full AV-Comparatives annual report, and while you’re at it, check out our award-winning free virus protection.
“AV-Comparatives is one of the most prestigious test labs in the security industry,” comments Luis Corrons, Security Evangelist for Avast. “Receiving the top award that this independent test lab gives – and after a full year of intensive tests – is a great validation of all the efforts we make to live up our mission – to protect our users’ digital lives by keeping them safe and secure online, always.”
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/icedid-targets-etailers-and-siri-flaw-found