A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
Detected a Trojan that emulates the WhatsApp account and fraudulently manages subscriptions to payment sites
17/10/2022Kaspersky researchers has reported that YoWhatsApp advertised on Snaptube and Vidmate, two of the most popular download platforms at the moment, is actually a Trojan capable to issuing paid subscriptions and stealing WhatsApp accounts. YoWhatsApp would act as a mod of the original messaging program, offering new functions that the official service does not allow, such as wallpapers, personalized fonts for chats and password-protected access to conversations, .... As Kaspersky researchers have explained, when a user installs YoWhatsApp on a device, it’s forced to log in to they real application account, and in this moment, Triada Trojan is activated, downloaded and executed on the terminal. Once this is done, the Trojan is capable of accessing the user's real WhatsApp account credentials, steal all the data, having already detected unauthorized subscriptions to paid subscriptions. Kaspersky recommends to install, only, Apps from official stores and reliable sources and they have insisted on the need to check always the permissions granted to each application. Installing an antivirus is another recommended measure.
[ ... ]
Google Health will be use to study the impact of mobile phones on our mental health
01/06/2022Spaniards spend an average of 3 hours and 40 minutes a day connected to the mobile. This time multiplied from Monday to Sunday is the same as more than 25 hours a week, according to the Digital Consumer by Generation report. To analyze the impact of all this time of digital consumption on our mental health, a group of researchers from the University of Oregon (United States) has just announced that they will use the Google Health app to analyze how users use their smartphones and discuss how in the future, digitals products and devides can make people happier, without falling into dependency. In their work, they will measure factors such as sleep or physical activity, for which they will also use the data collected by Fitbit, the activity bracelets owned by Google. One of the researchers, Dr. Nicholas Allen, stressed that "some studies similar to the one that we are going to start, usually condem the technology based on their conviction that it must be bad for mental health and well-being." . For this reason, he believes that is not positive to focuses only on the potentially harmful effects of the use of the devices, and also is important to takes into account the benefits that they offer.
[ ... ]
Video calling apps listen when the microphone is off, according to a study
25/04/2022A group of researchers from the University of Wisconsin-Madison (United States) has determined that video conferencing applications can continue accessing audio data even if the user has disabled the microphone. To demonstrate this, they have studied the most popular video conferencing applications and have analyzed the behavior of the mute button until they has determined that all the applications that they has tested whether the microphone was open or closed, occasionally collected raw data and delivered it to the servers of their services. In their research they have worked with binary analysis tools to see how the audio was transferred from the application to the audio drivers of the computers and then to the network. They aslo have created, through machine learning models ( 'machine learning'), a classifier of daily activities that, with 82% accuracy, has determined which activities users were doing while their microphones were, theoretically, silenced. In relation to this, the authors of this work recall that beyond muting the microphone, you can turn off the microphone of a device through the settings menu, a safer option to limit access to confidential information and sensitive data. All the conclusions of this study will be known next July in the Privacy Improvement Technologies Symposium.
[ ... ]
New Wifi technology to accurately count seated people
27/09/2021Small natural gestures such crossing your legs, checking your mobile, or scratching your nose are enough to count the number of people sitting in certain space. A group of researchers from the University of California have developed a system that overcomes the precision problems that the lack of movement during most of the time in seated people caused in this type of counting operations. This new system also allows those seated behind a wall to be counted. The new technology that is suitable for Wi-Fi devices is based on a mathematical model that, in a similar way to how the queue management theory works, relates the total number of gestures to the number of people sitting in the same space. Accuracy is 96.3, based on tests performed during the study. In addition, the researchers say, the system offers an accuracy of almost 90%, in the detection of people behind the walls or dividing columns of any space.
[ ... ]
Makeup causes failures in facial recognition systems
22/09/2021A research from the Ben-Gurion University of Israel has concluded that makeup reduces the effectiveness of facial recognition mechanisms. During the tests, the researchers used the ArcFace facial detection system, and they determined an effectiveness of 47,6% in people who did not use make up and 33,7% in those who did. They also confirm that applying makeup in specific face areas that algorithms analyze, the effectiveness of the facial recognition system is significantly altered and only 1.22% persons were recognized. In addition, the researchers from the Israeli university also did the test digitally, making up some photographs of the volunteers and the result was that the system was not able to recognize any of the faces. According to all these results, the researchers believe that the current level of development of facial detection systems is still below the realistic threshold.
[ ... ]
Ransomwhere, new platform to track cyberattack payments
13/07/2021This week was made known the unveiling of Ransomwhere, a new collaborative data platform born with the intention of being able to track 'ransomware' ransom payments to cybercriminals wallets. The platform launched by cybersecurity researcher Jack Cable, allows data to be entered into the Ransomwhere website in an open and transparent format, so that users can easily report on the cryptocurrency wallets used in their ransomware attack payments, often included in the ransom notes of the attacks, and through this data the figure obtained in extortion payments to cybercriminals is obtained. As these payments are made with cryptocurrencies, the transactions can be traced as they are opened by the use of the blockchain or Blockchain. According to the first data obtained in these first weeks of operation, Ransomwhere has reported that it has already recorded more than $33 million paid this past year in ransomware and accumulated data of about $28 million more satisfied previously. This information also shows that the ransomware with the highest income so far is Netwalker, with more than 27 million dollars, followed by REvil / Sodinokibi, with more than 11 million.
[ ... ]