Covid-19 – Cyber update
Malicious actors are once again uninhibited in their desire to leverage any potential opportunity to defraud the unwary, this time using the global pandemic as a catalyst for their callous attacks.
New phishing campaigns are witnessed almost continually within the cyber community, reports have been made of some phishing attacks claiming to have a limited supply of vaccines, using the expected tropes of urgency, limited availability and special discounts, users are asked to provide personal data and payment methods for an apparent vaccine which ultimately, never materialises.
As with all things, awareness is the key to prevention. We’d recommend following official NHS guidelines and updates on the vaccination program and what to expect when you’re offered the jab.
Amazon Patch “KindleDrip” Vulnerability in Kindle Devices.
Several vulnerabilities were discovered in all Amazon Kindle models released from 2014 onwards that allowed attackers to perform remote code execution on the affected devices.
Using a feature known as “Send to Kindle”, attackers were able to instigate an attack that would provide the attacker with the ability to perform privilege escalation, make purchases and obtain credentials. The attach would begin with a phishing email to the targets kindle email address, the attacker would send an eBook to the target address, the unknowing kindle user would then open the assumed benign eBook, links in the contents page of the book will instead send the user to a malicious HTML page where a JPEG image is automatically parsed and the attached malicious code automatically run at root level.
Although the attack relies on knowing the targets kindle address, successfully spoofing the sending address, the target user falling for the phish and opening the book and finally clicking on a link in the contents page, successful malware execution would provide the attacker with credentials stored on the device and the ability to make purchases on the targets account.
Amazon have since patched the issue and all kindle users are recommended to ensure they have updated to the latest firmware available (patch release 10/12/2020 Firmware version 5.13.4)
New Android Malware Discovered
Security researchers have discovered a brand-new strain of malware targeting Android devices. The malware, which has been name “Oscorp” by the Italian CERT-AGID, attempts to fool the user into believing that it is a “customer protection” app, and once installed, pressures the user into granting access to the app by continually opening the settings screen every few seconds.
Once installed and permissions granted, the malicious app will attempt to a wide range of attacks, including making calls, sending SMS, uninstalling apps and logging keystrokes, additionally, the new strain of malware will also attempt to steal cryptocurrency from wallets stored on the device.
Android users are recommended to only install trusted apps from the official Google Play store and to ensure they review any permissions requested by the app.
Another New Android Malware Sent via WhatsApp
Another new strain of malware has been discovered to affect Android devices, propagating through WhatsApp messages.
Users are sent links to download a Huawei app via a spoofed google play store, this app, once downloaded, installed and permissions provided, will use the the WhatsApp “Quick Reply” feature to automatically respond to a users WhatsApp messages, sending contacts a link to the previously installed malicious app. Additionally however, the app requested “draw over other apps” permission, this allows the app to create invisible boxes over the top of other apps and websites so that, when a user tries to enter their credentials into the legitimate site, the user instead provides the credentials to the malicious app.
As with the previous article, it is recommended the users only ever download trusted apps from the official Google Play store and always review permissions requested by apps before permitting.
Emotet Botnet Disrupted
Europol, in conjunction with law enforcement authorities from several countries, including the UK’s NCA, have disrupted “one of the most significant botnets of the last decade”.
Starting as a banking trojan in 2014, Emotet evolved to become a staple tool for malware activity, in recent years, Emotet was used as an entry point into systems for ransomware, trojans and other malware, including high-profile malware such a Ryuk, Trickot and QakBot.
Its unclear how the world of cyber crime will react to the takedown, consequences of the disruption to one of the greatest tools in the armoury of thousands of malicious actors around the globe is likely to be forthcoming.