In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating.
Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Read more…
Source: Malwarebytes Labs
Related:
- Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
June 7, 2019
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed ...
- Hackers are scanning for MySQL servers to deploy GandCrab ransomware
May 24, 2019
At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware. These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect ...
- Trickbot Watch: Arrival via Redirection URL in Spam
May 20, 2019
Trend Micro discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. In this particular case, the variant used Google to redirect from the URL hxxps://googledm:443/url?q=<trickbot downloader>, whereby the URL in the query string, url?q=<url>, is the malicious URL that the user is redirected to. ...
- Goznym Malware: Cybercriminal Network Dismantled In International Operation
May 16, 2019
An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network. The criminal network used GozNym malware in an attempt to steal an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions. A criminal Indictment returned by a federal grand jury in Pittsburgh, USA charges ...
- Spam and phishing in Q1 2019
May 15, 2019
As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as ...
- Lax Telco Security Allows Mobile Phone Hijacking and Redirects
May 9, 2019
As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for ...