In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating.
Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Read more…
Source: Malwarebytes Labs
Related:
- Global threat group Fin7 returns with new SQLRat malware
March 20, 2019
The notoriously well-known threat group Fin7, also known as Carbanak, is back with a new set of administrator tools and never-before-seen forms of malware. Fin7 has been active since at least 2015 and since the group’s inception has been connected to attacks against hundreds of companies worldwide. Over 100 companies have been impacted in the United States ...
- Aluminium Maker Hydro Goes Old School After Ransomware Attack
March 20, 2019
A large Norwegian manufacturing firm has had to close its website and IT operations and go old school by resorting to manual processes for its factories. It comes after a devastating ransomware attack crippled Norsk Hydro, one of the world’s largest producers of aluminium. As of Wednesday afternoon, its website was still offline, and the firm has ...
- London’s top attractions besieged by more than 100 million cyber attacks
March 18, 2019
Kew Gardens, National History Museum, Tate Gallery and Imperial War Museum have been hammered by a total of 109 million cyber attacks over the last few years according to Parliament Street. The research firm issued a Freedom of Information (FOI) request to the four leading tourist attractions in London to uncover just how secure their IT ...
- Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web
March 17, 2019
A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace. This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which ...
- Disrupting the Attack Chain Through Detecting Credential Dumping
March 15, 2019
There are various steps that an attacker must follow in order to execute any successful attack, with the initial compromise being just one stage in the overall attack chain. Once attackers have successfully breached the perimeter of an organization, they enter into the lateral movement phase where they attempt to tiptoe through a network, identifying ...
- Island hopping: The latest security threat you should be aware of
March 12, 2019
While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...