In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating.
Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Read more…
Source: Malwarebytes Labs
Related:
- This is how cyber attackers stole £2.26m from Tesco Bank customers
October 1, 2018
The inner workings of a cyber attack against Tesco Bank which saw £2.26m stolen from 9,000 customers — and resulted in the bank being fined over £16.4m for the failings that allowed it to happen — have been revealed. The Financial Conduct Authority (FCA) has hit the bank with a £16.4m fine and said Tesco Bank failed to ...
- DanaBot Banking Trojan Found Targeting European Countries
September 27, 2018
Security researchers recently discovered a banking trojan named DanaBot (detected by Trend Micro as TROJ_BANLOAD.THFOAAH) being distributed to European countries via spam emails. Here’s what you need to know about this threat, how users and businesses can defend against it, and how managed detection and response can help address this threat. What is DanaBot? DanaBot is a banking trojan, written in ...
- Port of San Diego suffers cyber-attack, second port in a week after Barcelona
September 27, 2018
Two major international ports fell victim to cyber-attacks within the span of a week, putting the shipping industry on alert for a possible threat actor targeting the entire sector. The first to fall was the Port of Barcelona, Spain, on September 20, last week. The second attack was reported yesterday, September 25, by the Port of ...
- Cobalt threat group serves up SpicyOmelette in fresh bank attacks
September 27, 2018
Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...
- VPNFilter’s Arsenal Expands With Newly Discovered Modules
September 26, 2018
Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After ...
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
September 24, 2018
The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017. The incident took place on March 3, 2017, when the organization’s entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain. The ransomware encrypted files and requested payment of ...