In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating.
Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Read more…
Source: Malwarebytes Labs
Related:
- Gold Galleon Hacking Group Plunders Shipping Industry
April 18, 2018
Researchers have identified the hacking group behind several widescale business email compromise (BEC) attacks gouging the maritime shipping industry millions of dollars since last year. Attackers are taking advantage of the industry’s lax security and the use of outdated computers, according to a report released here at the RSA Conference Wednesday. Researchers from the Dell SecureWorks Counter ...
- Automated Bots Growing Tool For Hackers
April 17, 2018
The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeypot showed an automated bot come in and lay the groundwork – by exploiting vulnerabilities and ...
- US, UK cyber cops warn Russians are rooting around in your routers
April 16, 2018
American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world’s network devices. The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) on Monday issued a joint Technical Alert describing a global assault ...
- Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer
April 15, 2018
Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals ...
- Hackers Found Using A New Code Injection Technique to Evade Detection
April 13, 2018
While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a “simple yet powerful” technique that allows attackers to inject malicious code into a legitimate ...
- ‘Dark web’ targeted in crime crackdown by Government
April 11, 2018
Criminals are emboldened by the anonymity of the dark web, which has become a platform for horrific abuse, the Home Secretary will say today. New funding to crack down on the “dangerous” dark web will be launched by Amber Rudd in a speech at the Government’s flagship event for cybersecurity. Read more… Source: Sky News