In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating.
Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Read more…
Source: Malwarebytes Labs
Related:
- Delta Confirms Breach Of Customer Payment Details
April 5, 2018
Hackers have had access to Delta customer payment data for over six months after third party breach US airline Delta Air Lines and American department store Sears Holding have both confirmed a data breach, after an incident involving a third party tech provider. Delta said that it was notified last week by 7.ai, a company that provides online chat ...
- 1.5 billion sensitive files exposed by misconfigured servers, storage and cloud services
April 5, 2018
Researchers have discovered over 1.5 billion sensitive files including payroll information, credit card details, medical data, and patents for intellectual property are exposed online, putting consumers and businesses at risk of theft, cybercrime, and espionage. But the information exposed online — which amounts to a total of 12,000 terabytes of data — isn’t there as a ...
- Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns
April 5, 2018
A malware family called Rarog is becoming an appealing and affordable tool for hackers to launch cryptocurrency mining attacks, researchers say. They say the Trojan is low priced, easily configurable and supports multiple cyrptocurrencies, making it an appealing option for hackers. Palo Alto Networks’ Unit 42 research team, which posted a blog on Wednesday after tracking Rarog for months, ...
- A new Mirai-style botnet is targeting the financial sector
April 5, 2018
A botnet made up of hijacked internet-connected televisions and web cameras has a new target, security researchers have found. Three financial sector institutions have become the latest victims of distributed denial-of-service (DDoS) attacks in recent months. New research by Recorded Future’s Insikt Group published Thursday points to what’s likely to be the IoTroop botnet, used to pummel financial ...
- Retail sector top cyber attack target
April 5, 2018
The retail sector suffered the most breach incidences (16.7%) in 2017 as attackers became more organised, the latest Trustwave security report shows. The retail sector was followed by the finance and insurance industry(13.1%) and hospitality (11.9%), according to the 2018 Trustwave global security report, which is based on the analysis of billions of security events worldwide, hundreds ...
- Russian Hacker Who Allegedly Hacked LinkedIn and Dropbox Extradited to US
March 30, 2018
A Russian man accused of hacking LinkedIn, Dropbox, and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic. Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the ...