There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated.
At first, these attacks were more targeted at people that could provide cybercriminals a foothold at a targeted company, but their popularity has grown so much that now anyone can run into one of them. It usually starts on a website that promises visitors some kind of popular content: Movies, music, pictures, news articles, you name it. Nobody will think twice when they are asked to prove they are not a robot.
Read more…
Source: Malwarebytes Labs
Related:
- New SLUB Backdoor Uses GitHub, Communicates via Slack
March 7, 2019
We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected to the infecting code. In this case, each visitor is redirected only ...
- Data-Wiping Cyberattacks Plague Financial Firms
March 6, 2019
Over a quarter of surveyed financial institutions reported that they were targeted by destructive cyberattacks over the past year, bent on completely destroying data. That’s according to a new Carbon Black report unveiled at RSA this year. The report, “Modern Bank Heists: The Bank Robbery Shifts to Cyberspace,” outlines the top attacks that financial firms are facing ...
- IoT Devices Under Constant Attack
March 4, 2019
‘Secure your IoT devices’ is the message from security specialist Cyxtera Technologies, after research found that IoT devices are now under constant attack. The research was conducted jointly by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design. They detected more than 150 million connection attempts to 4,642 distinct IP addresses ...
- How the Dark Web Data Bazaar Fuels Enterprise Attacks
March 3, 2019
It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privacy concern, but it’s also increasingly an enterprise ...
- New exploit lets attackers take control of Windows IoT Core devices
March 2, 2019
Speaking at a conference today, a security researcher has revealed a new exploit impacting the Windows IoT Core operating system that gives threat actors full control over vulnerable devices. The vulnerability, discovered by Dor Azouri, a security researcher for SafeBreach, impacts the Sirep/WPCon communications protocol included with Windows IoT operating system. Azouri said the vulnerability only impacts Windows ...
- Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks
February 27, 2019
The notorious Chinese-linked threat group, dubbed Bronze Union, has been spotted in a widespread 2018 campaign updating its arsenal of cyberweapons by breathing new life into old tools. The threat group was spotted in 2018 using updated source code to target data owned by political, technology, manufacturing and humanitarian organizations, researchers with the Dell Secureworks Counter ...