Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
May 21, 2020
Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two malware files that pose as Zoom installers but when decoded, contains the malware code. These malicious fake ...
- Silent Night Banking Trojan Charges Top Dollar on the Underground
May 21, 2020
A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range ...
- Critical Cisco Bug in Unified CCX Allows Remote Code Execution
May 21, 2020
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express (CCX). Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. The flaw (CVE-2020-3280), which has a CVSS score of 9.8 out ...
- NetWalker Ransomware Gang Hunts for Top-Notch Affiliates
May 20, 2020
The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service (RaaS) model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally, “technically advanced” and RaaS don’t tend to go together – after all, one of the benefits of ...
- ‘Flight risk’ employees involved in 60% of insider cybersecurity incidents
May 20, 2020
Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, new research suggests. According to the Securonix 2020 Insider Threat Report, published on Wednesday, “flight risk” employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a job, often change their behavioral patterns from two months ...
- Verizon’s 2020 DBIR
May 19, 2020
Verizon’s 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This year’s ~120 page report analyses data from ...