Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Trickbot Watch: Arrival via Redirection URL in Spam
May 20, 2019
Trend Micro discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. In this particular case, the variant used Google to redirect from the URL hxxps://googledm:443/url?q=<trickbot downloader>, whereby the URL in the query string, url?q=<url>, is the malicious URL that the user is redirected to. ...
- Security researchers discover Linux version of Winnti malware
May 20, 2019
For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...
- Mobile Risks Boom in a Post-Perimeter World
May 16, 2019
Cybercriminals are now taking a mobile-first approach to hacking the enterprise. Case in point, last month a half-billion Apple iOS users were stung by an attack exploiting an unpatched bug in Chrome for iOS. Crooks managed to hijack user session and redirect traffic to malicious websites booby-trapped with malware. Attacks like these demonstrate just how widespread and effective ...
- Spam and phishing in Q1 2019
May 15, 2019
As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as ...
- Intel CPUs Impacted By New Class of Spectre-Like Attacks
May 14, 2019
A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing ...
- Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
May 13, 2019
A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices. Named Thrangrycat, the vulnerability impacts the Trust Anchor module (TAm), a proprietary hardware security chip part of Cisco gear since 2013. This module is the Intel SGX equivalent for Cisco devices. The TAm ...