Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.
Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent. The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.
Read more…
Source: malwarebytes Labs
Related:
- Cyberespionage APT group hides behind cryptomining campaigns
December 2, 2020
An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. Coin mining is typically regarded as a non-critical security issue, so the method allowed the actor to establish persistence and move laterally on the compromised network, at the same time ...
- Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
December 2, 2020
Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat (APT) espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools – including the file-sharing service Dropbox – in order to hide behind normal network traffic. Researchers ...
- iPhone Bug Allowed for Complete Device Takeover Over the Air
December 2, 2020
Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within a nearby vicinity. The hack could of ...
- The Impact of Modern Ransomware on Manufacturing Networks
December 1, 2020
Ransomware threats have disrupted the manufacturing industry significantly in 2020. In a disturbing trend during the third quarter of the year, attackers appeared to be singling out manufacturing organizations as a victim of choice in their ransomware operations. Ransomware threats have disrupted the manufacturing industry significantly in 2020. These attacks have resulted in substantial losses in ...
- Malicious npm packages caught installing remote access trojans
December 1, 2020
The security team behind the “npm” repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers of developers working on JavaScript projects. The name of the two packages was jdb.js and db-json.js., and both were created by the same author and described ...
- CISA: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
December 1, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. The following guidance ...