Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.
Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent. The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.
Read more…
Source: malwarebytes Labs
Related:
- StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
June 30, 2020
he APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group (a.k.a. Promethium) is operating a series of bogus websites purporting to offer a ...
- CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
June 30, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...
- New EvilQuest ransomware discovered targeting macOS users
June 30, 2020
Security researchers have discovered this week a new ransomware strain targeting macOS users. Named OSX.EvilQuest, this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, EvilQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. “Armed with these capabilities, the attacker can main full control over ...
- Chinese malware used in attacks against Australian orgs
June 28, 2020
The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. Behind the attack is a “sophisticated” adversary that relies on slightly modified proof-of-concept exploit code for yesteryear vulnerabilities, the government says. An unofficial blame finger points to China. The ...
- Battling COVID; a cyber Airman’s story
June 26, 2020
Tech. Sgt. Brandon Ibanez, a cyber intelligence analyst with the 854th Combat Operations Squadron here, doesn’t wear a helmet to work, nor does he wear a sword or shield. As a Gladiator in the 960th Cyberspace Wing, it’s not a requirement to don the traditional uniform of ancient Roman fighters, and it would be impractical because ...
- DarkCrewFriends Returns with Botnet Strategy
June 26, 2020
The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system. Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload ...