Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.
Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent. The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.
Read more…
Source: malwarebytes Labs
Related:
- TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
January 9, 2020
The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in Base64 format. It’s deployed as a module after the initial TrickBot infection has already taken hold on ...
- Threat Spotlight: Amadey Bot Targets Non-Russian Users
January 8, 2020
Amadey is a simple Trojan bot first discovered in October of 2018. It is primarily used for collecting information on a victim’s environment, though it can also deliver other malware. A major infection vector for Amadey are exploit kits such as RigEK and Fallout EK. During our monitoring, we also observed this Trojan being delivered via AZORult Infostealer on ...
- First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
January 6, 2020
Trend Micro found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that ...
- DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US
January 6, 2020
The US government has issued a security alert over the weekend, warning of possible acts of terrorism and cyber-attacks that could be carried out by Iran following the killing of a top general by the US military on Friday. The warning comes in the form of a rare NTAS (National Terrorism Advisory System) alert, of which ...
- Travelex UK Website Still Down After Cyberattack
January 3, 2020
The British website of foreign currency seller Travelex remains offline as of Friday 3 January, after being taken down following a cyber-attack on Monday 30 December (New Years Eve). The good news is that an investigation has shown there is no indication the virus has compromised any personal or customer data. But the fact that nearly a ...
- FBI Warns of Maze Ransomware Focusing on U.S. Companies
January 3, 2020
Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first. The warning came less than a week after the Bureau warned about the LockerGoga and MegaCortex ransomware threats infecting corporate systems. Maze has been operating since ...