Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.
Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent. The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.
Read more…
Source: malwarebytes Labs
Related:
- Story of the year 2019: Cities under ransomware siege
December 11, 2019
Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three years, the share of users targeted with ransomware in the overall number of malware detections has risen from 2.8% to 3.5%. While ...
- Waterbear is Back, Uses API Hooking to Evade Security Product Detection
December 11, 2019
Waterbear, which has been around for several years, is a campaign that uses modular malware capable of including additional functions remotely. It is associated with the cyberespionage group BlackTech, which mainly targets technology companies and government agencies in East Asia (specifically Taiwan, and in some instances, Japan and Hong Kong) and is responsible for some infamous campaigns ...
- Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
December 11, 2019
In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as ...
- New Plundervolt attack impacts Intel CPUs
December 10, 2019
Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows ...
- Snatch Team Steals Data and Hammers Orgs with Ransomware
December 10, 2019
A fresh ransomware variant known as “Snatch” has been spotted in campaigns, forcing Windows machines to reboot into Safe Mode before beginning the encryption process. It’s one of multiple components of a malware constellation being used in carefully orchestrated attacks that also feature rampant data collection. According to researchers with SophosLabs, Snatch runs itself in an ...
- New ransomware attacks target your NAS devices, backup storage
December 5, 2019
The number of ransomware strains targeting NAS and backup storage devices is growing, with users “unprepared” for the threat, researchers say. Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services — including hospitals and utilities — and individuals. Once deployed on a system, the malware ...