Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.
Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent. The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.
Read more…
Source: malwarebytes Labs
Related:
- Trickbot Appears to Target OpenSSH and OpenVPN Data in Upgraded Password-Grabbing Module
November 25, 2019
Trickbot first arrived on the scene in 2016, its initial iteration being a banking trojan that infected computers to steal email passwords and address books to spread malicious emails from compromised accounts. A few years and multiple transformations later, what was a simple banking trojan has since mutated into a constantly evolving malware family that includes information ...
- Unwanted notifications in browser
November 25, 2019
When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achieve that, users are hoaxed into ...
- Critical Flaws in VNC Threaten Industrial Environments
November 22, 2019
The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible servers in systems that use the code. The ...
- DePriMon downloader uses novel ways to infect your PC with ColoredLambert malware
November 21, 2019
A malware downloader has been spotted using novel “Port Monitor” methods that have not been detected before in active campaigns. Dubbed DePriMon, the malicious downloader is used to deploy malware used by Lambert — also known as the Longhorn advanced persistent threat (APT) group — which specializes in attacks against European and Middle Eastern companies. Kaspersky estimates ...
- New SectopRAT Trojan creates hidden second desktop to control browser sessions
November 21, 2019
A new Trojan, SectopRAT, has appeared in the wild which is able to launch a hidden secondary desktop to control browser sessions on infected machines. The new malware was first spotted by MalwareHunterTeam. In a tweet on 15 November, MalwareHunterTeam said the C# malware, compiled on 13 November, was able to “create hidden desktop and run ...
- High-Severity Windows UAC Flaw Enables Privilege Escalation
November 20, 2019
Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control (UAC), a security feature of Windows within Secure Desktop which helps prevent unauthorized changes to the operating system. “With UAC fully ...