Mutating Malware Revealed in Recent Cyber Attacks
Several embassies have been attacked recently by a trojanized version of TeamViewer, a remote-access desktop sharing software. According to Check Point Research, these attacks began on April 1, and have been on a roll ever since. The specific hacker that Check Point’s report focused on was EvaPiks, who is believed to be connected with Russian-speaking gangs. EvaPiks was able to make changes to a weaponized version of TeamViewer in order to carry out their multiple attacks. In each of the attacks on these embassies, there was a phishing email involved in which a malicious Excel file was attached. It appeared to be an official “top secret” document from the U.S. State Department. The file was also macro-enabled, and after the users enable macros on their computer, the malicious files would begin to download. Be wary of suspicious emails, and especially opening attachments inside of them.
Mac Malware Coming to Light
At least six malware threats have appeared in the last month that were strong enough to penetrate Apple’s security protections. One new culprit, known as OSX/CrescentCore masks itself as an installer for Adobe Flash media player, tricking users into clicking malicious links. Intego, a Mac antivirus provider, discovered that this malware was being distributed throughout many websites. They also stated that “Mac users should beware that they may encounter it, even via seemingly innocuous sources such as Google search results.” To check for infections on a Mac, it is suggested that users look for files named Player.dmg, or even file folders named /Library/com.apple.spotlight.Core or /Library/ApplicationSupport/com.apple.spotlight.Core, for example.
Apps Collecting Data Despite Denied Permissions
It’s commonplace for mobile apps makers to want all the data they can get from you – it helps them tailor their products and optimize them. In most cases, users will deny permission for the app to access their data. Unfortunately, it was recently discovered that over 1,300 Android apps are still collecting data despite the denied permission. Researchers found that although not given direct access to data, these apps were still able to gather information from things like metadata stored in internet connections and photos. Shutterfly, a photo editing app, has been extracting GPS coordinates from photos that users loaded into their system – even though it did not have location permissions in place. This also means that any third-party services within these apps can access the wrongfully gained data too. To avoid anything similar happening to you, it is recommended that you turn off location services on your devices, turn off all permissions currently active, and uninstall unused apps.
Leaked Recordings from Google Assistant Devices
Belgian news station VRT NWS received recordings from Google Assistant devices via a subcontractor for Google. These devices range from smart speakers to Android devices and Chromebook computers. When prompted by the command “Hey Google”, or other programmed phrases, the device is supposed to record the command it receives. It is not, however, supposed to record private conversations. In the recordings received by VRT, the command “OK Google” or another trigger phrase was never given, the device simply started recording. According to VRT, these included bedroom conversations, communication between parents and children, and professional business calls that contained sensitive information. Google stated that they were aware of the incident and are investigating it further to ensure it doesn’t happen again. In the meantime, there is an option to disable the saving of this voice activity on Google’s activity controls site.
NAS Devices in Danger of New Ransomware
Linux-based Network Attached Storage devices are being targeted by a new ransomware. NAS devices are used mostly in homes and small businesses and are great for storing data to be shared among multiple computers. The new ransomware, known as “QNAPCrypt” and “eCh0raix”, has been found encrypting files with AES encryption and appending an .encrypt extension to each of them. Once the attackers find a vulnerable NAS device, they demand their ransom in the form of Bitcoin, in exchange for giving the victim their data back unencrypted. For users of NAS devices, it’s important to ensure the device is not connected directly to the internet, and that automatic updates are enabled to ensure the highest level of security for your data. It is also crucial to create strong passwords for any devices, but especially for a NAS, as it stores large amounts of data. Also frequently backup NAS data, in case of an attack such as this one.