“Faceliker” Facebook Trojan Making Comeback

“Faceliker” is malware that has been around for a few years, but recently in 2017 McAfee is reporting surges in the use of Faceliker (9.8% of all new malware in Q1/Q2 are Faceliker strains). Faceliker uses JavaScript to basically hijack the users’ clicks and generates likes on Facebook. The malware is becoming increasingly common to be embedded within malicious Chrome extensions.

Why would someone want to hijack clicks from users? Well, it seems as though Faceliker is being used to promote “fake news” (*cough* propaganda), and is also used to promote advertisements and games that aren’t popular, but seem popular due to the likes accumulated by Faceliker. It also can promote fake pages of companies or users in order to make them seem real or reputable, and possibly result in possible catfishing.

McAfee is not certain, but it appears that Faceliker is only being used to promote content by spoofing likes. It is possible different Faceliker strains are being used to steal passwords or other sensitive data, but there isn’t a clear cut answer.

-Ryan Corrao

https://www.komando.com/happening-now/422202/watch-out-facebook-hijacking-malware-is-spreading

https://themerkle.com/faceliker-facebook-malware-makes-a-surprising-comeback/

Advertisements

The Hard Apple: Why It’s Difficult to Acquire Malware on a Mac

It always seems like there is a new virus, new malware, new adware, that happens to pop up on a computer running Windows. But why do we not here about this happening on a Mac? The answer is hidden under the operating system, tracing it to it’s roots, along with the attacker’s target audience.

Apple Mac computers are a Unix based operating system. Unix is normally a very secure operating system with their own built in features. Along with this, Apple has added its own type of security features along with this. One of these features is called Gatekeeper. Gatekeeper blocks any software than hasn’t been digitally signed and approved by Apple. A second feature  used by Mac’s is known as the act of Sandboxing. The process involves the checking of applications to confirm that they are only doing what they’re supposed to be doing. Sandboxing also isolates the applications from system components and other parts of the computer that do not have anything to do with the app’s initial designed purpose. The final security that is used by Apple is called FileVault2, which is a simple file management system that encrypts all of the files on the Mac computers. These embedded securities created by Apple help to create a more secure system for their users.

Normally, it would be thought that Mac users would be an easy group to target, but based on recent data, it is seen by most attackers that the amount of people present in the Apple community is not worth the overall effort of making a virus or malware that can be successful for passing through all of the Apple security obstacles. The reason why there are very limited viruses/malware for Mac devices, is because the attackers have a greater and easier target audience for Windows users.

Regardless of the very few amount of Mac related viruses and malware, there have still been instances of them occurring. In just 2017, there has been a 230% increase in Mac malware. An example of this is the OSX/Dok malware. OSX/Dok occurred in April 2017 and was a trojan that would hijack all incoming and outgoing traffic with the Mac computer. The trojan was signed with a valid certificate from Apple, meaning that the hackers could have used a legitimate developers account to initialize this attack. Another attack that took place in February of 2017 was called MacDownloader. This adware would display to a user as a free update for the Adobe Flash Player. When the installer ran, the program would prompt the user that there is adware on the Mac and would prompt for the system password. This would then begin the process of transmitting data (ie. usernames, passwords, etc.) to a remote server. The final example of successful Mac malware would be one called Safari-Get. Happening in November of 2016, this was a type of social engineering that involved sending out links through emails and the link either opening multiple iTunes windows, or multiple draft emails (just depending on the Mac operating system version). This would cause the system to freeze or cause a memory overload and force a shutdown.

Regardless of the lack of effort put forth by attackers towards Mac users, there still should be some safety concern for users. This can be made easily by updating applications and being careful when clicking links or even opening certain files.

-Ryan Keihm

Sources

Do Macs get viruses, and do Macs need antivirus software?

16 Apple Security Advances to Take Note of in 2016

Tesco bank hacked, hackers attempt money transfer from around 20,000 compromised accounts

imgres

Tesco banks has recently announced that it has seen “suspicious transactions” from around 40,000 accounts over the weekend, and this has led them to actually shut down their site while they look into it.  At the moment of writing it is not known how much (if any) money was taken from the 20,000 of the aforementioned 40,000 account where withdrawals were attempted.

This has been called a much more recent and unique attack since most of the time when a bank is hacked only the larger accounts are compromised, and the attackers don’t bother with smaller accounts, in order to avoid a better chance of getting caught.  This also means that a hacked bank doesn’t have to shut down their site to investigate it, though in this instance it was so widespread the bank itself had to briefly shut down.

Apparently it is suspected that intruders found their way in via either a bug that was introduced with a website update, or through some third party connected to Tesco, as the attack was clearly done to the website, and not the core computer systems that provide most of the heavy lifting for the bank’s systems.

-jes5746

Source: http://www.bbc.com/news/business-37891742

Canadian Point of Sale company data breech

     The point of sale company Lightspeed has suffered a data breech, the email above was posted on twitter by Australian security expert Troy Hunt which was sent by Lightspeed to its customers. The hackers had gained access to systems related to its retail offering. Lightspeed confirmed the attackers accessed a central database containing information on sales, products, and customers. The database included encrypted passwords, electronic signatures, and API keys. Eventhough the database was accessed by hackers Lightspeed said there was no evidence that information was stolen.

      The company said that passwords created after January of 2015 where the safest having been stored with advanced encryption technology. They also said that the system that the hackers had accessed did not hold any private information such as credit card numbers. The company has informed customers that a third party security firm had been hired to investigate and that it’s systems should be only accessible by authorized users.

http://www.securityweek.com/pos-vendor-lightspeed-suffers-data-breach

  • Gavin Millikan

Sophisticated spyware discovered after 5 years

          An advanced spyware has recently been discovered by researchers at Symantec and Kaspersky Lab. This spyware, called Remsec, has been active as far back as October 2011. Remsec is highly sophisticated and uses stealth techniques and encryption to avoid detection, something that it clearly does very well. Once deployed, Remsec opens a backdoor into the infected system, monitors network traffic, logs keystrokes, and has the ability to steal files. It also allows for custom modules to be deployed into the infected system.

Researchers have suggested that Remsec might be the work of a nation state due to its sophistication and have found IP addresses within the U.S. that may have a connection to it. The targets that have been discovered so far are in countries such as China, Russia, and Iran among others. According to researchers at Symantec, none of the currently known infections appear to be normal targets for APTs like this one, which brings up a lot of questions about who might be behind this, and what their goal is.

http://www.technewsworld.com/story/83811.html

http://www.computerweekly.com/news/450302128/Strider-cyber-attack-group-deploying-malware-for-espionage

-Michael Belle