Reading Time: ~2 min.
Malicious Apps Get Millions of Installs
Google recently removed 85 apps from the Play Store after
they were found to contain predatory
adware. With over nine million combined downloads, the apps were
mostly fake games or utility apps that began pushing a constant stream of full-screen
ads to users until the app itself crashed. More worrisome, while nearly all the
apps shared similar code, they were mostly uploaded from different developer
accounts and used different digital certificates to minimize detection.
Tuition Scam Targets UK College
Several parents of students attending St.
Lawrence College in the UK fell victim to an email scam over the
holidays that requested early tuition payment at a discounted rate for the
upcoming terms. While security measures surrounding parental information have
since been improved, at least two separate families confirmed they sent
undisclosed amounts of money to the scammers. Though these types of attacks target
large audiences, it takes only a small number of successful attempts to make
the campaign profitable.
Australian EWN System Hacked
With the help of a strong detection
system, a brief hack of the Australian Early Warning Network (EWN)
was quickly shutdown. Some of the messages contained warnings about the
security of the EWN and listed several links that the user could navigate
through. Fortunately, staff were quick to notice the severity of what was
occurring and acted to prevent additional customers from being spammed.
Ransomware Uses Children’s Charity as Cover
first came to light, it included a ransom note masquerading as a request for a
“donation” to a children’s charity. It has since returned, but now includes
actual information from crowdfunding sites attempting to help sick children and
using their stories to guilt victims into paying a ransom. Even worse, as
victims navigate the payment process, the ransomware continues to urge them on
with promises that the sick child will know their name for the aid they
Exploit Broker Raises Bounties for New Year
Following the New Year, a known exploit
broker, Zerodium, announced they would be effectively doubling all
bounty payouts for zero-day exploits. While lower-end Windows exploits will net
a researcher $80,000, some Android and iOS zero-days will pay out up to $2
million. Unfortunately for many working on the lawful side, nearly all the
exploits obtained by Zerodium will be privately sold, rather than used for
patching or improving security.