Reading Time: ~ 2 min.
Cybercriminals use Botnets to Launch Attacks on Social Media
According to a new report, more than half of all login attempts on social media sites are fraudulent, and at least 1 in 4 new account creation attempts are also fraudulent. With the sheer number of potential victims these types of sites provide attackers, these strategies are proving to be more and more lucrative. Even more worrisome: at least 10% of all digital handshakes from online purchases to new accounts being created are being made by malicious actors.
xHelper Trojan Infects Thousands of Android Devices
A new Trojan
has infected over 30,000 devices in a very short time. By disguising itself as a
JAR archive, the dropper is able to move quickly through a system, rather than
being installed within a bundle as a standard APK. At least two variants of the
Trojan have been spotted, one running extremely silently on infected devices
while the other does less to hide itself, creating an actual xHelper icon and
pushing an increasing number of notifications to the device.
Malicious PDF Scanner App
Researchers recently notified Google of a Trojanized CamScanner
app that has been downloaded over 100 million times. The app itself is used to
download and launch a malicious payload, after making contact with the
attacker’s servers. Fortunately, Google is quick to act when they receive these
types of reports, and has already removed the app from the Play Store. This app
follows in a long line of high-install malicious apps to hit the Google Play Store
in the last couple months.
Cable Companies Delay Robocall-Detection Implementation
Following the FCC decision to push out a technology
that would allow all telecom companies to implement detections for the excessive
number of robo-calls their customers receive every year. Unfortunately, the FCC
never made an official deadline, so the lobby groups for the cable companies
have been pushing for further delays. Hopefully, more telecom companies will
get behind this technology and start helping their customers avoid this kind of
Hosting Provider Data Breach
A data breach was recently revealed by Hostinger,
a hosting provider, which could affect their entire 14-million-strong customer
base. Within the last week, the company identified unauthorized access to one
of their servers, which contained sensitive customer information. Fortunately,
Hostinger resolved the vulnerability quickly and pushed out a mandatory
password reset to all affected users.