18 February 19, 09:56
(This post was last modified: 18 February 19, 09:57 by harlan4096.)
Quote:
Windows malware attacks Macs, a strange phishing scam arises, 617M stolen accounts are for sale, and Trump wants more AI.
Phishing scam has fishy URLs
There’s a phishing campaign afoot that tries scamming users into believing their email accounts have been compromised. The phishing email claims multiple verification errors have caused the users’ accounts to be blacklisted and the only fix is an immediate login with the proper credentials. The email provides a link that reads CONFIRM YOUR EMAIL, and when users click on it, they are taken to a fake login page based on their particular email service. If they enter their credentials, the info is sent back to the malware’s C&C (command-and-control server).
A twist to this otherwise-typical phishing campaign is that the emails include URLs ranging from 400 to almost 1,000 characters long. Experts don’t yet understand the reason to include such a long URL, venturing early guesses that perhaps it is to deliberately add confusion or perhaps hide info within the long URL string. In any event, be wary of any email you receive claiming your account has been blacklisted.
Windows malware meant for Macs
In a move that circumvents the macOS Gatekeeper protocol, a series of malicious executables are making their way onto the machines of Mac users who install cracked software. Using the open source Mono framework, the threat actors created info stealers and adware for Macs, but as Windows EXE binaries. A set of these malicious files have been found bundled with cracked software distributed on torrent websites. When users download the pirated software, the malware gets around Gatekeeper thanks to its Windows status. Not recognizing the file as native to Mac, Gatekeeper does not check the file’s notarization status or Developer ID signature.
So far, the planted malware in the bundles triggers a payload of ads and steals all hardware and software information on that particular machine, sending the info back to its C&C. While the damage is relatively minimal with this malware, threat actors could create Windows EXE binaries for more harmful cyberattacks, including ransomware. As always, all users are strongly advised to stay away from cracked software.