At a glance.
- Black market doing a brisk trade in compromised Zoom credentials.
- Malvertising campaign spoofs security company site.
- Mobile data breach reported in Pakistan.
- xHelper affects 55,000 devices.
- Medical devices potential targets of hackers.
Compromised Zoom credentials for sale.
The underground souks are seeing a brisk trade in compromised Zoom credentials. Threatpost reports that thousands of them are being actively sold in the black market. The stolen credentials appear to come from various sources, and not from any single breach, nor even from any small set of breaches or data exposures.
Malvertising distributes the Raccoon information stealer.
A malicious domain, hosted in Russia and apparently controlled by criminals, is spoofing a Malwarebytes site in a malvertising campaign designed to infect visitors to the bogus site with the Raccoon information stealer. SC Magazine quotes Malwarebytes' suspicions that the campaign is at least in part criminal payback for the company's efforts against cybercrime. The malvertising is thought to appear to a significant extent on adult websites, not venues in which Malwarebytes would normally be expected to place ads.
Raccoon is installed by the Fallout exploit kit, Threatpost reports, and it finds "credit card information, cryptocurrency wallets, passwords, emails, cookies, system information and data from popular browsers (including saved credit-card info, URLs, usernames and passwords)" which it reports back to its controllers.
Report: data breach affects Pakistani mobile users.
According to Business Recorder the personal information of some 115 million Pakistani mobile users is for sale in the dark web. The criminals are asking $2.1 million for the data, which include full names, addresses, mobile numbers, NIC numbers, and Tax numbers. “Database is freshly hacked this week," the hoods are quoted as saying in their come-on.
xHelper Trojan spreads to more than 55 thousand devices worldwide.
Kaspersky has been warning of the xHelper Trojan, a persistent strain of Android malware that Dark Reading and others have been calling "unkillable." More than 55 thousand devices worldwide are believed to have been infected so far. xHelper typically achieves root access and persists even through factory resets. The malware collects and reports device information that appears particularly well adapted to use in targeted (and unwelcome) advertising campaigns.
Medical devices may become targets of opportunity during the pandemic.
One of the security problems the COVID-19 pandemic presents is the sheer volume of noise it introduces, especially for healthcare organizations already stretched by high volumes of demand for medical services. Under such conditions, MedTechDive reports, medical devices themselves might become attractive targets for attack. They share in some of the laggard security that one sees in the Internet-of-things generally, and as targets of opportunity they'll prove irresistible to some criminal hackers whose consciences impose few restraints on their behavior.