At a glance.
- Malware attack lures victims with fake Google Chrome error message.
- Bitmarck takes systems offline after cyberattack.
Malware attack lures victims with fake Google Chrome error message.
Trend Micro News warns of a new malware campaign that turns victims' computers into cryptominers. First detected in February 2023, the attack is launched when a user visits a legitimate website that has been compromised with malicious code. The infected sites include adult websites, blogs, news platforms, and online stores. Upon arriving at the site, the target is presented with a fake Google Chrome error message prompting them to download an update to fix a (non-existent) security issue. Of course, the “update” is actually a ZIP file containing a Monero miner, which hijacks the victim’s machine’s processing power and uses it to mine cryptocurrency for the hackers. What’s worse, the malware has the potential to steal sensitive data like login credentials and financial info from the compromised computer. The malware is also capable of interfering with system settings, including security solutions, making the victim’s machine vulnerable to future attacks. To prevent falling prey to the campaign, it’s recommended that users be wary of downloading anything from an unknown source and keep all software up-to-date.
Bitmarck takes systems offline after cyberattack.
Over the weekend German software company Bitmarck disclosed it had suffered a cyberattack last month and as a result was forced to shut down its customer and internal systems. One of the largest IT service providers for Germany’s statutory health insurance system, Bitmarck has not shared the nature of the attack or the identity of the hackers. A message on the company’s temporary website says there is no evidence of data theft and notes that patient data are stored in a secure system. The Record notes that an investigation is currently underway. Meanwhile, individuals and organizations will not be able to access Bitmarck’s services, which include pharmacy support and providing electronic sickness certificates used to process employee leave compensation. The company stated, “We very much regret the inconvenience caused to our customers, service providers and insured persons and are working to restore the systems as quickly as possible,” adding that disruptions were likely to continue “for the foreseeable future.” This is Bitmarck’s second recent cyberincident, as in January an attack led to the theft of data belonging to over 300,000 insurance policy holders. It’s worth noting that, much like this new attack, the company initially claimed that no policyholder data had been exposed.