Hacker Tracker | July in Review

PK Tech Blog Image 7

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats to your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest cybersecurity hacks, breaches, and updates…

New Android malware apps installed 10 million times from Google Play | 7.26.22

  • A new batch of malicious Android apps filled with adware and malware was found on the Google Play Store and installed close to 10 million times on mobile devices.
  • The apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. However, their underlying functionality is to push intrusive ads, subscribe users to premium services, and steal victims’ social media accounts.
  • Upon installation, the apps request permission to overlay windows over any app. They can add themselves to the battery saver’s exclusion list to continue running in the background when the victim closes the app.
  • View the Source

#2- Cyberspies use Google Chrome extension to steal emails undetected | 7.28.22

  • A North Korean-backed threat group tracked as Kimsuky uses a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail.
  • The extension can steal mail from Gmail and AOL accounts.
  • The attackers install the malicious extension after compromising a target’s system using a custom VBS script by replacing the ‘Preferences’ and ‘Secure Preferences’ files with ones downloaded from the malware’s command-and-control server.
  • By taking advantage of the target’s already-logged-in session to steal emails, the attack remains undetected by the victim’s email provider, thus making detection very challenging if not impossible.
  • View the Source

#3- This phishing attack uses a countdown clock to panic you into handing over passwords | 7.29.22

  • A sneaky new phishing attack attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don’t – and it uses a countdown timer to pile on the pressure. 
  • This phishing attack begins with a message that claims to warn the recipient that an attempt to log in to their account from a location they haven’t used before has been blocked – and that they should click a link to verify their email address. 
  • This attack is different from others because it displays a countdown clock on the phishing site. The timer ticks down from an hour, claiming the user must enter their username and password to ‘validate’ their account before the countdown clock hits zero; otherwise, their account – and even those of others – will be deleted. 
  • View the Source

Lessons Learned

#1- If you installed any of the apps mentioned above before their removal from the Play Store, you will still need to uninstall them from your device manually and run an AV scan to clean any remnants. Mobile cybersecurity attacks are on the rise–from malware to text message phishing attempts; understand that the same precautions you take for computers must now be taken for mobile devices. 

#2- From the Google Chrome extension breaches, we learn the danger of this form of attack. Because this strategy takes advantage of the target’s already-logged-in session to steal emails, it’s nearly impossible for the victim’s email provider to detect the breach. The best form of protection is to ensure you are up to date on all security updates for extensions such as Google Chrome and any other software you are running on your computer.

#3- While all ransomware attacks, to some degree, are based on fear, this latest countdown attack depends on putting the fear tactic directly to the individual victim versus the organization at large. Using the time-affected panic tactic is an interesting play on human nature. Even though the warning isn’t real and if the countdown timer reaches zero, nothing will be deleted–the notion of fear causes victims to panic and comply. Remember: in nearly all cases, there is always time to call your IT guy or managed IT company to find out how to proceed. 

Countdown method or not, phishing attacks are one of the most common methods cybercriminals use to steal usernames and passwords. Utilize multi-factor authentication to help protect accounts. This way, even if a cybercriminal gets your username or password, they won’t be able to gain entry to your account if MFA is employed.