There’s rarely a quiet day in the nefarious world of cyber skulduggery and recent revelations illustrate just how technically adept many cyber villains are and how dangerous ransomware is and will continue to be.

Malware ropes in Chrome browser and Facebook Messenger

Hackers are by definition a cunning breed. One of the latest tricks recently discovered are malicious extensions to the Chrome browser which propagates via Facebook Messenger.

Facebook Messenger is a very popular tool so this scam could potentially reach a very large audience.
Recipients were receiving a message that directed them to a fake YouTube page. In order to watch the video they were asked to install a codec extension. This in theory allowed the users to decode the video in Chrome in order to watch it.

However, the codec extension was in fact malware. So what was its purpose we hear you ask?

If the malware detected that the user was accessing any of the 52 cryptocurrency trading platforms currently in existence or if the user keyed in keywords such as ‘blockchain,’ or ‘ethereum’ in the URL, it redirected the victim to a fake webpage.

The scam enticed users to send a small amount of cryptocurrency to the attacker’s wallet address for verification purposes and as a hook promised to send back a higher amount of cryptocurrency.

Of course the scammers didn’t do this; rather they just headed for the digital hills with a sack full of scammed cryptocurrency.

Well, that’s the theory. While the malware surfaced in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain it’s difficult to say how much has actually been stolen. It’s a technically clever scam and illustrates just how far cyber villains will go to pillage and plunder.

By the way, Google has removed the malicious Chrome plug-ins.

Beware Spartacus

A new type of ransomware has been discovered. While there’s nothing new in this, new strains of ransomware pop up all the time, it appears this one has taken a back to basics approach in that it is not at all sophisticated.
At least this is what security researchers who have analysed its code, are saying. Researchers do get excited about this sort of thing after all it is their job. But to ordinary folks this relatively new strain, dubbed Spartacus, is still deadly dangerous.

Technically, Spartacus is a bit unusual in that it is offline as there are no communications back to the author. Typically ransomware will send messages back to a server letting its creators know how many computers have been infected.

But with Spartacus the ransomware author does not know who he has infected until they email him offering to pay the ransom in return for the decryption key.

Just watch out for those phishing mails and malicious website links.

Hundreds of websites hacked to steal visitors processing power

Drupal is a relatively popular content management system. It's used to make many of the websites and applications used every day. Its creators say that what set it apart is its flexibility so users can build versatile, structured content for dynamic web experiences.

However, there’s also something else that sets it apart. A recently discovered vulnerability allows an anonymous user to execute code remotely without authentication. Known as ‘Drupalgeddon2’ hackers have already begun exploiting the flaw even though a patch was issued over six weeks ago.
  • Although many Drupal sites patched the critical flaw in March, many vulnerable sites have been slow to install the fix. The lapse touched off an arms race among malicious hackers over three weeks ago. 
  • The flaw has been used to convert more than 400 government, corporate, and university websites into cryptocurrency mining platforms that secretly drain visitors' computers of processing power. 
  • The US had the largest concentration of hacked sites, with at least 123, followed by France, Canada, Germany, and the Russian Federation, with 26, 19, 18 and 17, respectively. 
  • The malware code caused visitors' computers to dedicate 80 percent of their CPU resources to mining the digital coin known as Monero with no notice or permission.

Besides using the flaw perform drive-by cryptocurrency mining on visitors' computers, the hackers are also installing malware that can carry out denial-of-service attacks on other sites.

Ransomware with a bug

GandCrab is a new ransomware family and instances of it are growing.  It is distributed via email spam and targets Windows 7, Windows 8.1 and Windows 10 operating systems among others.

However an anomaly has been discovered in it which stops Windows 7 users’ from using their computers.
Like many types of ransomware GandCrab changes its victim’s desktop wallpapers to display a ransom note.
However in Windows 7 this feature has a bug in it.

After the ransomware has encrypted the victim’s files, it forces the system to reboot. For a ‘buggy’ reason the rebooting gets stuck so an infected user does not have the Windows interface to interact with.

Only the ransom note wallpaper and TOR Browser download site can be seen by the user.

It’s bad enough being infected by ransomware but to also lose the use of your computer is like the final nail in the coffin.

GandCrab is being distributed through phishing emails so as a general rule any unexpected emails with attachments should be verified for authenticity before opening or downloading a document.

And as always, create backups for your important files.

That said BullGuard protection keeps you safe from all types of ransomware including Gandcrab.