Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
DarkGate hackers use Skype to distribute malware, PC gaming service Shadow PC hit by data breach and FBI warns of AvosLocker ransomware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. DarkGate hackers use compromised Skype accounts to infect targets with malware
Trend Micro recently revealed that, from July to September, DarkGate threat actors used compromised Skype accounts to send malicious payloads. They utilized existing chat histories to craft deceptive file names, making their malicious intent harder to detect. The group's overarching goal was to secure full system access and introduce threats such as ransomware and cryptomining. This surge in activity "underscores the growing influence of this malware-as-a-service (MaaS) operation within the cybercriminal sphere," Bleeping Computer reported.
2. PC gaming giant Shadow suffers data breach exposing customer info
French tech firm Shadow recently suffered a data breach that compromised customer details. As confirmed by its CEO Eric Sèle, the hack stemmed from a sophisticated social engineering attack initiated on Discord and involved malware disguised as a game on Steam. Despite quick action, hackers tapped into a SaaS provider's interface, accessing names, emails, birthdates, billing details and card expiry dates of over 530,000 users. While Shadow has bolstered security measures, they urge customers to use multi-factor authentication and scrutinize emails closely.
3. Hackers still using LinkedIn smart links to conduct phishing attacks
Email security firm Cofense recently uncovered a phishing campaign that uses LinkedIn's smart links to target Microsoft users. Hackers sent over 800 phishing emails containing 80 unique smart links to professionals across multiple industries. The primary targets include employees from the financial and manufacturing sectors, although other industries have also been affected. Cofense suggests that the campaign's broad reach implies a general intent to gather as many credentials as possible rather than targeting a specific organization or sector.
4. Feds warn of growing AvosLocker ransomware campaign targeting critical infrastructure
The U.S. Cybersecurity Infrastructure and Security Agency (CISA) and FBI recently cautioned against AvosLocker, a ransomware-as-a-service operation that has been increasingly targeting the country's vital industries. AvosLocker's broad targeting includes various operating systems and relies heavily on genuine and open-source tools for hacking. Following system compromise, the group both encrypts and offloads data for further extortion. With ransomware attacks escalating, CISA advises critical service providers to employ cybersecurity best practices like network division and multifactor authentication.
5. Researchers discover backdoor disguised as WordPress Caching plugin
Defiant analysts recently spotted deceptive malware posing as a WordPress caching plugin. Equipped with features like rogue user creation and content alteration, it jeopardizes website SEO and user safety. Unsuspecting users may be redirected to rouge websites, where hackers have bots for spoofing their personal information. Defiant has swiftly responded by introducing tools to detect and combat this threat.
See Infosec IQ in action