WhatsApp users, watch what you click on! A currently circulating fraudulent spam campaign is brand-jacking WhatsApp in an attempt to trick its users into clicking on links found in the email. Once socially engineered users fall victim to the scam, they’re automatically exposed to a fraudulent pharmaceutical site, offering them pseudo bargain deals. Let’s assess the fraudulent campaign, and expose the fraudulent infrastructure supporting it.
In the latest ThreatVlog from Webroot, threat researcher Marcus Moreno discusses the top threats that affected the vyber world in 2013. From breaches to crypto-locks, we have seen some very malicious code run around out there, but these three take the cake.
In need of a fresh example that malicious and fraudulent adversaries continue professionalizing, and standardizing demanded cybercrime-friendly products and services, all for the sake of monetizing their experience and expertise in the profitable world of cybercrime? Publicly launched around the middle of 2013, a product/training course targeting novice cybercriminals is offering them a manual, recommendations for open source/free software, as well as access to a private forum set up for customers only, enlightening them to everything a cybercriminals needs to know in order to stay secure and anonymous online. The standardized OPSEC offering is targeting novice cybercriminals, and also has […]
In a series of blog posts throughout 2013, we emphasized on the lowering of the entry barriers into the world of cybercrime, largely made possible by the rise of managed services, the re-emergence of the DIY (do-it-yourself) trend, and the development of niche market segments, like the practice of setting up and offering bulletproof hosting for a novice cybercriminal’s botnet generating platform. The proliferation of these easy to use, once only found in the arsenal of tools of the sophisticated cybercriminals, tools, is the direct result of cybercrime ecosystem leaks, cracked/pirated versions, or a community-centered approach applied by their authors, […]
The most recent and interesting threats we see are more or less “evolved” forms of previous threats, including those originating from the PC side. People have been “spoofing” parts of apps, such as code, appearance, or digital certificates, since Android malware first started appearing. The MasterKey exploit was a whole new way to modify the app without even having to spoof anything (since this was the exploit which allowed applications to be changed without invalidating the existing digital signature). It’s also very interesting to see how threats like Zitmo or RAT-type apps seem to get better and better at mirroring […]
Next to the ubiquitous for the cybercrime ecosystem, traffic acquisition tactics such as, blackhat SEO (search engine optimization), malvertising, embedded/injected redirectors/doorways on legitimate Web sites, establishing purely malicious infrastructure, and social engineering driven spam campaigns, cybercriminals are also masters of utilizing social media for the purpose of attracting traffic to their fraudulent/malicious campaigns. From the efficient abuse of Craigslist, the systematic generation of rogue/bogus/fake Instagram, YouTube, and email accounts, the process of automatic account generation continues to take place, driving a cybercriminal’s fraudulent business model, naturally, setting up the foundations for upcoming malicious campaigns that could materialize at any point […]
With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays. This process, largely made possible by the massively undermined CAPTCHA bot vs human verification practice, results in automatically registered accounts, or the persistent data mining of malware-infected hosts for accounting data for social media accounts, continues to scale, allowing both individuals and organizations to […]
Ever since we exposed and profiled the evasive, multi-hop, mass iframe campaign that affected thousands of Web sites in November, we continued to monitor it, believing that the cybercriminal(s) behind it, would continue operating it, basically switching to new infrastructure once the one exposed in the post got logically blacklisted, thereby undermining the impact of the campaign internationally. Not surprisingly, we were right. The campaign is not only still proliferating, but the adversaries behind it have also (logically) switched the actual hosting infrastructure. Let’s dissect the currently active malicious iframe campaign that continues to serving a cocktail of (patched) client-side […]
The basics The Ransomware known as Cryptolocker has been prominent in the media lately, and one that we’re asked about often. Ransomware in general is nothing new, we have been seeing ransomware that hijacked your desktop wallpaper demanding payment for several years now, but while the older ransomware was rather easily removed, Cryptolocker has taken ransomware to a new level. What Cryptolocker does is encrypt files (primarily document files but also image files and other file types) on your computer and any network drives that computer has access to using a very strong encryption method and then demands payment with […]
In this edition of the Webroot ThreatVlog, Grayson Milbourne talks about the threats that exist online in the holiday shopping craze. As more and more money is spent online, criminals are becoming more skilled at stealing all sorts of personal information, from credit card numbers to identifying credentials. As with all shopping, common sense is necessary, and with the tips and tricks provided, you will be even more protected while finding that perfect gift online.