Reading Time: ~2 min.

Fake Apex Legends App Spreads Malware

As the popularity of the latest free-to-play battle royale pushes ever higher, malicious Apex Legends apps have been spotted in the Google Play store with upwards of 100,000 downloads. The fake apps typically offer free in-game currency, or free downloads for an already free game, while installing malware onto devices and directing users to enter phishing domains to further compromise themselves.  

Cryptocurrency Wallet Bug Checks User Passwords with Spellchecker

A new bug has been found within the Coinomi cryptocurrency wallet app that quietly submits each user password to Google’s spellchecker without encryption, leaving user accounts vulnerable to attacks if someone is monitoring the web traffic of the application. The bug was discovered by a researcher who noticed that a majority of his funds had gone missing from his Coinomi-stored cryptocurrencies, leading him to investigate the app more extensively. 

Bangladeshi Embassy Site Compromised

Researchers have found that the web site for the Bangladesh Embassy in Cairo has been compromised and was pushing malicious word document downloads to any user who visited the site. Once the download is confirmed, it installs to an innocuous location within ProgramData and begins attempting to contact the command & control server to pull down additional malware. It’s likely that this issue is linked to an earlier attack on the site that left a cryptominer operating for several days and is affecting users who accessed the site during that time. 

Botnet Controls Browsers Even After Being Closed

A new type of cyber attack has been found that uses normal JavaScript and HTML5 functionality to take control of a user’s browser for a number of malicious activities and can even continue operating and commandeering resources after the browser or website has closed. Through these normal capabilities, this type of attack could affect both desktop and mobile browsers and, due to its nature, can be exceedingly persistent on the system once active. 

Multi-OS Ransomware Demands High Payment

The latest ransomware variant to make its rounds, Borontok, has already been spotted encrypting Linux servers and commercial websites, leaving a .rontok extension at the end of the filename. To make matters worse, the demanded ransom payment is 20 Bitcoins, or roughly $75,000, and gives directions to an actual payment site, though it does later offer the user a chance to negotiate for a lower payment. 

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Facebook Comments
Share This