Cybercriminals use Botnets to Launch Attacks on Social Media
According to a new report, more than half of all login attempts on social media sites are fraudulent, and at least 1 in 4 new account creation attempts are also fraudulent. With the sheer number of potential victims these types of sites provide attackers, these strategies are proving to be more and more lucrative. Even more worrisome: at least 10% of all digital handshakes from online purchases to new accounts being created are being made by malicious actors.
xHelper Trojan Infects Thousands of Android Devices
A new Trojan has infected over 30,000 devices in a very short time. By disguising itself as a JAR archive, the dropper is able to move quickly through a system, rather than being installed within a bundle as a standard APK. At least two variants of the Trojan have been spotted, one running extremely silently on infected devices while the other does less to hide itself, creating an actual xHelper icon and pushing an increasing number of notifications to the device.
Malicious PDF Scanner App
Researchers recently notified Google of a Trojanized CamScanner app that has been downloaded over 100 million times. The app itself is used to download and launch a malicious payload, after making contact with the attacker’s servers. Fortunately, Google is quick to act when they receive these types of reports, and has already removed the app from the Play Store. This app follows in a long line of high-install malicious apps to hit the Google™ Play Store in the last couple months.
Cable Companies Delay Robocall-Detection Implementation
Following the FCC decision to push out a technology that would allow all telecom companies to implement detections for the excessive number of robo-calls their customers receive every year. Unfortunately, the FCC never made an official deadline, so the lobby groups for the cable companies have been pushing for further delays. Hopefully, more telecom companies will get behind this technology and start helping their customers avoid this kind of harassment.
Hosting Provider Data Breach
A data breach was recently revealed by Hostinger, a hosting provider, which could affect their entire 14-million-strong customer base. Within the last week, the company identified unauthorized access to one of their servers, which contained sensitive customer information. Fortunately, Hostinger resolved the vulnerability quickly and pushed out a mandatory password reset to all affected users.