Cybersecurity Blog

Twitter asking users to change their passwords – 05/04/18

 

Why is twitter asking all its users to change their passwords? They discovered that login credentials were being stored unmasked in an internal log.  This means anyone at the company who opened this log could see users’ passwords and usernames. A HUGE no no.  The good news is, they have no evidence that suggests any passwords or account information have been stolen.  Now this doesn’t mean that some Twitter systems analyst hasn’t taken down your credentials to use at a later date, it just means they don’t think it has happened.

While this is a huge embarrassment for Twitter, for most of its users it will likely be nothing more than a lesson on the importance of having two step verification enabled.  Those lucky ones who reuse passwords will also be reminded why it is better not to as they scramble to remember all the accounts that use the newly exposed password.

Fake software updates installing malware – 04/19/18

 

Legitimate websites are being infiltrated by hackers who inject malware that looks like a software update into the site’s code.  The malware detects which browser you are using and displays an authentic looking update notification that matches.  The malware is very stealthy as it only displays the fake update notification once.  This has allowed it to avoid detection until now even though researchers believe it has been in place since at least December 2017.

How do you know the difference between a legitimate update notification or malware disguised as one? You don’t.  The criminals are getting just that good. If you receive a notification that an application or browser needs updating:

  1. Close your application/browser.
  2. Reopen the application/browser.
  3. Go to your application/browser settings.
  4. Locate and select the Update command.

Note that the Update command is sometimes found with the About this application information instead of with the settings. Updating the application or browser within the application itself  is the only safe way to ensure your application or browser is up to date.

 

Your ad-blocker Chrome extension may be malware – 04/19/18

Adguard has found 5 very popular ad-blocker Chrome extensions in the Google Webstore which contain malware that allows a criminal to take control of your browser.

  • AdRemover for Google Chrome
  • uBlock Plus
  • Adblock Pro
  • HD for YouTube
  • Webutation

Google has removed the extensions. However if you have installed one of them:

  1. Uninstall it immediately.
  2. Change the passwords on all your accounts.
  3. Keep an eye on your bank accounts and credit card statements.

The malware these extensions contain work in the background making detection very difficult. As far as the user is concerned the extension is what it appears to be. For this reason millions of unsuspecting users downloaded them onto their machines.

How do you protect yourself from malignant browser extensions? Don’t download them.  If you really, really need the extension make sure you know who the developer is. Stick to well known trusted developers that you recognize.

Why you should worry about cryptocurrency mining – 01/26/18

First things first, what is cryptocurrency? Cryptocurrency is digital currency. The most known is Bitcoin, however others are popping up such as Monero.  How do they work? Well, I found a nifty little video that tells you the basics. It refers to bitcoin but the premise applies to all cryptocurrencies.

Neat huh?  Notice the part where they say it takes lots of computing power and lots of electricity to mine? This is where things get interesting. Criminals have figured out that if they use the computing power of other machines, they can mine more cryptocurrency faster without having to invest in all the computing power or electricity themselves.

Why should you be concerned? More and more malware is mining cryptocurrency. The malware is often hidden on legitimate websites, applications or browser extensions.  Why is this a problem? After all it is just using the processing power of my computer, its not actually doing any real harm is it? Well, no and yes. No it isn’t doing anything malicious like encrypting your hard drive or stealing your data. However, it is wearing out your machine and slowing it down. The more clever mining malware waits until you aren’t actually using your machine to mine. This reduces the chance you will notice that it is actually there, but still wears out the processor, eats up bandwidth and increases your electricity bill. Less clever creations, slow your computer down to a noticeable crawl.

Having millions of other peoples computers mining cryptocurrency for you can be quite lucrative. So much so that some websites have turned from using adware to generate revenue to asking users to lend their computing power. This is just fine if the user knows it happens and consents. It is another thing entirely when its done behind the scenes. Finding out your machine is being used for mining after the fact tends to leave you feeling like you need to take a shower. Its just not nice.

So what can you do about it? First of all, if your workstation seems slow contact the Service Desk. If it is your home machine, check the CPU processes to see if you have any spikes in usage.  How do you prevent the mining in the first place?  The mining software is considered to be malware, so the regular security measures that you take to protect yourself from malware will protect you from crypto mining. Make sure you:

  • Use an Ad blocker
  • Stay away from shady websites
  • Only download software from reputable sites with good reviews
  • Beware of browser extensions

Have a music player app on your Android phone? It may be secretly running malware. – 11/16/17

Yes, it has happened again, apps have been found in Google Play loaded with malware. Google has removed 144 different music playing apps from Google Play that contain a new form of malware called Grabos.  What makes this malware so devious is it monitors your phone activity and switches its function based on whether you are using the infected app or not.  So, when you are paying attention the infected app acts as advertised, letting you download music for free. When you aren’t using the infected app, it sends information about your device, its specs, its location and the apps that are installed on it to the hacker’s server.  This information is then used to create targeted notifications that prompt you to download and install additional malware loaded apps which are then opened without your consent.

To make sure as many people as possible are infected, the infected app constantly prompts you to rate it and offers you faster download speeds if you share it with friends.

Because of the prompts to rate these infected apps and their covert nature, many of them have a very high rating on Google Play. The most popular one, with over one million downloads, is called Aristotle Music Audio Player 2017. For a complete list of infected apps, check out McAfee’s blog post.

If one of these is on your phone, uninstall it and then check to make sure all the apps installed on your phone are apps that you installed and were not installed by the malware. It would also be a good idea to change the passwords on all your accounts that you can access from your phone.

Although these apps have been removed from Google Play, they can still be found and downloaded from other locations on the Internet. Reduce your risk, only download apps from reputable sources with good reviews.