Cyber Security Today, Sept. 21, 2022 – Browser malware spreading, Emotet botnet offers different ransomware, and more

Browser malware spreading, Emotet botnet offers different ransomware, and more.

Welcome to Cyber Security Today. It’s Wednesday, September 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

More malware is circulating that infects browsers, according to researchers at VMware and Microsoft. VMware says it’s seeing a new version of an infection it calls ChromeLoader. An earlier version just stole usernames and passwords from browsers. The latest version not only injects ads into browsers for click fraud it can also be used to spread different malware like ransomware. Often victims get infected by clicking on ads or files that promise pirated or cracked versions of games or software.

Microsoft said victims of the malware it’s seeing get hit when they click on a malicious ad or a link in a YouTube comment. IT security teams should warn employees about the risks of clicking on and downloading files from sources promising free or cracked versions of games and software. IT departments and individuals should always make sure the latest security updates for browsers are installed. The use of a good antivirus or anti-malware solution is also vital.

American Airlines has acknowledged suffering a data breach in July. The Bleeping Computer news service says the airline has begun notifying customers that attackers may have copied the personal information of employees and passengers. That includes their names, mailing addresses, email addresses, phone numbers, driver’s licence numbers, passport numbers and possibly some medical information. The airline said a “very small number” of victims were involved. It said the data came from the email accounts of several staff who were compromised after being sent a phishing message.

The Emotet botnet is now being used to spread the Quantum and BlackCat strains of ransomware. Researchers at Advanced Intelligence said the botnet used to specialize in the Conti strain of the malware. But after that gang dissolved in June those behind the botnet have found new ransomware to distribute. Typically threat actors will create a phishing email package to send to victims. Those who click on the attachment first get infected with a Cobalt Strike beacon, which leads to the takeover of an IT network. From there the attacker uploads ransomware.

In separate news, Bitdefender, Europol and the NoMoreRansom Project announced that a free decryptor for the LockerGoga strain of ransomware is now available. You know you’ve been hit by this strain if the encrypted files have the extension “.locked”. The alleged operator of this strain has been detained pending a trial.

Finally, researchers at NordVPN have been looking into the popularity of Google searches that include the word “hack.” Almost two million searches from 50 countries were analyzed. Fifty per cent of Canadians using that term were looking for “how to hack” Facebook, Instagram or WhatsApp. Other popular searches were how to hack Wi-Fi, Snapchat and Gmail. It isn’t known who’s doing the searching or why. Are there lots of people who want to break into the apps of other people? Are these searches from people looking for ways to protect themselves from being hacked? Are there millions more crooks out there than we suspect? Lots of unanswered questions.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Cyber Security Today Podcast