Sextortion with a Twist: Spyware takes Webcam Pics of Users Watching Porn

SEXTORTION-BASED HACKING, WHICH hijacks a victim's webcam or blackmails them with nudes they're tricked or coerced into sharing, has long represented one of the most disturbing forms of cybercrime. Now one specimen of widely available spyware has turned that relatively manual crime into an automated feature, detecting when the user is browsing pornography on their PC, screenshotting it, and taking a candid photo of the victim through their webcam.

Researchers at security firm Proofpoint published their analysis of an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year. 

The malware, like all infostealers, is designed to infect a target's computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims' crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim's browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they're watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them. more

Government-Mandated Tax Software Contains Malware

U.S. and German investigative and intelligence agencies issued grave warnings in recent months that Chinese government-mandated tax software contains malware, which enables backdoor access into the applications that install it.

If the allegations are true, local units of foreign companies operating in China as well as global financial institutions will be exposed to the risk. more

New Malware Toolset Used for Industrial Espionage

Malware authors are using an advanced toolset for industrial espionage, warned researchers at cybersecurity firm Kaspersky.

...the tool uses “a variety of techniques to evade detection, including hosting its communications with the control server on public cloud services and hiding the main malicious module using steganography.”

...files are disguised to trick employers into downloading them. They contain names related to employees’ contact lists, technical documentation, and medical analysis results to trick employees as part of a common spear-phishing technique...

MontysThree is designed to specifically target Microsoft and Adobe Acrobat documents, Kaspersky said. The malware can enable attackers to capture screenshots and gather information about the victim’s network settings, hostname, etc. more

Security Management: Which Type of Employee Do You Inspire

Engineer admits he wiped 456 Cisco WebEx VMs after leaving the biz, derailed 16,000 Teams accounts.  

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. 

He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service... According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds. more

OR...

Earlier this week, the FBI arrested a 27-year-old Russian citizen for attempting to carry out a ransomware attack against a US company. It turns out that company was Tesla.

According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada. 

After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory...

The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US. more

Loyal employees can be worth more than you think. Treat them fairly. Make them feel a part of the security effort, and you will have a security army working for you. ~Kevin

AT&T Employees Took Bribes to Plant Malware

 One AT&T employee made $428,500.

AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the Department of Justice said yesterday...

The bribery scheme lasted from at least April 2012 until September 2017...

The two recruited AT&T employees by approaching them in private via telephone or Facebook messages. Employees who agreed, received lists of IMEI phone codes which they had to unlock for sums of money. more


Remember this survey from 2016? "One in five employees said they would sell their passwords."

The Point: Quarterly Technical Information Security Surveys mitigate this risk, and prove due diligence.

Pre-Installed Anti Malware Phone App Does More Harm Than Good

Researchers have discovered multiple vulnerabilities in a pre-installed app on phones made by one of the world’s biggest smartphone vendors that potentially impacted the privacy and security of more than 150 million Android users worldwide.

According to security researchers at Check Point Research, the vulnerabilities were found in an app pre-installed on smartphones made by Xiaomi, the biggest mobile phone manufacturer in China and India, and the fourth biggest by market share in the world.

The app in question was a self-proclaimed security app dubbed “Guard Provider,” which promised to protect Xiaomi users from malware.

Xiaomi said last year it had originally hoped to offer its smartphones and other hardware here in the States in 2019, though those efforts may have been delayed for PR reasons... more

Whew!

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

“Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

Smartphone Malware Up 400% in 2016

Mobile device malware infections reached an all-time high last year, according to a new Nokia Threat Intelligence Report, released Monday.

Smartphones were by far the most vulnerable devices, with infections that rose nearly 400% in 2016. Attacks on smartphones represented 85% of all mobile device infections in the second half of the year, according to the report. more

Security Director Alert: USB Killer Stick II

Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? (See the Security Scrapbook warning about it from last September.)

Well, now the company has released a new version that is even more lethal! And you can also buy an adapter pack, which lets you kill test devices with USB-C, Micro USB, and Lightning ports.

Further Reading: USB Killer, yours for £50, lets you easily fry almost every device

If you haven't heard of the USB Killer before, it's essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing...

The new USB Killer V3, which costs about £50/$50, is apparently 1.5 times more powerful than its predecessor, is more lethal (it pumps out eight to 12 surges per second), and is itself more resistant to setups that might cause the USB Killer to fry itself. more

Spybusters Tip #783 - Block your USB ports with a USB lock and security tape. Aside from Killer Stick sabotage, USB ports are virus injection portals.