Be Aware That ChromeLoader Malware Is Picking Up Steam

cyber security malware

A browser hijacker called “ChromeLoader” has had a large uptick in detections this month, which is raising eyebrows among security professionals.
ChromeLoader can modify a victim’s web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like.
As malware goes, there are far worse strains out there.  Rather than infect you with malicious code that locks all your files or installs other destructive forms of malware, this one will see you flooded with scammy or spammy offers. It will  frustrate you by forcing you to click through a sea of ads you’d rather not see, all in a bid to make a bit of coin for the malware’s owners.
It is noteworthy mostly because of its persistence and its aggressive use of Powershell, which it abuses like few other malware strains do.  Even worse, the owners of the malicious code have recently released a variant that specifically targets macOS users, so if you thought you were safe because you were using a Mac, think again.
While we wish that all malware strains were as relatively harmless as this one, that doesn’t mean it isn’t a threat or that you shouldn’t take it seriously.  While it’s not as destructive as most of the malware strains that make the headlines, it’s still a genuine concern that can cause you innumerable headaches.
If you start to see an unusual number of popup ads or if your computer has a scary preference for porn and gaming sites, odds are good that you’ve been infected. It may appear like your computer has a life of its own. If you see those things, the problem won’t go away on its own and you should get your machine to a tech as soon as possible.
Used with permission from Article Aggregator

New iOS 15.4 Update Addresses AirTag Stalking Issue

Apple AirTags are handy. They’re an incredibly convenient way to help keep track of your stuff. If you lose something that has been tagged you can easily locate it using the “Find My” app, which will point the way to whatever it is that you have tagged.

The only problem is AirTags can be misused as well. It didn’t take long for Airtag Stalking to become a “thing”. Apple took note and relatively swift action.

That’s why as of iOS release 15.4 the company behind the handy tech is putting additional security measures in place. These include the addition of a new privacy notice that users will see during setup that warns tracking someone via the technology can be considered a crime.

The changes also include an enhancement that allows users to specify when an unidentified pair of AirPods is found traveling with you. Previously AirPods would generate a generic “Unknown Accessory Alert” which caused confusion among some users.

On top of that Apple has removed the feature that would preemptively disable safety alerts when a tracker is detected in your vicinity. Users will find new tracking notification settings in their Find My app settings.

In addition to the AirTag security features the 15.4 release will include a new American Siri voice that is “less gendered” than the voice assistant’s current options. Other enhancements include a Universal Control feature and Face ID support while wearing masks.

That sounds fantastic but there is one slight wrinkle. Apple has not yet announced an exact release date for the latest iOS build. Although based on prior releases and the always-active rumor mill, most people are expecting it to get a widespread release sometime in March of this year (2022).

That’s good news indeed for Apple fans and customers especially if you’ve already come to rely on those handy little AirTags.

Used with permission from Article Aggregator

Employee Information Was Leaked At Cookware Company Meyer

Meyer Corporation is a California-based company and a giant in the cookware industry. Meyer is the latest victim in a seemingly never-ending parade of hacking attacks. The full extent of the attack has not yet been disclosed because an investigation into the matter is ongoing. However, we do know at this point that the attackers made off with at least one database containing the personal information of thousands of Meyer employees.

The company issued a breach notification and has filed papers with the Attorney General office in both Maine and California. Notification letters have already been sent to individuals impacted by the breach.

The notification reads in part, as follows:

“Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information.

The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment.”

The company has not confirmed that the attack was a ransomware attack. However, the Conti gang who makes heavy use of ransomware successfully breached the company’s defenses last November (in 2021). Their leak site contained nearly 250 MB of data which represented about 2 percent of the total data stolen from the company during that attack.

It’s not much of a silver lining. At least in this case, unless you work for the company, your personal information does not appear to be at risk. Even if you are one of the unfortunate people who received a notification letter from Meyer you will be offered two years’ worth of free identity protection. That’s small consolation but it’s something.

Used with permission from Article Aggregator

Malware Hidden Inside Games Found In Microsoft Store

Security experts tell people all the time to never to download apps from anywhere other than official sources like the Microsoft Store, the Google Play Store, and the Apple App Store.

It’s good advice but unfortunately, even those sources aren’t perfect when it comes to keeping malicious apps that have been poisoned with malware off of their virtual shelves.

Recently, the cyber-intelligence firm named Check Point discovered poisoned clones of a number of popular games like Temple Run and Subway Surfer. These poisoned clones have been responsible for compromising more than five thousand machines located primarily in Sweden, Israel, Spain, and Bermuda.

The code lurking in these poisoned copies of popular games is called Electron Bot and it is fairly mild in terms of what it does. It seeks to earn profits by taking control of machines and commandeering their social media accounts including Facebook, Google, YouTube and Sound Cloud.

If the owner of the infected system happens not to have accounts on any of those services, that’s fine too. Electron Bot is more than capable of setting up brand new accounts and then commenting and “liking” content on those platforms which is engaging in click fraud.

This Electron Bot is not new. It was first spotted in the wild in the waning days of 2018 masquerading as an app called “Album by Google Photos” on the Google Play store.

Since then, the malicious code has undergone several revisions and each time the authors have further refined the code and added new capabilities to it.

According to the Check Point researchers, the main goals of the group behind the malware seem to be:

SEO poisoning – Create malware-dropping sites that rank high on Google Search results.
Ad clicking – Connect to remote sites in the background and click on non-viewable advertisements.
Social media account promotion – Direct traffic to specific content on social media platforms.
Online product promotion – Increase store rating by clicking on its advertisements.

As malware goes that’s hardly the worst thing but it’s still not something you want on your system. So be warned and be aware.

Used with permission from Article Aggregator