Weekly Cybersecurity Recap Feb 25
- By David Lukic
- Published: Feb 25, 2022
- Last Updated: May 18, 2022
The world is on edge as Russia invades Ukraine. The ensuing sanctions levied on the totalitarian state will likely trigger cyber-attacks against the United States government as well as corporations based in the land of the free and the home of the brave. Though the Russians have not launched any major cyber-attacks as of the final week of the month, those attacks will likely occur in the days and weeks ahead. Let's shift our attention to the top cyber-attacks from the week gone by.
Xenomorph Google Play
Google Play has been compromised by malware referred to as Xenomorph. This modular trojan is related to additional types of malware such as Alien. Xenomorph settles within Google Play's Fast Cleaner until users take the initiative to delete it. Though the malware's primary target is banks in Europe, it has the potential to expand to additional targets here in the United States and elsewhere in the near future.
Xenomorph steals information by creating what appears to be legitimate login pages, fooling targets into entering their mobile banking login credentials. Those credentials are then stolen. The stolen information is sent to a C2 server, allowing for keylogging along with the collection of behavioral information and installation on applications. Xenomorph is even capable of intercepting SMS messages.
NFT Heist
Hackers stole NFTs worth $1.7 million earlier this week. The NFTs were stolen from the NFT OpenSea marketplace. The most intriguing component of the attack is the fact that it was conducted through phishing. The phishing attack persuaded targets to surrender their digital artworks to hackers. These targets were duped into signing a digital contract that forfeited their rights to the NFTs to the hacking collective.
OpenSea responded by highlighting the fact that the attack occurred during a smart target migration that opened the door for the attack. The company also noted it is still investigating the attack yet does not have an avenue of financial recourse for the victims.
Dridex Malware's Entropy Ransomware
Dridex malware is sending a form of ransomware referred to as Entropy to targeted computers. The ransomware is transmitted through a software packer that conceals the underlying code. The packer identifies and disguises commands through subroutines that conceal encrypted text. Computer users can defend against the malware transmitted by Evil Corp through the installation of the latest patches and updates.
DocuSign
Digital miscreants are using DocuSign to pilfer login credentials for Microsoft Outlook. This targeted phishing scheme zeroes in on the country's top digital payments providers. The campaign transmits emails throughout target enterprises with the aim of stealing the Outlook usernames and passwords.
People are falling for the scam as it appears as though the documents attached to the email messages are legitimate contracts available through DocuSign. However, the link that redirects targets to the supposedly legitimate contract is nothing but a copycat page that prompts victims to enter their login credentials. Those credentials are captured and used for nefarious purposes.
Zenly
Zenly contains a bug that allows hackers to take over targets' accounts. The attack hijacks user accounts and exposes user phone numbers to digital miscreants. The snap-owned app is meant to empower users to see the locations of family members and friends on digital maps. Though the bug has been patched, users who do not upgrade the app to its latest version might still fall prey to the attack.
