July 30, Softpedia – (International) Major cyber-crime campaign switches from CryptXXX to Locky ransomware. Researchers from Palo Alto Networks reported that Afraidgate, the largest source of ransomware infections via exploit kits (EK), stopped delivering the CryptXXX ransomware and began distributing the Locky Zepto variant after switching from Angler to the Neutrino EK. Researchers stated that Afraidgate relies on malicious actors hacking Websites and adding malicious code to the site to redirect users to the Neutrino EK, which are easy to discover due to the “.top” domain extensions. Source
July 30, Softpedia – (International) IP of ancient Conficker C&C domains resurfaces in new website hacking scheme. Sucuri’s forensic team discovered hacked Websites were redirecting their own traffic to one of their subdomains hosted on another server, prompting an investigation into the Websites which revealed the sites had been registered through NameCheap and were abusing the company’s FreeDNS service to hijack legitimate sites by redirecting domain name queries to the server’s IP address, which had been previously used to host command and control (C&C) servers for the Conficker malware. Source
July 29, SecurityWeek – (International) New “QRLJacking” attack targets QR code logins. An independent researcher discovered that the Quick Response (QR) Login process is susceptible to a RLJacking attack after finding a hacker could access the login QR code from the target Website and place it into a phishing page in order to trick the user into visiting the page and logging into the QR login process, thereby sending the secret login token to the hacker instead of the authenticated Website and allowing the hacker to hijack the session. Researchers stated that the attack can be avoided by opting out of the QR Login feature and using a regular password for sites and apps that offer QR logins. Source
July 29, IDG News Service – (International) Android trojan SpyNote leaks on underground forums. Researchers from Palo Alto Networks reported a new Android trojan dubbed SpyNote has been leaked on several underground forums and allows hackers to steal users’ messages and contacts, record audio using the devices built-in microphone, listen in on an user’s calls, and control the device’s camera, among other illicit actions. Researchers stated the trojan, which prompts users for a long list of permissions on installation, is capable of updating itself and installing other rogue applications on the device. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report