Most of us are pretty web-savvy: when an email arrives
saying we need to enter our bank details, we think, “Oh, please!” – and
don’t click.From legitimate companies delivering software with a “side-order” of malware, to PC attacks that persuade you to infect your own phone, here are some of the latest traps laid by cybercriminals.
As ever, you don’t have to become a victim. Ensure all your
software is up to date – from Windows to Flash to Java to your browser –
think carefully before installing anything, whether it’s an app or a
browser plug-in, and use good AV software for maximum security.
The poisoned plug-in
Browser plug-ins are something many of us install without
even thinking – but this year has seen a surge in plug-ins with hidden,
malicious functions. Orbit Downloader, one of the most popular video
downloaders for YouTube, was found to have a hidden “dark side” –
working to attack other websites with DDoS attacks, using unwitting
users’ PCs.
“Given the age and the popularity of Orbit Downloader (it
is listed as one of the top downloads in its category on several
popular software web sites) this means that the program might be
generating gigabits (or more) of network traffic, making it an effective
tool for Distributed Denial of Service (DDoS) attacks,” says ESET
Distinguished Researcher Aryeh Goretsky.
After ESET’s report, Orbit was withdrawn from several
sites. To stay safe, use plug-ins only when absolutely necessary, only
install plug-ins from reputable stores – and check the reviews first.
The PC attack that poisons your phone
Persuading Android users to download malware is not hard –
but cybercriminals have also created PC malware that “poisons” phones
connected to it. Win 32/KanKan “silently installs mobile applications to
Android phones connected to the computer via USB debugging” according
to ESET researcher Joan Calvet.
More sinisterly, the Hesperbot Trojan attempts to bypass
banking security, according to ESET researcher Robert Lipovsky – by
persuading them to install fake bank apps. “The aim of the attackers is
to obtain login credentials giving access to the victim’s bank account
and to get them to install a mobile component of the malware on their
Symbian, Blackberry or Android phone.”
Your bank will never ask you to “update” an app in this way – any
necessary updates will be done via an official store such as Google Play
– so if you see your bank’s website offering a link, beware. If new
apps do appear on your phone without warning, delete immediately,
consider a factory reset on your phone- and check your PC.The Bitcoin burglar
Bitcoin made the news this year – with ATMs allowing users
to withdraw their cryptocurrency as real currency, and bars that would
accept payments in Bitcoin. But sites such as the online drug mart Silk
Road also highlighted the “dark side” of such cryptocurrencies – and
cybercriminals tried to cash in. Gaming company ESEA discovered an
employee had secretly installed Bitcoin-mining software in the company’s game client.
“It becomes obvious that digital currency is currently a trending
topic, among malware writers as well as amongst gamers,” says ESET
Malware Researcher Robert Lipovsky. “Recently we’ve happened upon a new
Trojan that attempts to steal virtual cash in the form of the alternate
digital currency, Litecoin.”
Bitcoin has a great guide to security here – http://bitcoin.org/en/secure-your-wallet but in general, it’s best to have two wallets for cryptocurrencies, one for spending, and one offline wallet for larger sums.
The good website gone bad
Even “good” websites can turn bad – witness the
long-running “Home Campaign”, which has infected thousands of websites,
and in turn delivered malware to their visitors. “How did the
cybercriminals manage to exert control over so many IPs and domains?”
asks ESET Sebastien Duquette, “By compromising the CPanel and Plesk
panels used by many web hosting companies to manage their networks and
sometimes control hundreds or thousands of websites.” The malware
inserts the Blackhole “exploit kit” into sites, so users with vulnerable
versions of programmes such as Java will be infected. To stay safe,
ensure all your PC’s software – particularly your operating system,
browser and software such as Java and Flash – are up-to-date.
The banking malware that steals money right under your nose
Shylock
– detected by ESET as Win32/Caphaw, is one of the few pieces of
financial malware that can steal money while a user watches. “It is one
of the few that has autoload functionality for automatically stealing
money when the user is actively accessing his banking account. An
infected user can’t recognize that his money is being stolen, because he
sees fake data on the banking web page based on the webinjects’ rules,”
writes ESET Security Intelligence Team Lead Aleksandr Matrosov. The malware was recently detected attacking North American users, targeting login credentials for 24 banks. Shylock
has advanced “stealth” capabilities, but appears to spread via a Java
vulnerability – ensure software such as Java is up to date on your PC,
and always exercise caution around online banking. If anything appears
slightly wrong, call your bank immediately.
