Introduction
A supply chain attack, phishing, social engineering, and malware. That's what we're talking about in this week's review. I welcome you all, and I hope that you're all fine.
Let's begin.
Yearlong supply-chain attack targeting security pros steals 390K credentials
How this attack evaded detection despite being on npm and GitHub is quite interesting. You'll agree with me after reading the article. It all started with innocent code, updated to contain obfuscated code that was malicious.
For the GitHub part of this operation, the code hosted on the platform was innocent. However, it requires a dependency. That dependency was the malicious code hosted on npm.
From the article:
The combination of regular updates, seemingly legitimate functionality, and strategic dependency placement has contributed to the package’s unusual longevity in the NPM ecosystem, far exceeding the typical lifespan of malicious packages that are often detected and removed within days.
Ongoing phishing attack abuses Google Calendar to bypass spam filters
Attackers using legitimate services for malicious purposes is not a new thing. By the looks of it, they are not stopping anytime soon.
From the article:
Google Calendar phishing is not new, with Google previously rolling out protections allowing users to block these types of invites more easily.
However, if a Google Workspace administrator does not enable these protections, you will continue to have invites automatically added to your calendars.
‘Fix It’ social-engineering scheme impersonates several brands
A wonderful investigative work from Malwarebytes. After reading the article, you might conclude that you can't fall for it. Mind you, there are less-techy individuals out there who will follow instructions because the computer told them to do so for safety reasons. If you have such people in your life, explain this article to them.
Here is where you should start:
As these schemes are being increasingly used by criminals, it is important to be aware of the processes involved. The Windows key and the letter ‘R’ pressed together open the Run dialog box. This is not something that most users will ever need to do, so always think carefully whenever you are instructed to perform this.
Android malware found on Amazon Appstore disguised as health app
To be honest, I am not surprised by these kinds of attacks. Can we even call it an attack? Well, that's debatable. Nonetheless, this further proves that despite the security, malicious apps still find their way into official application platforms.
From the article:
The second malicious action performed by the app is scanning the device to retrieve all installed applications, allowing the attackers to plan their next steps.
Finally, the spyware intercepts and collects SMS messages sent and stored on the device, including one-time passwords (OTPs) and verification codes.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)