Latest News “Stay informed with breaking news, world news, US news, politics, business, technology, and more at latest news.

Category: malware

Auto Added by WPeMatico

  • Check your gadgets: FBI warns millions of streaming devices infected by malware

    The FBI issued a public warning last week about a massive cybercrime operation exploiting everyday internet-connected devices. The botnet, dubbed BADBOX 2.0, has quietly infiltrated millions of TV streaming boxes, digital projectors, tablets, car infotainment systems, and other smart gadgets commonly found in homes across the U.S.

    What BADBOX 2.0 actually does

    Once compromised, these devices don’t just underperform or crash, they secretly enlist your home internet connection into a residential proxy network. That means cybercriminals can hide behind your IP address to commit crimes like ad fraud, data scraping, and more. All of it happens behind the scenes, without the victim’s knowledge.

    “This is all completely unbeknownst to the poor users that have bought this device just to watch Netflix or whatever,” said Gavin Reid, chief information security officer at cybersecurity firm Human Security, in an interview with Wired.

    What devices are affected?

    According to the FBI, BADBOX 2.0 has infected:

    • TV streaming boxes
    • Digital projectors
    • Aftermarket vehicle infotainment systems
    • Digital picture frames

    Most of these devices are manufactured in China and marketed under generic or unrecognizable brand names. Security researchers estimate at least 1 million active infections globally, with the botnet potentially encompassing several million devices overall. The worst offenders belong to the “TV98” and “X96” families of Android-based devices, both of which are currently available for purchase on Amazon. In the example below, one of the potentially problematic devices is advertised as “Amazon’s Choice.”

    Check your gadgets: FBI warns millions of streaming devices infected by malware
    Image used with permission by copyright holder
    Check your gadgets: FBI warns millions of streaming devices infected by malware
    Image used with permission by copyright holder

    How the infections happens

    There are two primary sources for infection:

    1. Pre-installed malware: Some devices arrive already compromised, having been tampered with before reaching store shelves.
    2. Malicious app installs: During setup, users are often prompted to install apps from unofficial marketplaces, where malware-laced software opens backdoors.

    This marks an evolution from the original BADBOX campaign, which relied primarily on firmware-level infections. The new version is more nimble, using software tricks and fake apps to broaden its reach.

    How to tell is your device is infected

    Here are the red flags to watch for:

    • The device asks you to disable Google Play Protect
    • It comes from an unfamiliar or no-name brand
    • It’s advertised as “unlocked” or able to stream free content
    • It directs you to download apps from unofficial app stores
    • You notice unexplained internet traffic on your home network

    How to protect your home network

    To stay safe, the FBI recommends the following precautions:

    • Avoid unofficial app stores. Stick to the Google Play Store or Apple’s App Store.
    • Don’t chase suspicious bargains. Extremely inexpensive, unbranded gadgets are often too good to be true.
    • Monitor your network. Keep an eye on unusual internet usage patterns or devices that you don’t recognize.
    • Stay updated. Regularly update your devices and router with the latest firmware and security patches.

    If you suspect a device on your network may be infected, disconnect it immediately and consider filing a report with the FBI at www.ic3.gov.

    Be skeptical of bargain gadgets

    If seems too good to be true, it probably is. Fyodor Yarochkin, a senior threat research at Trend Micro said it best, “There is no free cheese unless the cheese is in a mousetrap.”

  • Your information was probably stolen again: Researcher discovers 184 million stolen logins

    A person using a laptop with a set of code seen on the display.
    Sora Shimazaki / Pexels

    In another stark reminder of the constant threats online, cybersecurity researcher Jeremiah Fowler recently uncovered a massive, unsecured database containing over 184 million login credentials from Microsoft, Apple, Facebook, Discord, Google, PayPal and others. The trove amounted to approximately 47.42 GB of data, was discovered on a misconfigured cloud server and is believed to have been amassed using infostealer malware – malicious software designed to extract sensitive information from compromised devices.

    A global breach with far-Reaching implications

    According to Jeremiah, the database also contained over 220 email addresses associated with government domains from at least 29 countries, such as the United Stated, United Kingdom, Australia, and Canada. The breadth underscores the potential national security risks posed by such breaches.

    Fowlers analysis of a 10,000-record sample revealed that the data included plaintext usernames and passwords, with some entries linked to financial terms like “bank” and “wallet,” indicating a heightened risk of financial fraud. The presence of such sensitive information in an unprotected database amplifies concerns about identity theft, unauthorized access and other malicious activities. Hackread.com has some images from the database provided by Jeremiah.

    The role of infostealer malware

    Infostealer malware operates by infiltrating devices through phishing emails, malicious websites, or comes bundled with pirated software. Once installed, it can harvest a variety of data, including login credentials, cookies, autofill information and even cryptocurrency wallet details. The data is then transmitted to command-and-control servers operated by cybercriminals.

    The discovery of this database suggests a coordinated effort to collect and potentially exploit vast amounts of personal and institutional data. The lack of identifiable ownership or metadata within the database further complicates efforts to trace its origins or intended use. Hosting companies likely do not know that they are fostering these databases to begin with.

    Immediate actions and recommendations

    Upon discovering the database, Fowler promptly notified the hosting provider, World Host Group, which subsequently took the server offline. However, the duration for which the data remained exposed and wither it was accessed by unauthorized parties before its removal remains uncertain.

    I would advise users to:

    • Change your passwords, yet again: Immediately update your passwords for all online accounts, especially if the same passwords are being re-used across multiple platforms
    • Enable two-factor authentication (2FA): This generally requires a text verification code to your phone, or a secondary email address
    • Monitor your accounts: Regularly check your financial accounts and other sensitive accounts for suspicious activity
    • Use reputable security software: Anti-virus and malware software from reputable companies usually help, make sure they are updated. You can check out our antivirus and malware reviews
    • Be cautious with emails and downloads: Avoid clicking on suspicious links or downloading attachments from unknown sources

  • Destructive malware available in NPM repo went unnoticed for 2 years

    Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face.

    Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.

    A diversity of attack vectors

    “What makes this campaign particularly concerning is the diversity of attack vectors—from subtle data corruption to aggressive system shutdowns and file deletion,” Pandya wrote. “The packages were designed to target different parts of the JavaScript ecosystem with varied tactics.”

    Read full article

    Comments

  • Hundreds of e-commerce sites hacked in supply-chain attack

    Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday.

    The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. At least 500 e-commerce sites that rely on the backdoored software were infected, and it’s possible that the true number is double that, researchers from security firm Sansec said.

    Among the compromised customers was a $40 billion multinational company, which Sansec didn’t name. In an email Monday, a Sansec representative said that “global remediation [on the infected customers] remains limited.”

    Read full article

    Comments

  • Android apps laced with North Korean spyware found in Google Play

    Researchers have discovered multiple Android apps, some that were available in Google Play after passing the company’s security vetting, that surreptitiously uploaded sensitive user information to spies working for the North Korean government.

    Samples of the malware—named KoSpy by Lookout, the security firm that discovered it—masquerade as utility apps for managing files, app or OS updates, and device security. Behind the interfaces, the apps can collect a variety of information including SMS messages, call logs, location, files, nearby audio, and screenshots and send them to servers controlled by North Korean intelligence personnel. The apps target English language and Korean language speakers and have been available in at least two Android app marketplaces, including Google Play.

    Think twice before installing

    The surveillanceware masquerades as the following five different apps:

    Read full article

    Comments