last month , resulting in the loss of video evidence . The police chief decided not to pay the ransomAttack.Ransomand instead had the server wiped , according to WFAA in Texas . The television station reported that the police chief does not believe this was a targeted attack by terrorists . Cybercriminals are thought to have casted a wide net with spam and an unsuspecting police department employee invited the malware in upon clicking on a link . According to Acronis , the latest update of the Locky crypto-ransomware variant , Osiris , is behind this attack . Acronis ’ New Generation technology that proactively prevents zero-day infections , discovered this new mutation . It currently bypasses all ( to our best knowledge ) antivirus/anti-malware software , including Windows Defender . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . Accoridng to a press release , once the Cockrell Hill Police Department became aware that files on the server had been corruptedAttack.Databreachby a computer virus , they immediately disconnected the server and all computers from the internet and all state database systems and were able to contain the virus . The virus had been introduced onto the network from a spam email that had come fromAttack.Phishinga cloned email address imitatingAttack.Phishinga department issued email address . An internet webpage showed that if the police department paid $ 4,000 in Bitcoin , then the police department 's online contents would be released . The FBI Cybercrimes unit recommended that the police department isolate and wipe the virus from the servers . This virus affected all Microsoft Office Suite documents , such as Word documents and Excel files . In addition , all body camera video , some in-car video , some in-house surveillance video , and some photographs that were stored on the server were corruptedAttack.Databreachand were lost , the police department stated in its release . Files that were affected did go back to 2009 , however hard copies of all documents and the vast majority of the videos and photographs are still in the possession of the Police Department on CD or DVD . It is unknown at this time how many total digital copies of documents were lost , as it is also unknown how many videos or photographs that could have assisted newer cases will not be available , although the number of affected prosecutions should remain relatively small , the press release said
This week researchers found a piece of malware in the wild , built to stealAttack.Databreachpasswords from the macOS keychain . Named `` MacDownloader '' and posing asAttack.Phishing, what else , a fake Flash Player update , the new malware was found on the Mac of a human rights advocate and believed to originate from Iran . The malware 's code is very sloppy and appears to have been made by an amateur who took pieces of other 's code and repurposed them . The threat report mentions the following : MacDownloader seems to be poorly developed and created towards the end of 2016 , potentially a first attempt from an amateur developer . In multiple cases , the code used has been copied from elsewhere . The simple activity of downloading the remote file appears to have been sourced from a cheat sheet . The main purpose of MacDownloader seems to be to perform an initial profiling of the infected system and collectionAttack.Databreachof credentials from macOS ’ s Keychain password manager – which mirrors the focus of Windows malware developed by the same actors . At this time , it appears the malware is not a threat and the Command & Control server has been taken down . Intego VirusBarrier offers protection from this malware , detected as OSX/MacDownloader . Security researchers found that this malware was originally designed asAttack.Phishinga fake Bitdefender antivirus , but was later repackaged asAttack.Phishinga fake Flash Player update . Once installed , the malware attempts to achieve persistence by use of a poorly implemented shell script , which at the time of writing did not function due to the C & C server being offline . MacDownloader displaysAttack.Phishinga fake Flash Player update that offers an `` Update Flash-Player '' button and a `` Close '' button . Unlike other malware of its kind , clicking the Close button actually exists the installer and nothing malicious is placed on the system . If the Update button is clicked though , a malware dialog will pop-up , which is , of course , fake as well . These dialogues are also rife with basic typos and grammatical errors , indicating that the developer paid little attention to quality control . After a user clicks on OK , the software mimics the System Preferences to request the admin password in order to grab more info on the system . If the user enters their password and clicks OK , the software grabs the info , and then it tries to open a remote connection to : MacDownloader collectsAttack.Databreachuser keychain information and uploads it to said C & C server , including documents the running processes , installed applications and the username and password , which are acquired through a fake System Preferences dialog . The name and password , which in almost all cases are Administrator credentials , give the malware everything it needs to access the keychain information . With accessAttack.Databreachto the keychain the sky is the limit , because email account passwords , social network account details , and much more , are all stored in the keychain .
Check your security with our instant risk assessment , Security Preview Get insight into the most topical issues around the threat landscape , cloud security , and business transformation . See how Zscaler enables the secure transformation to the cloud . Zscaler is the preferred choice of leading organizations . Watch how Jabil achieved security at scale with Zscaler . Nintendo recently released Super Mario Run for the iOS platform . In no time , the game became a sensational hit on the iTunes store . However , there is not yet an Android version and there has been no official news on such a release . Attackers are taking advantage of the game 's popularity , spreading malware posing asAttack.Phishingan Android version of Super Mario Run . The ThreatLabZ team wrote about a similar scam that occurred during the release of another wildly popular Niantic game , Pokemon GO . Like that scam , the new Android Marcher Trojan is disguised asAttack.Phishingthe Super Mario Run app and attempts to trickAttack.Phishingusers with fake finance apps and a credit card page in an effort to capture banking details . Once the user 's mobile device has been infected , the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details . Unsuspecting victims will provide the details that will be harvested and sent out to to the malware 's command and control ( C & C ) server . We have seen this malware evolve and take advantage of recent trends in order to target a large number of users . We have covered similar campaigns in the past related to Marcher malware here and here . Technical details In this new strain , the Marcher malware is disguised asAttack.Phishingthe Super Mario Run app for Android . Knowing that Android users are eagerly awaiting this game , the malware will attemptAttack.Phishingto present a fake web page promoting its release . In previous variants of Marcher , we observed this malware family targeting well-known Australian , UK , and French banks . The current version is targeting account management apps as well as well-known banks . Like previous Marcher variants , the current version also presentsAttack.Phishingfake credit card pages once an infected victim opens the Google Play store .
When tragedy strikes , criminals invariably prey on people ’ s best intentions . Scammers have been using Hurricane Harvey-themed messages to trickAttack.Phishingpeople into opening phishing emails and links on social media sites , which can steal login information , infect machines with malware , or con victims out of money . US-CERT , a cybersecurity arm of the U.S. Department of Homeland Security , issued a warning about the threat on Monday . “ [ R ] emain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey , ” the advisory read . “ Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters. ” As the advisory notes , a common scam during and after natural disasters is for fraudsters to pretendAttack.Phishingto set up relief funds and request donations . Fortune has seen several suspicious online profiles and personas that , although their legitimacy couldn ’ t be determined , raised several red flags : a small number of followers , unverified accounts , no apparent links to accredited charities , and no means to track where proceeds go . Zack Allen , threat operations manager at ZeroFOX , a social media-focused cybersecurity startup , says the ruse is a typical one . “ Cybercriminals are opportunists and , sadly , a crisis like Hurricane Harvey is a prime example of their preying on humanity ’ s empathy and trust , ” he wrote in an email to Fortune . “ People all over the world quickly rushed to their social media accounts to find the best avenues to donate to victims , but these same avenues are ideal for scammers who try to convinceAttack.Phishingvictims to donate to their fraudulent Hurricane Harvey cause. ” Kevin Epstein , vice president of threat operations at Proofpoint ( pfpt , +1.21 % ) , a cybersecurity firm that provides email protection , said that in recent days he has seen hurricane-related snares such as “ see this terrifying video ” or pleas to “ donate to the relief effort. ” One PDF attachment titled “ hurricane harvey – nueces county news release 11 – it ’ s your chance to help.pdf ” prompted people , when opened , to enter their email username and password , he told Fortune . It ’ s common for fraudsters to take advantage of news du jour to baitAttack.Phishingprospective victims . “ Consistently , attackers use world events as themes for their attacks , ” said Oren Falkowitz , CEO at Area1 Security , a cybersecurity startup that fights phishingAttack.Phishing. He noted that attacks related to tax season and national elections were examples of recent popular lures . A few tips you can use to stay safe : First , keep your software up to date . Hackers often try to compromise devices running outdated software that has security holes . Second , be careful what you click : Don ’ t accept or open unsolicited content from untrusted sources . ( You should even be wary of trusted contacts , as they too may have been compromised . ) Third , be sure the organizations to which you ’ re contributing money are legitimate . Here ’ s a rundown of some reputable charities assembled by Fortune . US-CERT further recommends reviewing these safety guidelines from by the Federal Trade Commission for Hurricane Harvey-related charitable giving , and cross-checking organizations on this directory of national charities from the Better Business Bureau .
Forcepoint security labs has identified a form of ransomware , first documented back in September 2016 that targets healthcare organisations . ‘ Philadelphia ’ , believed to be a new version of ‘ Stampedo ’ currently shows patterns that could be the beginning of a widening targeting campaign , extending beyond US perimeters . Sold for just a few hundred dollars and promoted on YouTube , it gives have-a-go criminals , on a global scale , the tools to conduct very targeted and convincing attacks . The attackAttack.Phishingis sentAttack.Phishingthrough a spear-phishing email containing tailored logos and staff names , adding to the deception . Once activated the variant communicates information including operating system , username , country and system code back to its command and control and generates a victim ID , bitcoin wallet ID and bitcoin ransom price . Carl Leonard , principal security analyst at Forcepoint , said : “ While processing our open source intelligence feeds we discovered Philadelphia , currently a cheap , poorly written ransomware that is available cheaply to script kiddies . Although the ransomAttack.Ransomis currently only 0.3 BTC , the command and control paths suggest that the actor is targeting hospitals for this campaign so there are likely to be other targets
Cyber Monday is here ! If you avoided the retail stores and skipped their Black Friday deals , do n't worry , you 'll get another chance for major savings today . From clothing to travel to exclusive online-only deals , Cyber Monday still has tons to offer . But just in time for the Cyber Monday shopping rush , watch out for sinister phishing scamsAttack.Phishingthat are making the rounds . With more online shoppers this time around - searching every nook and cranny of the web in search of the best Cyber Monday deals - crooks are again looking to dupeAttack.Phishingunsuspecting bargain hunters . Stop and Think , Did I order this ? One of the most effective tools for a cybercriminal is the phishing scamAttack.Phishing. This is when a scammer poses asAttack.Phishinga trustworthy entity and tries trickingAttack.Phishingyou into clicking on a malicious link . Their ultimate goal , of course , is to stealAttack.Databreachyour sensitive information such as credit card details , usernames and passwords . With this year 's holiday online shopping numbers projected to be the biggest ever , millions of items will be processed and shipped . With this surge in shipping activity , consumer protection groups are warning everyone to watch out for fake delivery notices and package verification scams . For example , if you receiveAttack.Phishingan email from `` Amazon '' saying that you have a pending delivery that needs verification from you , then that is most likely a phishing scamAttack.Phishing. Other email phishing scamsAttack.Phishingmay also pretend to provideAttack.Phishingyou with a link for shipping updates or special discount coupons and offers . Another popular ploy is the phantom order scam . These alarming emails are meant to get you clicking by pretendingAttack.Phishingyou ordered thousands of dollars of merchandise . But before you click that link , look out , these deceitful messages can be extremely convincing . Fake delivery and shipping notifications can look just likeAttack.Phishingthe real thing , using real logos and art from company websites . These cybercriminals will even set upAttack.Phishingfake websites that look likeAttack.Phishingthe real deal to lureAttack.Phishingyou into giving away your personal information and credit card details .
Hackers that tried to extort moneyAttack.Ransomfrom Disney by threatening to make public an upcoming movie ahead of its release date appear to have been bluffing , the firm ’ s boss has revealed . Chairman and CEO Bob Iger said the media giant had , to its knowledge , not been hacked . “ We had a threat of a hackAttack.Databreachof a movie being stolenAttack.Databreach. We decided to take it seriously but not react in the manner in which the person who was threatening us had required , ” he told Yahoo Finance . “ We don ’ t believe that it was real and nothing has happened. ” The hackers apparently demandedAttack.Ransoma large paymentAttack.Ransomin Bitcoin , and threatened to release five minutes of the stolen film followed by subsequent 20-minute instalments if their demandsAttack.Ransomweren ’ t met . Disney likely took the threat seriously given that a similar incident occurred last month when a hacker uploaded the upcoming series of Netflix prison drama Orange is the New Black to The Pirate Bay after the streaming giant refused to pay a ransomAttack.Ransom. In that case , a third-party production vendor used by the studios was to blame , after its security was compromised by the hacker . Iger acknowledged the elevation of cybersecurity to a “ front burner issue. ” “ Technology is an enabler to run our businesses more securely , whether that ’ s protecting our intellectual property or protecting our guests or employees around the world , ” he argued . Unfortunately , many boardrooms don ’ t share Iger ’ s enthusiasm for cybersecurity-related issues . Just 5 % of FTSE 100 companies claim to have a technology expert on the board , despite most of them ( 87 % ) identifying cybersecurity as a major risk to the firm , according to a recent Deloitte report . Yet cybersecurity is something the C-level need to get urgently up to speed with , as increasing numbers are targeted by whalers . Just this month , Barclays CEO Jes Staley was trickedAttack.Phishinginto emailing someone pretending to beAttack.Phishingthe bank ’ s chairman , John McFarlane .
“ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” said Asaf Cidon , vice president , content security services at Barracuda Networks . Attachments , he said , are documents rigged with malware or are designed to download it from a command and control server . Cidon said other aviation-themed phishing attacksAttack.Phishingcontain links to spoofedAttack.Phishingairline sites . In these types of attacks , adversaries go to great lengths to spoofAttack.Phishingthe airline ’ s site . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon said . Recent phishing campaignsAttack.Phishing, he said , are targeting logistic , shipping and manufacturing industries . Barracuda ’ s warning comes a week after the U.S. Computer Emergency Readiness Team issued an alert of similar attacks targeting airline consumers . It warned email-based phishing campaignsAttack.Phishingwere attempting to obtain credentials as well . “ Systems infected through phishing campaigns act as an entry point for attackers to gain accessAttack.Databreachto sensitive business or personal information , ” according to the US-CERT warning . Delta said some victims were sentAttack.Phishingemails that claimed to contain invoices or receipts inside attached documents . When asked about the warning , Delta declined to comment . More troubling to Barracuda researchers was the success rate adversaries are having with phishing campaignsAttack.Phishingit is trackingAttack.Phishing. “ Our analysis shows that for the airline phishing attackAttack.Phishing, attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” Cidon wrote in a research note posted Thursday . “ This is one of the highest success rates for phishing attacksAttack.Phishing” . In June , Microsoft Malware Protection Center reported a resurgence in the use of Office document macro attacks . Researchers say crooks attempting to install malware and perpetrate credential-harvesting attacksAttack.Databreachare more likely to use social engineering to trickAttack.Phishingpeople into installing malware than to exploit vulnerabilities with tools such as exploit kits .
Files claiming to be the new Pirates of the Caribbean movie have leakedAttack.Databreachonline after Disney refused to meet hackers ' demandsAttack.Ransom. On 17 May , Softpedia 's Gabriela Vatu reported that two copies of Pirates of the Caribbean : Dead Men Tell No Tales had appeared on the popular ( and somewhat appropriate ) BitTorrent site The Pirate Bay . `` According to the information unearthed thus far , the hackers managed to get accessAttack.Databreachto the systems of Larson Studios in Hollywood , a company that handles additional dialogue recorded for movies . It seems that the copies they 've managed to get their hands on are in various stages of production and not exactly what you 'd expect from a full cinema-ready release . '' News of the extortion attempt first appeared in The Hollywood Reporter on 15 May when Bob Iger , CEO at Walt Disney , revealed the hackers had demandedAttack.Ransomthat Disney payAttack.Ransoma `` huge sum '' in Bitcoins to prevent them from leaking a then-undisclosed movie online . At the time , the attackers said they would release the film incrementally to netizens , first publishing clips lasting only a few minutes and slowly building up to 20-minute segments . Iger said Disney decided to not payAttack.Ransomthe attackers and was working with federal law enforcement to investigate the theft of one of its productions . It 's unclear who exactly perpetrated the leakAttack.Databreach- if indeed the files really are of the movie . Even so , a potential candidate is The Dark Overlord , a group of hackers who released the fifth season of Orange Is the New Black after Netflix refused to meet its ransom demandsAttack.Ransomback in April 2017 . Around that time , the hacking gang , which has also extortedAttack.Ransomnon-film entities in the past , tweeted out that it had stolenAttack.Databreachcontent from a number of other media companies . It did not name Walt Disney by name , though it did point to FOX , ABC , and others . Who is next on the list ? FOX , IFC , NAT GEO , and ABC . Oh , what fun we 're all going to have . We 're not playing any games anymore . While Disney and Netflix continue to work with the FBI in tracking down The Dark Overlord , someone has already removed the two copies of what claimed to be the Pirates of the Caribbean film from The Pirate Bay . The hackers could release the movies again . Or they might be focusing on their next target . While movie-goers might celebrate a leak of the movie , media companies like Walt Disney do n't want viewers gaining early access to their content . That 's why organizations should take the opportunity to conduct some security awareness training with their employees . This effort should include phishingAttack.Phishingsimulations and reviewing the security readiness of companies along their supply chains . Article updated 19 May 2017 . None of the files made available as downloadable torrents have been confirmed to contain footage of the movie . For more discussion on the issue , make sure to listen to this recent episode of the `` Smashing Security '' podcast . Your browser does not support this audio element .
The malware asks forAttack.Ransom222 Bitcoin but will not honor promises to decrypt files after payment is madeAttack.Ransom. The cost of ransomware reached close to $ 1 billion in 2016 , and it 's not hard to see why . The malware family , which targets everything from Windows to Mac machines , executes procedures to encrypt files and disks before demanding a ransom paymentAttack.Ransomin return for keys to decrypt and unlock compromised machines . However , it is not only the general public which is being targeted with everything from hospitals to schools and businesses now in the firing line . As the prospect of losing valuable content on computer systems or facing widespread disruption to business operations is often too much to bear , many will simply give up and give in , paying the fee and unfortunately contributing to the cybercriminal 's operations . However , paying upAttack.Ransomdoes not guarantee that victims will get their files back , no matter how low or high the payment demandAttack.Ransom. This week , ESET researchers discovered that a Linux variant of KillDisk , linked to attacks against core infrastructure system in Ukraine in 2015 , is now being used against fresh Ukrainian financial targets . The ransomware demandsAttack.Ransoma huge amount of money , but there is no underwritten protocol for decryption keys to be released once payment is madeAttack.Ransom. Distributed through phishing campaignsAttack.Phishingtargeting both Windows and Linux , once downloaded , the ransomware throws up a holding page referring to the Mr . Robot television show while files are being encrypted , the research team said in a blog post . Unsurprisingly , no-one has paid up yet , nor should they , ever . `` This new variant renders Linux machines unbootable , after encrypting files and requesting a large ransomAttack.Ransom, '' ESET says . `` But even if victims do reach deep into their pockets , the probability that the attackers will decrypt the files is small . '' Files are encrypted using Triple-DES applied to 4096-byte file blocks and each file is encrypted using different sets of 64-bit encryption keys . However , the ransomware does not store encryption keys either locally or through a command-and-control ( C & C ) server , which means that affected systems after reboot are unbootable , and paying the ransomAttack.Ransomis pointless . `` It is important to note -- that paying the ransom demandedAttack.Ransomfor the recovery of encrypted files is a waste of time and money , '' the team said . `` Let us emphasize that -- the cyber criminals behind this KillDisk variant can not supply their victims with the decryption keys to recover their files , despite those victims payingAttack.Ransomthe extremely large sum demandedAttack.Ransomby this ransomware . '' There is a weakness in the encryption used by the ransomware , which makes recovery possible -- at least when it comes to Linux infections . Earlier this week , researchers at Check Point revealed the latest exploits of the GoldenEye ransomware , a strain of malware which is targeting German HR companies . The malware is contained in phishing emails which appear to be from job applicants , and once downloaded and installed , demandsAttack.Ransom$ 1000 in Bitcoin to unlock infected systems
Research conducted by both cyber security firm shows that the attacks first appeared in July 2015 and since then , cybercriminals behind these attacks have targeted hundreds of organizations within the region . According to the research , hackers were using KasperAgent and Micropsia malware to target Windows operating system while SecureUpdate and Vamp malware were being used to target Android OS . The cybercriminals behind these attacks used two different techniques to achieve their goal . One technique involved using an URL shortener service Bit.ly to disguiseAttack.Phishingthe original malicious links . The motive behind these attacksAttack.Databreachwas to stealAttack.Databreachcredentials and spyAttack.Databreachon the victims . As per the research , hackers were targeting Educational institutes , Military organization and media companies from Palestine , Israel , Egypt , and the US . SecureUpdate , a malware disguised asAttack.Phishingan Android update was designed to download malicious payloads into the victim ’ s device while the Vamp was focused on stealingAttack.Databreachdata from victims ’ smartphones including call recordings , contact information , and stealingAttack.Databreachother important documents . The malware designed to target Windows operating systemsKasperAgent and Micropsia were capable of downloading other payloads , executing arbitrary commands , stealingAttack.Databreachfiles , capturingAttack.Databreacha screenshot , loggingAttack.Databreachkeystrokes and much more . Essentially the hackers were interested in stealingAttack.Databreachcredentials of the infected devices . At first , no connection was established between the attacks since all the malware were different from each other . On close inspection , however , the security firms found a link . The Same email address was used to register infectious domains which eventually revealed that the attacks were linked after all . Researchers revealed that more than 200 samples of the Windows malware and at least 17 samples of Android malware were discovered which means that potential victims of this malware could be numerous . The researchers at Palo Alto firm stated “ Through this campaign , there is little doubt that the attackers have been able to gainAttack.Databreacha great deal of information from their targets , ” The campaign also illustrates that for some targets old tricks remain sufficient to run a successful espionage campaign , including the use of URL shortening services , classic phishing techniques as well as using archive files to bypass some simple file checks . This is not the first time when a sophisticated malware attack was aimed at the Middle Eastern countries . Just last month StoneDrill malware was discovered targeting not only the Middle East but also Europe . Also , Shamoon malware from Iran is currently targeting Saudi Arabian cyber infrastructure
The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attackAttack.Phishing, in which someone pretending to beAttack.Phishinga bank sendsAttack.Phishingan email or text message , hoping to trickAttack.Phishingyou into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attackAttack.Phishing, in which scammers impersonateAttack.Phishinga client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several luresAttack.Phishing; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonatedAttack.Phishingas part of this attempt . The successful trickAttack.Phishingled to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paidAttack.Ransom$ 20,000 in what ’ s known as a ransomware attackAttack.Ransom, in which cyberattackers manage to lock or encrypt network data until the victim pays upAttack.Ransom. While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacksAttack.Phishing. With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attackAttack.Phishing, the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .
A Twitter user by the name @ EugenePupov is trying to take credit for the massive phishing attackAttack.Phishingthat hitAttack.PhishingGmail users last night , and which attempted to trickAttack.Phishingusers into granting permission for a fake Google Docs app to access their Gmail inbox details . While Google intervened and stopped the self-spreading attack about an hour after it started — which is a pretty good response time — questions still linger about who was behind it . If there 's one thing we know for sure , is that the fake Google Docs app was registered using the email eugene.pupov @ gmail.com . The owner of the aforementioned @ EugenePupov Twitter account , who took credit for the attacks , claimed in a series of tweets [ assembled below ] it was only a test . While some might think this is an open & close case , it is not quite so . For starters , the Twitter account was registered yesterday , on the same day of the attack , which is n't necessarily suspicious , but it 's odd . Second , if you would try to reset that Twitter account 's password , you 'll see that the Twitter account is n't registered with the same address used in the phishing attacksAttack.Phishing. Registering a Twitter account with the eugene.pupov @ gmail.com email would n't haven been possible either way , as this Gmail address is n't registered at all . Furthermore , a Coventry University spokesperson told Bleeping Computer today that no person with the name Eugene Pupov is currently enrolled at their institution . Later they confirmed it on Twitter . If things were n't shady enough , the Twitter account used a profile image portraying a molecular biologist named Danil Vladimirovich Pupov , from the Institute of Molecular Genetics , at the Russian Academy of Sciences . When other users called out [ 1 , 2 ] the Twitter account for using another person 's image , the man behind the @ EugenePupov account simply changed it to a blank white image . To clarify what exactly is going on with the Twitter account images , we 've reached out to the real Danil Pupov hoping for some answers , as we were n't able to find any good reasons for why a molecular biologist would fiddle around with Gmail spam campaings and fake Google Docs apps . As things are looking right now , it appears that someone is either in the mood for a prank , or the real person behind the attack is trying to plant a false flag and divert the attention of cyber-security firms investigating the incident [ 1 , 2 ] . As for Google , after a more thorough investigation , the company says that only 0.1 % of all Gmail users receivedAttack.Phishingthe phishing email that contained the link to Pupov 's fake Google Docs app that requested permission to access users ' inboxes . That 's around one million users of Gmail 's one billion plus userbase .
Malware tricksAttack.Phishingusers into opening Android Accessibility menu , enabling the attacker to mimicAttack.Phishingusers ' clicks and select anything displayed on their screen . The Android Trojan can mimic the user 's clicks and actions . A new form of Trojan malware targeting Android smartphones is dupingAttack.Phishingvictims into downloading a fake security update for Adobe Flash Player , which then makes them even more susceptible to malicious software . The malware is ultimately designed to monitor the users ' activity for the purposes of stealing dataAttack.Databreach, mimicking their actions in order to generate funds from fraudulent adware installations , and enabling the installation of various other types of malware -- including ransomware . Detected by researchers at security company ESET , the Trojan malware targets all versions of Google 's mobile operating system and aims to trickAttack.Phishingvictims into granting it special permissions which it uses to download additional malware . Users should also be wary of apps which appear to ask for many more permissions then they might need . For those who 've already fallen victim to this malware , they can attempt to remove the malware by manually uninstalling the 'Flash-Player ' app from their phone . However , more work may need to be done to completely remove malicious software from the device . `` Unfortunately , uninstalling the downloader does n't remove malicious apps the downloader might have installed . As with the downloader itself , the best way for cleaning up the device is using a mobile security solution , '' says Štefanko .
The bad guys sendAttack.Phishingalong a URL , since removed , that perfectly mirrorsAttack.Phishingthe real Australian site with the email requesting the person verify their identity , according to Malwarebytes . Once on the fake landing page the victim is asked to input their login credentials , then the crooks take the unusual , and nervy , step of asking for many different pieces of information . Malwarebytes said the fake site asks for a high-resolution image , front and back , of the person 's driver 's license , passport be uploaded . But the bad guys are not satisfied even with this gift , they then ask for the victim to link their banking account with the site and supply account numbers , mother 's maiden name , phone number and telephone passcode . An SMS text is then sent to the person 's phone to “ confirm ” that everything is legitimate