Category: News

Shlayer Trojan: Mac Malware Infecting 10% of Mac Users

A lot of computer users assume that Macs rarely or don’t get infected at all with malware. But this is not the case. Just recently, antivirus provider Kaspersky has cited in their report that in 2019, the top Mac malware infecting 1 in 10 macOS users is the Shlayer trojan. According to their press release, OSX/Shlayer is the “most widespread for macOS users. A smart malware distribution system, it spreads via a partner network, entertainment websites and even Wikipedia, demonstrating that even users that only visit legal sites still need additional protection online.

What happens is that Apple users are being directed to fake pages from their search results. From there, they could not proceed in accessing the site because their Adobe Flash Player must supposedly be updated first. Clicking the “Download Flash” button to update will actually download the Shlayer Trojan itself. When this trojan is executed, it will install a malware cocktail onto the computer.

To protect one’s self from getting infected with Trojans such as Shlayer, whether you’re a Mac or Windows users, make sure to install a reliable antivirus (AV) program on your PC and keep it updated. Perform necessary updates to your AV software if necessary. It is also a good practice to always check websites you visit that they are safe and only install browser extensions, programs, games, apps, and updates from a trusted source.

Special Olympics NY Server Compromised, Sends Phishing Emails

Special Olympics New York, a non-profit organization that helps provide opportunities for people with intellectual disabilities and their communities to compete in Olympic-style, coached sports had its email server hacked during the holidays. The hackers were able to compromise and launch a phishing campaign targeting its donors. It tells the recipients that an automatic donation of $1,942.90 would register on their accounts in the next two hours. The phishing email tricks the victims into clicking the hyperlink which is supposedly the PDF statement verifying the transaction details.

In a post via their Instagram account, Stacey Hengsterman, President & CEO of Special Olympics NY, published this: “Boo! As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies. While donating to Special Olympics NY is always a good idea, we would never ask in such a grinchy way.

They urged the donors to disregard the emails they received and assured them that the issue has already been fixed. They can now continue donating again securely without any complications. Furthermore, Special Olympics NY explained that the incident has only impacted their communication system and hasn’t affected any financial data. Contact information remained protected and kept confidential.

First Aid Beauty, P&G’s online beauty store, Hacked

It seemed that hackers were successful in stealing customer payment information by planting an e-skimmer on prestige skin-care brand First Aid Beauty’s website. This popular beauty line was recently acquired by Procter & Gamble (P&G) reportedly at $250 million.

It is again the notorious Magecart software skimmer who is responsible for this attack on P&G’s e-commerce site. It specifically targets victims from the United States using the Windows OS. The malicious code went undetected for several months.

Procter & Gamble has already issued their statement via BleepingComputer which says: “Consumer trust is fundamental to us, and we take data privacy very seriously. As soon as we learned about the compromise of the First Aid Beauty site, we moved quickly to take the site down and minimize the impact to our consumers. We are currently investigating the source of the malware and working to identify and notify those consumers who might have been impacted to ensure we provide them the necessary support.

TransUnion Credential Stuffing Attack: Credit Information Exposed

Credential Stuffing, a cyberattack where login details are stolen through a data breach, was on topic in the news recently. An unauthorized person used this attack to successfully gain access to a TransUnion Canada web portal where it was able to pull consumer credit files when doing a credit search. This includes a consumer’s Social Insurance Number (SIN), birthdate, current and past addresses.

The credit bureau has already reached out to their affected consumers whose information was exposed in this credential stuffing attack through postal mail.

“Simjacker” Could Silently Affect 1 Billion Mobile Devices Worldwide

Cybersecurity researchers from Dublin-based firm AdaptiveMobile Security have recently uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker. What Simjacker does is track phones by simply sending an SMS. Based on the report, these specially crafted texts “instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands”. Once compromised, important information like geographical locations can be obtained and it may also force the phone to make calls or send text messages. 

How Simjacker works from

Simjacker is reportedly being exploited by groups as surveillance to spy and track targeted individuals. It is estimated that about a billion mobile devices worldwide will be vulnerable to this attack.

Actress Bella Thorne Defies Hacker, Tweets Her Personal Photos

The 21-year-old actress and singer is not giving in to a hacker’s threat that it will release her nude photos. Bella Thorne posted them herself, via her official Twitter account, together with the screenshots of text messages the hacker sent to her. In the said post, Thorne tweeted, “For the last 24 hours, I have been threatened with my own nudes I feel gross, I feel watched, I feel someone has taken something from me that I only wanted one special person to see”. The hacker was apparently demanding money in exchange not to post Thorne’s personal photos.

“I’m putting this out because it’s MY DECISION NOW YOU DON’T GET TO TAKE YET ANOTHER THING AWAY FROM ME. I can sleep better knowing I took my power back. U can’t control my life u never will.”

“Here’s the photos he’s been threatening me with”, the tweet continued.

Thorne’s fans fully expressed their support against this extortion. The former Disney star was in New York over the weekend promoting her book The Life Of A Wannabe Mogul: Mental Disarray when the harassment happened.

No Pre-Installed Facebook App on New Huawei Phones

New Huawei phones will no longer be pre-installed with the Facebook app along with its subsidiaries Instagram and WhatsApp. This applies to devices that hasn’t left the factory yet. Facebook’s decision is the latest blow to the Chinese telecom giant after facing a ban in the United States, due to national security concerns, for its purchase of American parts such as microchips and software. For software, Google has revoked licenses for Huawei to install its software. This includes Gmail and Google’s application marketplace, the Google Play app store. It will only run until August.

The Facebook, WhatsApp and Instagram restriction is only for pre-installs. Huawei users can still download the social media apps, and will continue to receive updates, from the Play store and use them normally while it’s still available for download. With the current ban, future models can no longer access the Google Playstore.

Title-Insurance Company May Have Exposed Hundreds of Millions Financial Records

Fortune 500 real estate title-insurance giant and Santa Ana, California-based First American Financial Corporation’s website may have leaked 885 million records online. These digitized records are documents related to mortgage deals of home/property buyers and sellers dating way back from 2013. They can be accessed on the web by anyone without any authentication in place. Such personal personal information include emails and home addresses, bank account details, mortgage and tax records, Social Security numbers, and drivers license image.

When they learned of the flaw that exposed hundreds of millions of financial records, the company shut down external access to the application and has already fixed the said vulnerability in its website as of Friday afternoon.

“We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed”, First American said through an emailed statement.

Ransomware Hits Local Authorities in Texas & Maryland

Two local US government servers were recently hit by ransomware attacks. They were from Potter County, Texas and Baltimore City Hall, Maryland. Baltimore City Hall shut down most of its servers out of precaution while in Potter County, the entire network was shut down which forced its employees to perform their tasks manually.

Baltimore City Hall initial statement says “critical services, such as police, firefighters, etc., operate normally; however, the computer network of the city is infected by a variant of ransomware. We do not have evidence that a data breach has been presented, but we will continue to take precautions; more information will be revealed shortly”.

It was later disclosed that Baltimore City’s computers were encrypted by the RobbinHood ransomware.

In Potter County, their computers are already about to complete its recovery process. However, following the attack, with the entire network on off limits, all 550 employees were forced to use paper and pencils temporarily.

“This is what we’re using now. Paper and pencil, we’re going old fashion around here. Seriously, that’s what we’re having to do,” said Potter County Sheriff Brian Thomas at the time.

It is unknown whether both of these attacks are linked to recent attacks on the computer infrastructure of some local governments in the U.S.

Facebook: Clickjacking Bug Not Considered a Security Issue

A Polish security researcher, who goes by the Twitter name ‘Lasq’, has recently discovered an exploitable bug in Facebook’s mobile app and submitted through Facebook’s Bug Bounty platform the details of a spam campaign on the social media site. 

Lasq noticed the bug when some of his Facebook friends began publishing a malicious link to a website with funny pictures. But before seeing the site’s content, users had to declare first that they are at least 16 years old. After confirming their age, these users were redirected to a website with funny photos, a French-comic themed spam campaign, plus loads of ads.

By allowing consent, mislead users are also letting the link to be posted on their respective walls which then obviously exposes the link to more users, who will likely repeat the same process.

This is known as a clickjacking scam. It attempts to trick users into clicking on malicious links (something different from what the user perceives) hidden within legitimate-looking videos, images, and articles. This particular one works by loading a webpage into an invisible iFrame on a decoy site, and only works on mobile.

The method used by the spammer targets Facebook users in France using Android mobile. It doesn’t appear to work on the web version. The bug gives access to the Share button allowing the perpetrator to publish a link in the victim’s Timeline section without consent.

The issue still exists until today. Facebook, however, dismissed the report and didn’t address the problem since it doesn’t have any “serious security consequences” and that it does not change the state of the account of the affected user. It rejected Lasq’s report 12 hours after its submission.