Category: Hacking

Five thousand websites in the US, UK and Australia have been hacked to serve cryptomining malware. Cryptomining malware is when cybercriminals infect your computer to do the calculations needed to generate a cryptocurrency like Bitcoin, Monero or Euthereum. The crooks use your electricity and processing power but keeps any cryptocoins proceed for themselves. The infection  is coming from browseraloud.com , a site that serves Javascript to your website to convert the page into voice reading to assist blind people. Of course, governments sites are meant to help out visitors even those who are not good at reading English. The browseraloud.com server was hacked , obfuscated javascript was added to download the code from coinhive.com and start mining cryptocurrency.

The only way to bypass this is to shut down your browser.

References

Sophos

Skynews

Ordinypt is a new ransomware in Germany . It appears as a ransomware but destroys data. It seems to be targetting only people in Germany because of  its email delevering language only in German. The email arrives as a ”job advertisement submission” resume with 2 files attachments : – A JPG image of a woman submitting a resume

-a ZIP file supposedly containing a resume and Curriculum Vitae.

The ZIP archive  contains two EXE files, but appears to be PDFs files to fool the user that those are not executable. Clicking on the EXE files will launch the Ordinypt wiper. This malware does not encrypt files but overwrites these latter with random data.

It displays a ransom note in every folder where it destroys files named  Wo_sind_meine_Dateien.html, translates as where_are_my_files.

The only ways to bypass are:

• Ensure anti-virus software and associated libraries are up to date
• Ensure attachments do not have hidden / double extensions prior to clicking to open

LaCie is a french manufacturer of  hard drive. It was a victim of a security breach and obviously sent notifications to customers about the incident . The breach was detected by the FBI on March 19,2014 which forwarded the alarm. A malware was used to gain access to customer’s transactions made between March 27,2013 and March 10,2014. Names, addresses,email addresses,payment card numbers and cards expiration dates belonging to customers  have been accessed by the unauthorized party. LaCie urged everyone to change their password believing that customers’ usernames and passwords  on LaCie’s website could have also been accessed.

A dangerous cyber weapon has infected many computers in Ukraine in 2014. It is a spyware designed to steal sensitive secret information from high potential networks . Experts believe that this rootkit has been undetected for more than three years. Due to the complexity and the estimated high cost of this malware, G Data the German security company believes a sponsored state is behind this attack, possibly linked to Russia, since the developers of this malicious program speak Russia language.

Uroburo works autonomously and works on peer-to-peer mode .The infected computers spy on documents and send those to a PC connected to the internet. It supports 32 and 64 bit Windows Operating System.