Crime marches on, and more Mac intrusions are reported along with the usual slew of Android hacks
* Facebook scammers host Trojan horse extensions on the Chrome Web Store
* Chinese Company and Employee Deny Any Involvement in Hacking Attacks
* Mac backdoor Trojan embedded inside boobytrapped Word documents
* Malware Alert: DKFBootkit embedded into pirated AndroidOS apps
* New Trojan malware disguises itself as an Android game app
* Surveillance spyware migrates from Windows to Mac OS X
* Mac malware exploits Microsoft Office vulnerability
* Report cites U.S., Canada as malware attack focus
* AlienVault Warns of New Mac Malware Campaign
* Links between China and hacker group CSO
. . . and more!
AlienVault Warns of New Mac Malware Campaign
Researchers at AlienVault recently discovered a new Mac Trojan being distributed inside a boobytrapped Microsoft Word document. “This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X,” AlienVault’s Jamie Blasco writes.
“The targeted attack relies upon a critical security vulnerability discovered in Microsoft Word back in 2009, which allowed remote code execution (MS09-027),” writes Sophos’ Graham Cluley.
Full story : eSecurity Planet
Mac backdoor Trojan embedded inside boobytrapped Word documents
If you’ve read InfoManager for very long, you’ll know we recommend absolutely never send, nor receive a dot-doc file. Of course, nobody ever heeds our warnings and billions are sent daily . . . but here, we’re proven right once again!
The folks at AlienVault discovered an interesting new Mac malware attack this week. A backdoor Trojan horse, which would allow a remote hacker to access your Mac computer without your knowledge and potentially snoop on your files and activity, has been discovered hidden inside a boobytrapped Word document.
Full story : Graham Cluley on Naked Security
Mac malware exploits Microsoft Office vulnerability
Rogue emails distribute booby-trapped Microsoft Word file that installs Mac OS Trojan, researchers said
Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS systems.
Full story : InfoWorld
Report cites U.S., Canada as malware attack focus
In its annual review of global security threats, Websense says a major trend it observed last year is that more malware connections, hosting and phishing appear to be occurring in the United States and Canada.
“50% of malware connections lead to the U.S.,” says Charles Renert, vice president of Websense Security Labs. According to the 2012 Websense Threat Report, Canada’s malware ranking has also zoomed upward in the past year, so the country now clocks in at No. 2 at 13.2%. The countries in the top five ranking include Germany at 5.4%, the Netherlands at 4.9% and China at 4.1%.
Full story : Network World
Facebook scammers host Trojan horse extensions on the Chrome Web Store
Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.
The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.
Full story : www.securelist.com
Surveillance spyware migrates from Windows to Mac OS X
Researchers have uncovered a malware-based espionage campaign that subjects Mac users to the same techniques that have been used for years to surreptitiously siphon confidential data out of Windows machines.
The recently discovered campaign targets Mac-using employees of several pro-Tibetan non-governmental organizations, and employs attacks exploiting already patched vulnerabilities in Microsoft Office and Oracle’s Java framework, Jaime Blasco, a security researcher with AlienVault, told Ars. Over the past two weeks, he has identified two separate backdoor trojans that get installed when users open booby-trapped Word documents or website links included in e-mails sent to them. Once installed, the trojans send the computer, user, and domain name associated with the Mac to a server under the control of the attackers and then await further instructions.
Full story : Ars Technica
New Trojan malware disguises itself as an Android game app
A new Trojan masquerading as a game app is targeting phones running Google’s Android OS, subscribing to premium SMS services and sending information about the phone to its controller.
“Once installed the malicious application gathers sensitive information (IMEI, IMSI, phone model, screen size, platform, phone number, and OS version) and sends it off to the malware’s authors. Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well,” Sophos said in a blog post.
Full story : Full story : androidos.in
Links between China and hacker group CSO
Security vendor Trend Micro has been tracking a hacking campaign called Luckycat that has been linked to 90 attacks, including some aimed at Tibetan activists, and has tied it to a group based in China, the company said in a report published on Thursday.
The Luckycat campaign, which has been active since at least June 2011, has been connected with attacks against targets in Japan and India as well, according to Trend Micro. Industries targeted include military research, aerospace and energy, it said.
Full story : CSO
Chinese Company and Employee Deny Any Involvement in Hacking Attacks
Tencent, a Chinese Internet company, denied on Friday that one of its employees had been involved in a recent breach of computers belonging to Japanese and Indian companies, as well as Tibetan activists.
The company released a statement soon after Trend Micro, a computer security company with headquarters in Tokyo, released a report on Friday describing the breach. It was the result of a nearly yearlong effort to hack into computers and steal information from hundreds of companies and individuals in several countries, the report said.
Full story : New York Times
If you think you’re a victim, file a complaint with the
FBI Internet Crime Complaint Center : IC3.