Lawrence Abrams for Bleeping Computer: Tech Support Scammers Invade Spotify Forums to Rank in Search Engines
Extract: “Over the past few months, Tech Support scammers have been using the Spotify forums to inject their phone numbers into the first page of the Google & Bing search results. They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google.”
Amit Malik for Netskope: Spider: A New Thread in the Ransomware Web
Extract: “Netskope Threat Research labs has detected new ransomware named Spider propagating in a mid-scale campaign. This ongoing campaign, identified on the 10th December, uses decoy Office documents which usually arrive as email attachments. These attachments are auto-synced to the enterprise cloud storage and collaborations apps.”
The decoy Word document is written in Bosnian.
Tara Seals for Infosecurity Magazine: Tech Support Scam Malware Fakes the Blue Screen of Death
“The infamous Blue Screen of Death (BSOD) is one of the most-dreaded sights for Windows users. Adding insult to injury, a new malware is making the rounds that fakes a BSOD, and then tries to swindle victims into paying for tech support tools.”
Malwarebytes describes ‘Troubleshooter’ as a hijacker, but it’s one of those instances where a tech support scam edges close to ransomware.
Microsoft’s Windows Security Blog on Technet: New tech support scam launches communication or phone call app
“A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to call a fake tech support scam hotline.”
The scam is supplemented by an audio message from ‘Apple Support’ (yeah, right…) that threatens to ‘disable and suspend your Mac device’ if the prospective victim closes the ‘alert’ window. However, the scam is ‘optimized for mobile phones’.
Commentary from Zeljka Zorz for HelpNet: New scam launches users’ default phone app, points it to fake tech support hotline
For Sophos, Mark Stockley describes how scammers are using RDP, a tool intended to cut down network and system administration costs for companies by allowing sysadmins and help-desk operators to access their customers’ systems remotely, to give them almost unlimited potential to reconfigure apps and services, making installing and executing ransomware a breeze.
Ransomware-spreading hackers sneak in through RDP
The second part of a two-part report by Intermedia deals specifically with ransomware and includes a link to a video which I’m afraid I haven’t watched. There are also some interesting statistics. When a ransom gets paid, who pays it? According to Intermedia, 59% of employees have paid personally, and only 37% of those surveyed said that their employer had paid. (Which may say something sad about employee attitudes and unpleasant about employer attitudes.) Yet the company has previously reported that 19% of companies didn’t get their data back. (In sharp contrast to claims that ransomware gangs usually recover data because that’s their business model.) I’d guess that with the increase in wiper activity in recent months, the 2017 figures for unrecovered data could be appreciably here. (Are wipers ransomware? Well, that depends on individual cases, but they do often present themselves as if they are.)
ESET reports that “ESET researchers have spotted the first-ever ransomware misusing Android accessibility services. On top of encrypting data, it also locks the device.”
DoubleLocker: Innovative Android Ransomware
The estimable Paul Ducklin (sorry not to have seen you at VB this year, Duck!) advises us to Watch out for these high-pressure Apple malware scams.
To be precise, a couple of tech support scams and a fake Flash Player update. Ho hum… Still, the first one is particularly interesting, if you’re a connoisseur of these things.
…from my old (in the nicest way possible) mate Roger Thompson. I haven’t been following the blog closely so far, but Roger has lots of hands-on experience in the industry (far more than I do): I don’t doubt that he knows what he’s about…
Thompson Cyber Security Labs