Zimperium zLabs has detected a dangerous malware attack that infected millions of Android devices in over 70 countries including the United States.
This malware uses social media platforms to spread, which is true for most campaigns. Hackers must first get their malicious apps past third-party vendors such as Google's Play Store.
Although this is a complicated process, the hackers behind Grifthorse are quite skilled at it. Grifthorse code can be found in many apps on the Play Store.
After the malware apps have been installed, the next step is to get users to subscribe to paid services. The malware campaign has already made millions of dollars out of their victims. Worse, many victims have unwittingly signed for recurring payments. These can quickly add up if they are not careful.
The malware strain was described by Zimperium's security researchers:
"Zimperium zLabs discovered an aggressive mobile premium service campaign that had more than 10 million victims worldwide. The total amount of money stolen could easily reach the hundreds of millions.
If they don't shut down the scam, one of their first victims has already lost more than EUR200 as of the writing of this article. According to the researcher, the cumulative losses of victims add up to a huge profit for cybercriminals."
These numbers show that over 10 million Android users were affected by this attack worldwide, resulting in financial losses and a motivational increase for the threat group.
This is a serious threat. If you suspect that your account has been compromised, don't ignore it. For more information on how to protect your company from malware threats such as Grifthorse, contact Integrated Technology Systems.
Zero Day Bug Found in MacOS
The Zero Day vulnerability has been found in macOS. This flaw affects all macOS versions, including the most recent Big Sur. Park Minchan, an independent security researcher discovered the bug. It is related to how macOS processes inteloc file. This processing method allows an attacker embed malicious commands that the system will execute, without warnings or prompts to the target machine.
Interloc stands for "internet position files" and has the extension "*.interloc".
The following was published in SSD Secure Disclosure. "A flaw in macOS Finder allows files with an inetloc extension to execute arbitrary command. These files can be embedded in emails and, if clicked on by the user, will execute the commands without prompting or warning.
Apple did not assign the CVE ID number to this particular issue and instead quietly patched it.
The fix was not complete and the bug could still be exploited in certain instances. This could result in data loss or compromised customer data.
Park Minchan created a proof-of-concept that shows how the bug can be exploited. However, no threat actors have yet been found exploiting it in the wild. However, it is only a matter of time. This flaw is a serious vulnerability in the OS's security.
Protecting your company's data requires constant monitoring and top-of-the-line defense. Integrated Technology Systems has the IT team and resources to work with you and your staff to protect against external or internal attacks. Contact us today at 212-750-5420 to see how we can protect you and your data.