A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store. Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google. While the apps were only installed by a little over 1000 users, the malware operators could publish other similar apps at any time on the Play Store and might also be switching to more aggressive attack methods such as redirecting victims to malicious payloads, launching phishing attacks targeting bank customers, or spreading fake news. For instance, "Potential victims can think the fake notification is real and tap it only to be redirected to a phishing site, where they will be prompted to indicate their name, credentials, email addresses, bank card numbers, and other confidential information," Doctor Web explains. When the malicious fake apps are first launched, the Android.FakeApp.174 Trojan loads a site hardcoded in its settings using the Google Chrome web browser, a website which asks the targets to allow notifications under the guise of verifying that the user is not a bot. Upon agreeing to enable web push notifications for "verification purposes," the compromised device's owner is subscribed to the site's notifications and will be spammed with dozens of notifications sent by Chrome using Web Push technology. These push notifications can pose as a wide range of alerts ranging from new social media messages and news to new social media events and notifications seemingly being pushed by applications installed on the device. Follow this by visiting OUR FORUM.

Security researchers have discovered an ongoing cryptojacking campaign which infects unpatched computers of businesses from all over the world with XMRig Monero miners using Equation group's leaked exploit toolkit. The cybercriminals behind this cryptomining campaign use the NSA-developed EternalBlue and EternalChampion SMB exploits to compromise vulnerable Windows computers, exploits which were leaked by the Shadow Brokers hacker group in April 2017. While Microsoft patched the security flaws these tools abused to break into Windows machines there are still a lot of exposed computers because they haven't been updated to newer OS versions not being impacted by these very dangerous vulnerabilities. "The campaign seems to be widespread, with targets located in all regions of the world. Countries with large populations such as China and India also had the most number of organizations being targeted," said Trend Micro's researchers, the ones who unearthed this ongoing cryptojacking campaign targeting companies from all over the world. In addition, "businesses across a wide range of industries, including education, communication, and media, banking, manufacturing, and technology" are being targeted in these attacks, with the bad actors focusing on victims who use "obsolete or unpatched software." An auto-spreading EternalBlue-based backdoor and a variant of the Vools Trojan is used as the main tool to deploy roughly 80 variants of the XMRig cryptocurrency miners on infected computers, using five different mining configurations with similar usernames and identical passwords. Complete details can be found on OUR FORUM.