Hacker Tracker | January

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates.

Now this password-stealing Android malware wants to grab your bank details too | 1.5.23

• A prolific and powerful form of Android malware has switched its attention to online banking applications, using abilities including keylogging to steal usernames and passwords for bank accounts, social media profiles and more. 
• The Android malware provides cyber attackers with the ability to secretly spy on and modify user’s activity on Android smartphones. 
• SpyNote campaigns use malware posing as legitimate banking applications including HSBC, Deutsche Bank, Kotak Bank, BurlaNubank, as well as popular Android applications like WhatsApp, Facebook, and Google Play. 
• View the Source

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner | 1.17.23

• Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.
• At least one prominent user on the cryptocurrency scene has fallen victim to the campaign, claiming it allowed hackers to steal all their digital crypto assets along with control over their professional and personal accounts.
• View the Source

75k WordPress sites impacted by critical online course plugin flaws | 1.24.23

• The WordPress online course plugin ‘LearnPress’ was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion.
• The vulnerabilities in the plugin, used in over 100,000 active sites, were discovered by PatchStack between November 30 and December 2, 2022
• This means that roughly 75,000 websites could be using a vulnerable version of LearnPress, exposing themselves to severe security flaws, the exploitation of which can have serious repercussions.
• View the Source

Lessons Learned: 

#1- Bank scams have always been a ‘thing,’ but now, unsurprisingly, cybercriminals are getting more innovative. How can you avoid this? Whenever you receive anything claiming to be your bank, always call and speak to someone to confirm the message before clicking or performing any online transactions. Much of the banking process is generally done in person or on protected portals. Always be suspicious if you receive a text message or email bank request. When it comes to your banking details and your money, you are always better safe than sorry.

#2- One of the critical items this malware could steal was browser-saved passwords. If you are ever a victim of malware, never save passwords or credit card details in your browser. In this case, the browser’s saved information was stolen and sent to a remote hacker. The hacker would have met a mostly dead end if the data had not been saved in the browser. While you cannot control a giant platform like Google getting compromised, you can control what personal information you put out into the web.

#3- Unfortunately, even legitimate and best-in-class online solutions are subject to malware and ransomware. WordPress, long regarded as one of the best website hosting platforms, is proof of this. If you think your WordPress site may be compromised by LearnPress, feel free to reach out to PK Tech for help. You likely need to change your account logins, among other security keys, if your site has been compromised.