If you like cyber security news and a DD/MM/YY calendar format with too many 2s and 0s, you’ll love Threat Thursday this 20/02/2020!
This week: Emotet won’t go away, your Adsense account might not be coming back, and malicious Chrome extensions were with us all along.
If You AdSense, You’d Keep an Eye Out for this Google Banner Ad Scam
Relying on Google AdSense to keep your site profitable? Scammers will want a less-than-friendly word with you.
A recent online extortion scheme sees AdSense users being forced to cough up BitCoin ransoms, lest they want their accounts compromised by the kind of activity that’ll see them banned from Google’s online advertising service. The sender threatens to use colossal volumes of bot-generated web traffic to create invalid traffic reports on the user’s site. “Also”, the attackers add, “we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site”.
This scheme was first reported by Brian Krebs on KrebsOnSecurity, following information from one of the scheme’s victims; they’d already noticed, since the threat, that their AdSense traffic stats were already showing more invalid traffic reports than usual.
Worryingly, a threat such as this isn’t beyond the scope of any online extortionist. Google claims to be on the case though; they're not only aware of the scheme, but also recently rolled out systems which intelligently identify invalid traffic. Who knows – this might be the true test of those new traffic systems the tech giant is boasting? Until then, keep an eye on your AdSense traffic and get in touch with Google if things start to look a little grim.
Text Menacing: Emotet Targets Users Via SMS in Latest Scheme
Like any recurring villain, Emotet has returned only one week later with a whole new nefarious scheme under its belt, this time spreading itself via SMS and masquerading as reputable banking corporations (assuming those ever existed in the first place).
The scheme is crude, as we’ve come to expect; send an SMS to victims claiming that their bank account is about to be frozen or compromised, provide a link to a convincing phishing site, and then cackle in glee as the hapless target shares their every sensitive banking detail. The classics never die, folks.
It’s as if Emotet can’t go a day without cooking up some tacky new scam to con victims, like a really rubbish version of Only Fools and Horses. Yet while the stream of Emotet updates can get tiresome every week – we should know, we write about them – it perfectly demonstrates how coordinated malware campaigns rarely rely on the same methods for long.
Wherever I Lay My Tracks, That’s My Chrome
Ahh, Google. When they’re not giving dozens of infected Google Play apps their marching orders, they’re sticking the $300 billion boot to data-harvesting Chrome extensions.
In a joint effort by Cisco Duo, Independent Security Researcher Jamila Kaya and Google themselves, 500 Chrome extensions were removed after each was discovered to “connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms”. Not ideal, by anybody’s standards.
The campaign started with Duo Security’s security assessment tool CRXcavator, which was developed specifically to assess the security of Chrome extensions. Identifying 70 extensions sharing suspicious activity across 1.7 million users, Google were then able to match a further 500 extensions exhibiting similar shenanigans.
The open nature of Google’s Chrome extensions and Play Store apps is as much a blessing as a curse. On one hand the smaller, independent developers have an opportunity to exhibit their software coding chops; on the other, opening the floodgates leaves nefarious sorts all the opportunity they need to infect downloaders with their desktop deviance.
Now more than ever, users and consumers need to make seriously educated decisions on what they download, and while Google is fast to react to these malwares, we still lack a reliable method to sort the good apps from the bad apples.
It’s a quiet week and a short stop at Threat Thursday this week – perhaps a relief after the raft of issues uncovered in the past fortnight. But we’ve no doubt the threats will keep rolling in, and we’ll be sure to be there next Thursday with all the news you need to know.