LokiBot Impersonates Popular Game Launcher
A variant of LokiBot has been discovered impersonating a popular game launcher, known for Fortnite, to trick users into executing it on their machines. Also, an advanced threat actor has been targeting gambling and betting companies with malware.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a variant of LokiBot that has been discovered impersonating a popular game launcher, known for Fortnite, to trick users into executing it on their machines. Also, read about how an advanced threat actor has been targeting gambling and betting companies with malware linked to two Chinese hacker groups.
LokiBot, which can harvest sensitive data such as passwords and cryptocurrency information, has been discovered impersonating game launcher Epic Games—the company behind games such as Fortnite--to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file.
An advanced threat actor has been targeting gambling and betting companies with malware that links to two Chinese hacker groups. The mission -- named ""DRBControl"" by security researchers -- appears to be cyberespionage and includes stealing databases and source code from the targets. Researchers at Trend Micro painted a larger picture of DRBControl's activities after analyzing a backdoor used by the group against a company in the Philippines.
As the IoT continues to become more integrated into enterprises and homes, the threat landscape also expands. In this blog, Trend Micro looks at the most significant threats and vulnerabilities in IoT devices on the edge of the network, within the network itself, and on the cloud; as well as gains insights from the cybercriminal underground.
German researchers have found a new vulnerability on 4G/LTE mobile devices that could allow hackers to impersonate the phone’s owner. In this article, Mark Nunnikhoven, vice president of cloud research for cybersecurity firm Trend Micro, discusses the threat level of this vulnerability and its risks, which include running up a person’s bill by making international calls or using premium services offered by the victim’s provider, like a TV streaming service.
According to research from Kaspersky, 7,734 attacks from 1,486 threats were detected, affecting 2,548 mobile users from the continent. The countries with the most recorded attacks were South Africa with 58%, as Kenya (10%) and Nigeria (4%) trail behind.
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to all industries operating critical infrastructures about a new ransomware in response to a cyberattack targeting an unnamed natural gas compression company’s internal network, encrypting critical data and knocking servers out of operation for almost two days.
According to a report by WebARX, a vulnerability in a plugin for WordPress themes allows remote attack execution, gives full administrator rights, and can possibly even wipe out the entire website database. The vulnerability was discovered in ThemeGrill Demo Importer, a plugin that offers demo options for themes, widgets, and other content that can help customize websites.
A hacking forum this week published personal details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. Those guests included celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.
Stolen credit card data has been disguised through counterfeit club membership cards, as revealed by the U.S. Secret Service and reported by Brian Krebs. The cards, purportedly for exclusive use at name-brand retailers, had barcodes that contained the credit card information as well expiration dates and card verification values (CVVs).
Adobe has released an out-of-schedule fix to resolve two vulnerabilities that may expose user systems to code execution attacks. Users of Adobe Media Encoder and After Effects should update their software builds immediately. The tech giant thanked researcher Francis Provencher, alongside Matt Powell from Trend Micro’s Zero Day Initiative for reporting the vulnerabilities.
Surprised by the scale of the giant MGM Grand breach? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.