Halloween time is among us and ghosts and goblins aren’t the only things lurking in the shadows. This past month has brought a variety of spooky cyberthreats that haunt our networks and devices. From malicious malware to restricting ransomware, October has had its fair share of cyber-scares. Let’s take a look at what ghoulish threats have been leading to some tricks (and no treats) around the cybersphere this month.
Ghostcat Malware
One ghost that recently caused some hocus pocus across the Web is Ghostcat-3PC. According to SC Magazine, the malware’s goal is to hijack users’ mobile browsing sessions.
The infection begins when a user visits a particular website and is served a malicious advertisement. Ghostcat fingerprints the browser to collect device information and determines if the ad is running on a genuine webpage. Ghostcat also checks if the ad is running on an online publishers’ page that has been specifically targeted by this campaign. If these conditions are met, then the malware serves a malicious URL linked to the ad.
From there, this URL delivers obfuscated JavaScript, which creates an obscure source or machine code. The attackers behind Ghostcat use this to trick the publishers’ ad blockers, preventing them from detecting malicious content. The code also checks for additional conditions necessary for the attack, like ensuring that the malware is being run on a mobile device and a mobile-specific browser, for example. If the malware concludes that the browsing environment fits the descriptions of their target, it will serve a fraudulent pop-up, leading the user to malicious content.
Bewitched WAV Files
Ghostcat isn’t the only way malware is being spread lately, as, according to ZDNet, attackers have manipulated WAV audio files to spread malware and cryptominers. By using a technique called stenography, malware authors can hide malicious code inside of a file that appears normal, which allows hackers to bypass security software and firewalls.
Previously, cybercriminals have used stenography revolving around image file formats like PNG or JPEG. However, these crooks have now upped the ante by using WAV audio files to hide different types of malware. Most recently, researchers found that this technique is used to hide DLLs, or dynamic link libraries that contain code and data that can be used by more than one program at the same time. If malware was already present on an infected host device, it would download and read the WAV file, extract the DLL, and install a cryptocurrency miner called XMRrig. Cryptocurrency miners compile all transactions into blocks to solve complicated mathematical problems and compete with other miners for bitcoins. To do this, miners need a ton of computer resources. As a result, miners tend to drain the victim’s device of its computer processor’s resources, creating a real cybersecurity headache.
MedusaLocker Ransomware
Finally, we have the mysterious MedusaLocker ransomware. According to BleepingComputer, this threat is slithering its way onto users’ devices, encrypting files until the victim purchases a decryptor.
This strain will perform various startup routines to prep the victim’s device for encryption. Additionally, it will ensure that Windows networking is running and mapped network drives (shortcuts to a shared folder on a remote computer or server) are accessible. Then, it will shut down security programs, clear data duplicates so they can’t be used to restore files, remove backups made with Windows backup, and disable the Windows automatic startup repair.
For each folder that contains an encrypted file, MedusaLocker creates a ransom note with two email addresses to contact for payment. However, it is currently unknown how much the attackers are demanding for the victim to have their files released or if they actually provide a decryptor once they receive a payment.
With all of these threats attempting to haunt networks and devices, what can users do to help themselves have a safe and secure spooky season? Follow these tips to keep cybersecurity tricks at bay:
- Watch what you click. Avoid clicking on unknown links or suspicious pop-ups, especially those coming from someone you don’t know.
- Be selective about which sites you visit. Only use well-known and trusted sites. One way to determine if a site is potentially malicious is by checking its URL. If the URL address contains multiple grammar or spelling errors and suspicious characters, avoid interacting with the site.
- If your computer slows down, be cautious. One way you can identify a cryptojacking attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
- Surf the web safely. You can use a tool like McAfee WebAdvisor, which will flag any sites that may be malicious without your knowing.
- Use a comprehensive security solution. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection.
And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.