Weekly Threat Report - 29th June 2018
Report's are drawn from recent open source reporting, see the latest report here:
Fake Fortnite – don’t click the link
Malware developers are exploiting the popularity of the video game Fortnite, with fake Android versions of the game advertised in third party stores and on compromised links in YouTube game installation videos.
Whilst initially appearing to be genuine, using real images from Fortnite to mimic an installation, the game never actually installs, and the device is compromised by a variety of different malware.
Researchers have observed the malware performing actions such as credential harvesting, data deletion and permitting access to mobile device cameras and audio.
Fortnite has approximately 45 million players and users are keen to play the game on Android. It is this desire and eagerness to play which can cloud the judgement of those presented with these links.
The developers have not yet released an Android version, so any version currently being advertised is fake. Until the game developers announce the release and it is launched in official stores, do not believe the claims or follow third party links. If the offer looks too good to be true, it probably is.
Only installing apps from official stores and scrutinising links before clicking should protect you from most malicious apps. We advise not switching on the option that allows you to install apps from unknown sources if you don’t need to. For further guidance, follow the NCSC’s 10 Steps to Cyber Security.
Scam WannaCry emails
Action Fraud, the UK’s national fraud and cyber crime reporting centre, has highlighted a sharp increase in reports of scam WannaCry emails.
Users are told that their devices are infected with WannaCry ransomware and that all files will be deleted if they do not pay a fine in Bitcoin.
In doing so, the cyber criminals behind the scam are exploiting the chaos and destruction of the WannaCry attack to trick users into paying.
It is highly unlikely that any such threat exists - these are simply attempts to extort money from alarmed individuals.
Action Fraud received 300 reports of this activity in just two days. They advise deleting the email, reporting the attempt to them and not making any payment in Bitcoin. Antivirus software and operating systems should also be regularly updated. The NCSC has issued guidance on phishing.
New ‘Mylobot’ malware observed in the wild
Earlier this month, the information security company Deep Instinct reported on ‘Mylobot’, a new piece of malware that has been observed infecting an unnamed telecommunications company.
Mylobot reportedly enables attackers to gain full control of infected machines, enabling them to add payloads for other purposes such as banking Trojans, keyloggers, and Distributed Denial of Service (DDoS) use.
Mylobot is sophisticated for a piece of criminal malware, incorporating advanced evasion, infection and propagation techniques. Other types of criminal malware have used some of these techniques but this is the first time we have seen them all used together.
According to TrendMicro, antivirus software is able to signature at least some versions of Mylobot. Standard network defences and good cyber hygiene should make it more difficult for Mylobot to infect a system, and for an infection to be detected if it does get in.
By incorporating a wide range of functionality into a single tool, Mylobot represents a continuing drive by cyber criminals to evade detection and generate money in an increasingly competitive space.
For more information on how to protect yourself or your business from this type of threat, please refer to the NCSC’s malware protection guidance.