Zeus Panda variant targets Brazil - wants to steal everything
Aug 5, 2016 - "A new Zeus Trojan variant dubbed Panda Banker has been specially crafted to target users of 10 major Brazilian banks, but also other locally popular services. 'Zeus Panda’s Brazilian configuration file has a notable local hue. Aside from including the URLs of major banks in the country, Panda’s operators are also interested in infecting users who access delivery services for a Brazilian supermarket chain, local law enforcement websites, local network security hardware vendors, Boleto payments and a loyalty program specific to Brazil-based commerce', IBM researchers* have found..."
Aug 4, 2016
Top Financial Malware per Attack Volume (Source: IBM Trusteer)
Fake Apple ‘Thank You For Your Order’ Phish
Aug 5, 2016 - "Email purporting to be from the Apple Store thanks you for your order of an iPhone and notes that you can click a cancel link if you did not make the order... The email is -not- from Apple and it does not reference a real Apple Store order. Instead, it is a phishing scam designed to steal your Apple ID and password, your credit card details, and other personal information:
According to this email, which purports to be from the Apple Store, your order of an Apple iPhone 5c is about to be dispatched. The email does not contain your shipping and billing address but rather those of a person you do not know. It also includes a ‘cancel order’ link’ . The email features the Apple logo and is quite professionally presented. However, the email is not from Apple. Instead, it is a phishing scam designed to steal your personal and financial information. When you receive the email, you may mistakenly believe that the person named as the recipient of the iPhone has hijacked your Apple Account and made purchases in your name. Therefore, your first reaction might be to click the ‘cancel’ link in the hope of dealing with the issue. If you do click-the-link, you will be taken to a fraudulent website designed to emulate the genuine Apple website. Once on the -fake- site, you will be asked to ‘login’ with your Apple ID and password. Next, you will be taken to a -bogus- ‘Cancel Order’ form that asks you to provide your credit card details and other personal and financial information. After submitting the requested information, you may be told that you have successfully cancelled the order. But, now, the criminals can steal the information that you supplied and use it to -hijack- your Apple account, commit credit card fraud in your name, and attempt to steal your identity..."
Walmart phish ...
Aug 5, 2016 - "Over the past couple of days*, Walmart users have been seeing unsolicited password recovery emails pop up in their inboxes. There’s clearly something 'phishy' going on, but it doesn’t seem to be a simple hack: it’s likely the precursor to an ambitious phishing attack on Walmart .com users... a Walmart spokesperson confirmed that there’s an increase in password recovery emails, but doesn’t think that any accounts have been compromised — yet. Instead, Walmart thinks that a hacker is using Walmart’s password recovery system to prepare for a -future- phishing attack. Walmart’s password recovery system is like most others: input an email address, and it sends a recovery code to that email address. But unlike some others, Walmart’s system confirms or denies whether there’s a Walmart .com account associated with that email... Seeing the groundwork for a phishing attack being laid is worrying, but the steps for customers to remain safe are simple... Walmart’s spokesperson also emphasized that it’s 'very unlikely' that any user accounts have been breached so far, and all customers need to do in the future is remain vigilant. If you’re particularly concerned, you can change the email address and password associated with your Walmart account."
Aug 4, 2016
Edited by AplusWebMaster, 05 August 2016 - 03:33 PM.