The all in one place for non-profit security aid.
Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone’s camera roll in the File Explorer Gallery.
Facebook fatal accident scam still rages on
[[{“value”:”
Recently I wrote about a malvertising campaign on Facebook that has been going on for almost a year. Apparently Facebook is struggling to stop this campaign, so now this type of campaign is showing up in other languages than English.
I have seen two different types in German.
Translation: Deadly accident on highway causes several fatalities
Notable about this one is that it was posted as a fundraiser and so does not allow comments, which blocks me from posting a warning that this is a scam.
I reached out to the person that owns the account to find out if he knew how his account got compromised. He had no idea, but told me that it seemed like a lot of people were having the same issues. Not only did he see the same type of posts, but he also got a lot of Messenger messages prompting him to click a link.
In the past we’ve seen campaigns on Messenger where clicking such a link would install a Facebook app that required posting permissions. These apps would then spread further from the compromised user account.
The host storage.googleapis.com gives the link a legitimate feel, but that feeling is not justified. Although googleapis.com is a legitimate service provided by Google, it’s being abused by all sorts of cybercriminals for phishing, tech support scams, and in this case fingerprinting. The script on that site looks at your IP address, your type of machine and whether you are using a VPN. Based on the analysis of that information you are forwarded to the type of scam that is likely to be the most profitable.
An example of a redirect URL shows some of the elements that were fingerprinted.
https://byxzz.altairaquilae[.]top/?pl=Yyo1IAH5aE2Q4g9YuOImuw&click_id=da5d3q51mm737150e7&sub_id=18222478-Edge%20(Chromium)%20for%20Windows-Windows
Malwarebytes has already blocked the windyplentiful.com domain for Malvertising.
Malwarebytes Premium blocks the domain windyplentiful.com
The second example is easier to identify as a fake. Both the ambulance and the wrecked motorcycle hail from California, so this highly unlikely to have happened on the German autobahn.
Translation: Accident causes several victims including a child
Not only is the picture clearly not German, the grammar used in the sentence is another sign as it’s a bad translation.
Unfortunately when I set my VPN to pretend I was located in Germany, the script identified it as an anonymous proxy and stopped there.
Switching back to the Netherlands I got to “enjoy” sites with explicit content, scam sites where celebrities encourage investing in cryptocurrencies, and websites offering browser push notifications.
These browser push notifications are a very annoying type of advertising, often associated with tech support scams, explicit content, gambling, and anything else that pays a handsome referral bonus.
Several attempts on both images led to different domains as well. Other blocks we encountered during our research:
Malwarebytes Premium blocks 188.114.96.0
Malwarebytes Premium blocks the subdomain oyglk.altairaquilae.top
You can recognize this type of scam because they usually tag several friends of the victim. And although the image looks like a click will start a video, it never has for me. The images were hosted at media.discordapp.net/attachments and although the pages contain a link to Vimeo, the videos there have already been removed or were never even there.
If you find your account has posted a message like this, you should assume that someone else has full control over your Facebook account. Simply changing the password is not always enough.
Check for unknown and unused Facebook apps.
Click your profile picture.
Select Settings & Privacy, then click Settings.
Click Apps and Websites.Go to the app or game you want to remove, then next to the name of the app or game, click Remove.
Click Remove again to confirm.
Enable two-factor authentication (2FA)
Go to your Security and Login Settings.
Scroll down to Use two-factor authentication and click Edit.
Choose the security method you want to add and follow the on-screen instructions.
Change your password on Facebook if you’re already logged in:
Click your profile picture.
Select Settings & Privacy, then click Settings (or Accounts Center if you’re on your phone).
Click Security and Login (or Password and Security if you’re on your phone).
Click Edit next to Change password (or just Change password if you’re on your phone).
Enter your current password and new password.
Click Save Changes.
If you’re logged in but have forgotten your password or it has been changed to something you don’t know, follow the steps above to change your password, then click Forgot your password? and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.
“}]] Read More
Malwarebytes
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT.
“The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Read More
37 Vulnerabilities Patched in Android With November 2023 Security Updates
The Android security updates released this week resolve 37 vulnerabilities, including a critical information disclosure bug.
The post 37 Vulnerabilities Patched in Android With November 2023 Security Updates appeared first on SecurityWeek.
SecurityWeek RSS Feed