Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

High Profile Instagram Accounts Being Held For Ransom By Hackers

Hackers have recently hit upon a new money-making scheme.  Some groups have started breaking into Instagram accounts belonging to people with high numbers of followers.

They are then holding those accounts hostage until the owner agrees to pay the ransom.  In some cases, the hackers are charging as much as $40,000 USD to return an account back to its user.

They’re gaining control of the accounts initially via some clever social engineering. The attack begins when the hackers contact the Instagram user claiming copyright infringement.

The email they send contains a link that takes the victim to a website the hackers control.  The user is prompted to enter their Instagram account information (username and password) which of course is harvested by the hackers.

Once they have that they log in and immediately change the victim’s password.

They then modify the account profile so that it includes the phrase:

”this Instagram account is held to be sold back to its owner,” followed by a contact link.

Clicking the contact link opens a WhatsApp chat session where the hackers make the ransom demands and wait.  If the victim doesn’t initiate contact via the profile link, the hackers will start sending text messages to the phone number associated with the account.  Either way, the negotiation process begins

Security researchers who have begun investigating the scam have concluded that at least one of the threat actors involved is based in Turkey.

At this point, there is no reliable information about how many Instagram attacks have been compromised in this manner. There also isn’t any information about how much money the hackers have made in total via this approach. If you are an Instagram user and you have an impressive number of followers it pays to at least be aware of the possibility.

0
Posted on Author Atlantic Computer Services Categories Blog

Dark Herring Subscription Scam Affected Millions Of Android Users

Google partner Zimperium zLabs has recently discovered a sophisticated scam targeting more than 100 million Android users. The scam has been in operation right under Google’s nose for nearly two years.

The scam has now been shut down by Google but while it was in operation, it spanned some 470 Android apps on the Play Store. It was quietly subscribing users who installed the infected apps to a premium service that charged $15 USD per month through Direct Carrier Billing (DCB).

The decision to leverage DCB is both brilliant and terrifying.  It’s a legitimate mobile payment option that allows people to pay for digital content from the Play Store either via their pre-paid balance or post-paid with a bill.

Oftentimes, a user would be subscribed to a premium service for months before they noticed.  While that was happening, the scammers behind the attack (dubbed Dark Herring by the group that discovered it) were raking in profits from some 106 million Android users spread over more than 70 different countries.

Each of the hundreds of different apps that were infected with the malware had a different identifier. That means the scammers were able to track (with some granularity) which apps were bringing them in the most illicit profits.

One thing that this attack really underscored is how hard it is to stop something like this that has a global footprint.  Consumer protection laws vary wildly from one country to the next. So while users in some countries may have legal recourse, users in most other countries have no protection at all.  They’re simply out the money.

In any case kudos to the folks at Zimperium for their sharp eyes and to Google for taking swift action to dismantle the campaign.  Unfortunately, the fact that it’s now defunct is small consolation to the millions who lost money while it existed.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Released A Fix For Multiple Zero Day Exploits

There’s good news for Apple users.

The company has been busy and has recently released security updates that address two Zero-Day vulnerabilities. These are security flaws that could be exploited by hackers to cause no end of trouble to anybody running macOS or iOS.

The first Zero-Day addressed is being tracked as CVE-2022-22587 and is a nasty memory corruption bug that impacts macOS Monterey, iPadOS and iOS.

The second issue the company focused on was a Zero-Day bug in Safari’s WebKit and it impacted users running iPadOS and iOS.  Tracked as CVE-2022-22594 this allowed websites to track your browsing activity and user identities in real time.

If you’re running an OS version earlier than 15.3 you are vulnerable to both exploits. Note that Apple has found evidence that they are actively being exploited in the wild.  To protect yourself you’ll want to update to 15.3 as soon as possible.

These two represent the first Zero-Day bugs that Apple has tackled in 2022 which makes them significant.  It’s also proof positive that the company isn’t sitting back and resting on its laurels.  They’re actively taking the fight to the hackers and addressing security flaws head on and at a rapid clip.

It’s very good to see but last year Apple seemed to be chasing an unending stream of Zero-Day flaws.  Here’s hoping that this year will see relatively fewer of them. Even if that proves not to be the case, Apple has and continues to demonstrate how seriously they take the security of their user base.

Whatever happens one thing we can say with certainty is that 2022 is bound to be an interesting year.

Again Kudos to Apple for their rapid response and if you’re an Apple user check your OS version to make sure you’re protected.

0
Posted on Author Atlantic Computer Services Categories Blog

Android Apps Are Coming To Windows 11

One of the most persistently frustrating aspects of our highly interconnected world is that we seem to exist in at least three different distinct ecosystems.

Apple users live in the Apple ecosystem which encompasses both its mobile products and its PCs. Windows users live in the Windows ecosystem which encompasses both laptops and desktops but leaves mobile devices out in the cold. Of course, Android users live in their own ecosystem which is mobile-centric. By design there’s almost no overlap between these spheres and that’s a pity.

Microsoft thinks so, too. As part of their ongoing Windows 11 development they’re rolling out a feature that will allow users to run Android apps in a virtualized environment on their PCs.

This is huge news and a first tentative step that begins to bridge the divide between the various ecosystems.  Imaging installing a fun game on your Android based phone and then being able to pick up where you left off when you’re sitting at your Windows PC.

Or imagine downloading some type of productivity app on your Android phone and leveraging your PC to get even more out of it. Both of those are now possible with the latest release of Windows 11.

If you’re an early adopter of Windows 11 you probably already know what the most recent build contains. If you aren’t aware, in addition to the Android app functionality the latest build also sports a new look for Notepad, Media Player, and a raft of taskbar and other improvements.

Even better is that the company is reporting that Windows 11 adoption rates are even higher than the impressive Windows 10 adoption rates were. That bodes well for the company and signifies a broad-based acceptance of the company’s latest OS. Exciting times indeed and kudos to Microsoft for beginning to bridge the divide.

0
Posted on Author Atlantic Computer Services Categories Blog

E-Mail From Department Of Labor Could Be Phishing Attack

There is a new phishing campaign to keep a watchful eye on according to email security firm INKY. It’s a particularly fiendish one.

The attackers have designed an email template that does an admirable job of imitating the look and feel of emails sent from the US Department of Labor.

These are being sent out to recipients asking them to submit bids for an ongoing DOL project with the specifics of the project varying from one email to the next.

The emails are professionally and meticulously arranged. Thanks to some clever spoofing they appear to come from an actual Department of Labor server. Naturally they do not come from the DOL, and there are no ongoing projects that require the Department of Labor to blindly spam out emails seeking bids.

Nonetheless, an unwary recipient could easily be taken in by the scam and click the “Bid” button embedded in the email.  That button is of course masking a malicious link which will take the email recipient to one of the phishing sites controlled by the scammers.

Like the emails themselves, these spoofed sites look completely legitimate. A comparison of the HTML and CSS on the scam sites with the actual Department of Labor reveals that they have identical code behind them which is clear evidence that the scammers scraped those sites and used the code to create their own copies.

What’s different is the fact that the scam site includes a pop-up message that is there seemingly to guide the email recipient through the bidding process.  What it’s really doing is moving the potential victim closer to giving up his or her Office 365 credentials.

Of interest is that after a victim enters his/her credentials they’ll be prompted to enter them a second time.  This is to minimize the risk of the scammers harvesting mis-typed credentials.  They seem to have thought of everything!

There’s no good defense against this except for vigilance and mindfulness so please make sure your employees, friends, and neighbors are aware of the ongoing campaign.

0
1 51 52 53 54 55 236