Emotet Malware Will Include Credit Card Theft In Attacks

If you’re involved in information security in any capacity, you’re probably quite familiar with the infamous Emotet botnet.  It’s one of the most dangerous and prolific botnets out there and it is a dire threat to organizations of all sizes.

The bad news is that the botnet is still being actively enhanced and is gaining new capabilities at regular intervals.

Most recently, its developers have added a new credit card stealing module that is designed to harvest saved credit card information stored in Google Chrome profiles.

Once it harvests information (name on the card, card number, security code, and expiration month and year), the malicious code will send that data to a command-and-control server controlled by the Emotet group.

The new capabilities were discovered by researchers at Proofpoint, and they reported being somewhat surprised that the new module was designed specifically to target Chrome users.  No other browsers are impacted by it.

Emotet has a fascinating history.  It first hit the internet in 2014 and when it first appeared, it was a simple banking trojan.

A concerted effort by law enforcement nearly destroyed the botnet. They took it offline as law enforcement officers pulled the plug on most of the botnet’s infrastructure.

Things were quiet for several months, but then in November 2021, Emotet returned like a malicious phoenix and has been causing trouble for IT professionals around the world ever since.

Controlled by the TA542 threat group also known as Mummy Spider, it can be used to deliver any number of second-stage payloads which makes it incredibly dangerous.

This is one malware you will have to stay on the alert for.  There’s no telling what new features the threat group will add next, and you may find yourself in Mummy Spider’s crosshairs.

Screencastify Issue Could Allow Someone To Steal Recorded Videos

Are you one of the legions of users making use of the Screencastify Chrome extension?  It’s a fantastic Chrome extension that allows you to almost effortlessly create screencasts for a variety of purposes.

Unfortunately, the web extension also suffers from a critical security vulnerability that allows attackers to take control of a user’s webcam and steal recorded videos.

The cross-site scripting (XSS) vulnerability that made this possible was reported by independent security researcher Wladimir Palant and it was reported on Valentine’s Day of this year (February 14, 2022).  The vendor that created the extension responded quickly to the reported flaw and issued a fix just days after the issue was reported to them.

While we applaud the rapid response, unfortunately, the fix didn’t completely address the issue and it may still be possible. Although the threat from external attackers has been eliminated.  Unfortunately, three months later the lingering issues that could allow an unscrupulous insider to make the same kind of attack remain unaddressed.

That’s problematic because Screencastify boasts more than ten million installations worldwide on the Chrome store. The total number of installations may be significantly higher, but the site’s counter only goes to ten million.

The extension’s popularity exploded during the pandemic because it represented such a quick and easy solution to a problem that only emerged when tens of millions of people around the world started working from home.

Mr. Palant sums up the core issue thusly:

“The problem was located in the error page displayed if you already submitted a video to a challenge and were trying to submit another one.  This error page is located under a fixed address, so it can be opened directly rather than triggering the error condition.”

In any case, if you use the extension just be aware of the risks associated with it.  There is no word from the vendor on if or when another fix might be coming.

Update Google Chrome Soon To Fix Multiple Security Issues

Are you a Google Chrome user?  If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right away. The latest release contains a total of 32 security fixes on Windows, Mac and Linux.

Of the 32 flaws addressed, eight are high-severity, nine are medium, seven are low-severity and one is critical.  The critical flaw, tracked as CVE-2022-1853, is a “user after free in IndexedDB” which is an interface where data is stored in a user’s browser.

Details about the bug or how hackers could exploit it is limited. Pieter Arntz is a security researcher at Malwarebytes, and according to them, a hacker could exploit the flaw by creating a poisoned website that would take over the visitor’s browser by manipulating the IndexedDB.

None of the flaws addressed in Chrome 102 are “Zero Day” issues, meaning flaws that were exploited before Google released the patch to address the flaw.  Even so, many people are somewhat slow to update their browser, and if you are one of them, then you could be in for a world of headaches if a hacker sets their sights on your system.

You can get Chrome 102 for Windows, Mac, and Linux right now. In case you weren’t aware, normally Chrome is updated every four weeks but the extended release gains an additional four weeks by Google back-porting important security fixes to it.

Also be aware that an extended stable release is updated every eight weeks.  Grab yours today and kudos to Google for their tireless work!  Last year, Google’s Project Zero team counted a total of 58 Zero-Day exploits for popular software, with twenty-five of these impacting web browsers.

Google May Phase Out Secure Lock Icon For Websites

Google has had a long history of taking steps to make the web more secure for everyone. One of their early moves involved warning users via popup box when they surfed their way to a site that did not use the secure socket (HTTPS) protocol.

This warning was good for users but didn’t do anything to prompt website owners to begin adopting HTTPS as the web’s standard. Google tweaked their ranking algorithm to hit HTTP sites with a slight ranking penalty compared to HTTPS sites.

That strategy seems to have borne fruit. Today more than 90 percent of all web connections are made using the secure socket protocol. That is a huge victory for both Google and everyone who spends any amount of time online.

With that success the company has recently decided to stop displaying an indicator when you are visiting a secure website and only show a graphical warning display when you’re not.

You may have noticed a small padlock icon next to the address bar on your Chrome browser. That’s the icon that’s going away. Only the “unlocked padlock” will display in instances where a site is not using the secure socket protocol.

If you’re interested in testing out the new feature, that’s as easy as downloading the Chrome 93 Beta or Chrome 94 Canary build. Once you have either of those, you simply type in “Chrome://flags” in the address bar and hit “Enter.” Once you do that, search for “Security Indicators” and you’ll see “Omnibox Updated Connection Security Indicators.” You’ll find two options beneath this: Enabled or Disabled. Simply select “Enable” and relaunch the web browser when prompted to do so.

When you surf your way to a site using the Secure Socket Protocol you will no longer see the lock icon. It’s not a big change but it is well worth checking out.

Latest Version Of Chrome Gets Additional Security Enhancements

Google has recently released Chrome 92. The latest version of the browser includes a raft of high value updates and has fixes for a number of high severity security issues.

Here’s a quick overview:

Chrome for iOS now allows users to lock their “incognito” browsing tabs. This secures them with either a passcode or your TouchID. The new security feature is not enabled by default. In order to enable it you will need to go to Settings and Privacy and then enable the “Lock Incognito Tabs” option.

Locked Incognito tabs will not be visible after leaving and reopening Chrome unless the user re-authenticates.

Chrome 92 (all platforms) also fleshes out its Chrome Actions feature. This allows you to typing in certain keywords and phrases and get a shortcut to the feature you’re looking for.

For example, you can type in:

  • Delete History
  • Edit Passwords
  • Manage Security Settings
  • Or Manage Sync

Typing these commands will bring you to the relevant section of the browser’s settings page. You can also now type in “Safety Check” which will allow you to scan your device for malicious extensions. Google has also beefed up its Site Isolation feature. This feature was initially introduced to prevent Spectre-like side-channel attacks. Google has also upgraded its phishing protection by adding image processing capabilities.

The company had this to say about its new phishing protections:

“If the site matches a known phishing site, Chrome warns you to protect your personal information and prevent you from exposing your credentials. On average, users will get their phishing classification results after 100 milliseconds, instead of 1.8 seconds.”

Chrome 92 offers all of that and also addresses a total of nine high severity security issues. This is a major update. Get it today if you haven’t already installed it.

1 2 3 6