Check Point Research has uncovered a new surge of hacking attacks worldwide, in both the form of malware affecting Android based devices and new phishing e mail campaigns. This is especially troubling right now as we enter the holiday shopping season at a time when the Corona Virus has caused the shuttering of stores everywhere. And as if that were not enough, Check Point found that a 13-year old backdoor Trojan named Bandook used for spying on people has returned.
During the month of November, including last week’s Black Friday and Cyber Monday this week, Check Point Research found what it describes as a dramatic spike in phishing emails which it says impersonate internationally-known shipping companies such as DHL, Amazon & FedEx.
The research has found more than a 440% increase in shipping related phishing emails in November compared to October, with Europe leading the phishing surge, followed by North America & APAC. DHL is the company most impersonated globally in shipping-related phishing emails during November, followed by Amazon & FedEx.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at email@example.com.
So what should you be on the lookout for? These phishing e mails portend to be from a company trying to deliver something which you may have ordered on line. They claim that there is a problem of some sort with the delivery and so they “phish” for your personal information.
So how do you protect yourself? As usual, do not fall for fake e mails. If you get one from a shipping company like FedEx or a commercial site like Amazon, never respond directly to it. First check the sender’s e mail address. Then go to the company’s website and contact them directly to see if they really sent you the e mail.
.@_CPResearch_ has uncovered a new #malware which targets #android users in Southeast Asia, called #WAPDropper, which has the ability to quietly sign up users for premium services. Avoid #billshock and get the research here: https://t.co/hHHYj1wQZt pic.twitter.com/Wu2LeIgfop
— Check Point Software (@CheckPointSW) November 24, 2020
As this is happening, Check Point Research has also found a new malware which is infecting Android systems called WAPDropper. This malware subscribes its victims to premium services from telecommunication companies without their knowledge.
The WAPDropper malware family contains 2 different modules. The first is a dropper module, which can download additional malware modules and has the potential to spread and initiate different attack vectors. The second module is a premium dialer, a malware whose only purpose is to subscribe victims to premium services without their knowledge or consent.
It remains hidden from the user of the infected mobile phone or tablet. You won’t even know about it until you get huge new charges on your credit card bills.
And finally Check Point Research uncovered the return of an old enemy called Bandook, a type of malware which was implemented by the Kazakh and Lebanese governments and was prevalent between 2015 and 2017. This is literally a form of spyware which is used by governments to spy on political opponents and the press alike.
Bandook affects government, financial, energy, food industry, healthcare, education, IT and legal institutions. It has recently been found infecting systems in Singapore, Cyprus, Chile, Italy, USA, Turkey, Switzerland, Indonesia and Germany.
Check Point has found that throughout 2020 dozens of digitally signed variants of Bandook malware started to reappear. The company explains that its research has shown that the malware is not developed in-house and used by a specific hacker for his own benefit, but is part of an offensive infrastructure sold by a third party to governments and threat actors worldwide, to facilitate offensive cyber operations.
This malware can infect simple files like a Word document or a delivered inside a ZIP file. If you open the document, malicious macros are downloaded using the external template feature. These macros are the used to create a backdoor for Bandook.
This may all sound intimidating. But we already know how to protect ourselves. Use anti-virus and anti-spyware programs. Do not go to questionable websites or open e mails which look suspicious. And never download anything which you are not absolutely 100% sure about.