Hackers know no respite and, in the past few hours, they have returned to target users, affecting mobile devices, computers, and routers, with various purposes, from doing harm to simply causing annoyance.
Listen to this article
In the past few hours, the digital security of users has appeared even more fragile than before, as evidenced by numerous alerts launched by industry experts and companies active in the security sector.
Recently, the American security house Intezer warned against the spread of a malware, known as YTStealer, which targets creators operating through YouTube channels: specifically, the virus, often packaged as an “accessory” together with other malware (eg. Vidar or YTStealer), rented according to the MaaS formula (malware as a service), is inserted in cheats or mods for videogames (eg. Roblox, Call of Duty, Grand Theft Auto V, Valorant) or in graphic editors professional for videos (eg Antares Auto-Tune, Adobe Premiere Pro, Ableton Live, Filmora, FL Studio) and, once on the victim’s computer, check that it is not running in a sandbox but on a real machine. At that point, it analyzes the browser’s SQL database looking for YouTube authentication tokens: after verifying them through a browser run secretly (in headless mode, without a graphical interface), using web scraping techniques, it steals information such as the status of monetization, the number of subscribers, the date of creation, the name of the channel, and sends them to hackers who, presumably, sell them on the dark web for those who intend to use them for the purpose of scam, or even to ask for the ransom of the YouTube channel seized.
From the Czech security house Avast, comes the report of another curious malware as a service, Lunar, found on a Discord server where it was loaded by the Next user: this virus, of a modular nature, certainly able to steal even passwords and gaming account, is rented for 5-25 dollars, being intended for teenagers, mostly to make jokes, since it goes to delete the folders of Minecraft and Fortnite, and enjoys opening Pornhub web pages at full throttle.
From the CyberSecurity360 portal comes the report of another malware as-a-service with a sense of humor. This is LockBit 3.0 which, in its third issue, has equipped itself with a bug bounty program, open to hackers, ethical or non-security researchers, who can suggest new ideas, but also report bugs (to anonymous messaging for negotiations , to the TOR network used to anonymize itself, to the Locker that does the real damage, in terms of vulnerability, etc), promising rewards ranging from 1,000 to million dollars, with the intention of becoming unassailable.
From the security team Lumen Black Lotus Labs comes the report concerning the reappearance of the remote access trojan ZouRAT, which targets – in North America and Europe – SOHO routers mostly Cisco, Asus, Netgear: penetrated on the device, made vulnerable by a firmware that is perhaps not very updated, the malicious code proceeds to download, using HTTPS and DNS hijacking techniques, the Cobalt Strike hacking tool and other malicious modules, such as GoBeacon or Beacon, with relative danger for all systems, Windows, macOS , and Linux that rely on the network managed by the affected router.
From the OSI, a free security service offered by the National Cybersecurity Institute, there is a report of an attack against Banco Santander account holders: it starts with the receipt of an SMS, attributed to the well-known Spanish bank, with which it warns of a card charge for an Amazon purchase, with the offer of a link to be able to cancel everything. By connecting to the proposed site, similar to that of Banco Santander, the user is requested to access the account, who must enter his tax code and the relative password: in the event that the victim bites, a message will be shown. error, when login is attempted, even if the data are correct, with the damage that is now done, since the data entered will have been transferred to the hackers who, from that moment, will be able to proceed with truly unauthorized transactions.