Cybersecurity Weekly: Software skimmer, Android app flaws, Google ad phish

December 8, 2020 by Sam Fay

Hackers hide software skimmer in social media sharing icons. Unpatched Android apps put millions of users at risk. MetaMask phishing steals cryptocurrency wallets via Google ads. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Hackers hide software skimmer in social media sharing icons

Security researchers uncovered a new technique to inject a software skimmer onto checkout pages. The malware hides in social media buttons. The attacks used various techniques across the time to carry out an e-skimming attack, such as exploiting flaws in e-commerce platforms like Magento and OpenCart.
Read more »


2. Unpatched Android apps put millions of users at risk

A number of high-profile Android apps are still using an unpatched version of Google’s widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. The bug is rated 8.8 out of 10.0 for severity and impacts Android’s Play Core Library.
Read more »

3. MetaMask phishing steals cryptocurrency wallets via Google ads

Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. MetaMask offers an Ethereum cryptocurrency wallet in the browser via a browser extension that lets distributed applications read from the blockchain.

Read more »


4. Drug dealers are selling Pfizer COVID vaccines on the darkweb

The UK government announced the distribution of the Pfizer/BioNTech vaccine that has been granted emergency authorization by British regulators. While the first doses are expected to be rolled out from next week, multiple vendors on the darknet are already offering for sale doses of the Pfizer/BioNTech vaccine.
Read more »


5. Payment card skimmer group using Raccoon info-stealer to siphon off data

A cybercrime group known for targeting e-commerce websites unleashed a multi-stage malicious campaign earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. The campaign progressed in four waves, starting in February and ending in September.
Read more »


6. Hackers-for-hire group develops new PowerPepper in-memory malware

Last week, cybersecurity researchers disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe and the U.S. The malware has been attributed to the DeathStalker group.
Read more »


7. Kmart hit by Egregor ransomware

Longtime retailer Kmart has reportedly been hit by a ransomware attack that has shut down access to certain back-end systems. The attack is based on Egregor ransomware, which is a strain that exfiltrates data pre-encryption and then threatens to release sensitive information if a ransom is not paid.
Read more »


  1. Vancouver metro disrupted by Egregor ransomware

The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. The attack left Vancouver residents unable to use their Compass metro cards or pay for new tickets
Read more »


9. High-severity Chrome bugs allow browser hacks

Google updated its Chrome web browser, fixing four bugs with a severity rating of high and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser’s memory, opening the door to a browser hack and host computer compromise.
Read more »


10. VMware rolls a fix for formerly critical zero-day bug

VMware has patched a zero-day bug that was disclosed in late November — an escalation-of-privileges flaw that impacts Workspace One for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to important, down from critical.

Read more »

Posted: December 8, 2020
Sam Fay
View Profile