Weekly cyber news update.. part 2
Mac Malware that Spoofs Trading App to Steals Information.
An apparently legitimate Mac-based trading app called Stockfolio has had a few malicious malware variant. In one version, the initial sample analysed by Trend Micro, when the app is executed, an actual trading app interface will appear on-screen. However, unbeknownst to the user, the malware variant is already performing its malicious routines in the background. The plugin shell script collects the following information from the infected system:
• IP address
• apps in /Applications
• files in ~/Documents
• files in ~/Desktop
• OS installation date
• file system disk space usage
• graphic/display information
• wireless network information
Baltimore ransomware outbreak made worse by bad storage practices:
This year's ransomware infection at the City of Baltimore made headlines with an eye-popping $18.2m cost for damage and recovery. It turns out that the city's bad data collection policies are playing a big role in that. The Baltimore Sun reports that one of the reasons the data loss from the infection was so severe was because many of the important files were being kept locally on the PCs of individual employees, rather than backed up to a central server.
This meant that, as the ransomware infection spread from PC to PC, that data was lost and could not be recovered from a backup server, as should be the case.
Phishing scam imitates Adobe:
A Register reader refers to this sysadmin's report of a particular phishing flaw that appears to disguise its credential-harvesting fake login pages as legitimate Windows login sites. The phishing attack seemed to direct through a legitimate Adobe domain. The admin noted the matter was reported to Microsoft and the scammer's account was deleted.