![]() ![]() Avast helps protect its users from all threats covered in the report. In addition, the Avast Q4/2022 Threat Report from the Avast Threat Labs shares insights into spyware, and the latest in mobile banking Trojans and Trojan SMS. Microsoft patched this exploit in the January 2023 Patch Tuesday update. The second zero-day CVE-2023-21674, was an LPE vulnerability in ALPC that allowed attackers to get from the browser sandbox all the way into the Windows kernel. Avast reported this vulnerability to Google who quickly rolled out a patch in just two days, on October 27, 2022. The first, CVE-2022-3723, was a type confusion in V8 and used to do a 'get Remote Code Execution' (RCE) against Google Chrome. Avast protected its users as both were exploited in the wild. Two sophisticated zero-day exploits were also discovered by Avast researchers in the quarter. For example, the threat actors have started abusing SVG images to hide malicious payloads and the code used for its reassembly. ![]() The Qakbot information stealer botnet has also evolved further and started using "HTML smuggling" to hide an encoded malicious script within an email attachment. The Emotet botnet, also a malware distributor with a wide variety of capabilities to steal information and spread malware, has evolved its technique of evading detection by antivirus software in the past few months through the use of timers to incrementally continue the payload's execution. ![]() It was mostly active in South and Southeast Asia and Latin America. LimeRAT is a remote access trojan capable of stealing passwords, cryptocurrencies, driving Distributed Denial of Service (DDoS) attacks and installing ransomware on a victim's computer. There was also a 57% increase in people and businesses protected against AgentTesla, a strain of malware that often spreads through phishing emails to businesses and designed to steal credentials, as well as a 37% increase in RedLine stealer, which often spreads in cracked games and services, stealing information from browsers and cryptowallets.Īvast telemetry also shows that the global spread of LimeRAT tripled in Q4. The risk to get infected by DealPly increased around the world, most significantly in the Americas, in Europe, and South and Southeast Asia.Īvast researchers saw a significant increase of 437% in the global spread of the Arkei information stealer, which is known for stealing data from browsers' autofill forms, passwords and other sources. Avast researchers also saw a flood of DealPly adware, which comes as a Google Chrome extension and sends statistical and search information to the attackers. For example, people are asked to take part in a lottery, spinning a roulette wheel to win, and are then asked to enter their contact information and pay a "handling fee" using their credit card or Google Pay or Apple Pay account. Web-based adware was also prevalent in the quarter, not only annoying people with intrusive ads, but also trying to steal their personal data. Information stealing adware, remote access trojans and bots Fraudulent invoices often look legitimate, and people need to verify whether an order really was made, the service received, and whether the sender is truly who they pretend to be," said Kroustek. "To avoid invoice fraud, people need to pay close attention to invoices they receive. In the case of invoice fraud, people, and more often businesses, receive bills for goods or services the business never ordered or received. The goal of the attacker is to steal the person's money. People are then tricked into calling a phone number, where an agent asks them to create a remote connection to their computer and open their banking account, so the person can see how the refund is done. People will receive an email including a fake receipt making them believe they were charged for a purchase they didn't make. Refund fraud works in a comparable way to tech support scams, and often comes in the form of an email that looks like it was sent from a trusted company. The Avast threat labs also saw an uptick in refund and invoice fraud of 14% from October to November 2022, and another increase of 22% in December. "Also, never give remote access to your computer to somebody you don't know." "We recommend people ignore such pop-up messages and close the window with the escape key, or if that's not possible, restart their computer," advises Kroustek. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |