Share Blog Post
Cybercriminals are back at outbidding legitimate advertisers and displaying official brand websites within their malicious ads. These ads claim to have detected malware in victims’ systems and often charge thousands of dollars to remove it. Along similar lines, a new Mal.Metrica redirect scam have surfaced, employing fake human verification prompts to target users, leading to malicious redirects and scam sites. It has reportedly hijacked 17,000+ WordPress sites.
Microsoft warns of Dirty Stream attack on Android apps, impacting Xiaomi File Manager and WPS Office with 1.5 billion installs. The vulnerability facilitates code execution and data theft. What more? Security experts discovered over two dozen vulnerabilities in Xiaomi and Google's Android Open Source Project (AOSP) apps. The flaws range from arbitrary activity access to geolocation leaks.
Top Malware Reported in the Last 24 Hours
Threat actors exploit Microsoft Graph API
Since January 2022, various nation-state-aligned hacking groups have been leveraging Microsoft Graph API for malicious purposes, aiming to evade detection by using it to communicate with C2 infrastructure hosted on Microsoft cloud services. Symantec's Threat Hunter Team identified the use of a previously undocumented malware, BirdyClient, in an attack against an organization in Ukraine, which communicates with Microsoft infrastructure via Graph API.
Top Vulnerabilities Reported in the Last 24 Hours
Dozens of bugs found in Xiaomi and Android
Oversecured, a mobile app security firm, disclosed over two dozen vulnerabilities in Android apps from Xiaomi and Google's AOSP. Oversecured identified flaws allowing access to sensitive data and arbitrary activities. Modifications to AOSP code by Xiaomi led to vulnerabilities in apps like System Tracing and Settings. Google's Pixel devices also had six vulnerabilities, including geolocation access and file access through WebView components.
Microsoft warns of Dirty Stream
Microsoft unveiled a critical Android app vulnerability dubbed Dirty Stream, posing threats to over 1.5 billion users. This flaw, linked to path traversal, affects popular apps like Xiaomi File Manager and WPS Office, potentially granting attackers access to sensitive data. Exploiting the Android content provider component, specifically the 'FileProvider' class, allows malicious code execution and token theft, compromising app integrity.
Top Scams Reported in the Last 24 Hours
Search scams leading to tech support fraud
Scammers masqueraded as reputable brands like CNN and Amazon and exploited sponsored search results to lure unsuspecting users. Clicking on those redirected users to malicious sites, often triggering tech support scam pop-ups urging urgent calls to fake helplines. As a result, victims faced potential malware infection and financial loss. Victims are billed exorbitant amounts, often ranging in thousands of dollars, to remove non-existent malware.
Unveiling the Mal.Metrica redirect scam
Analysts discovered a new Mal.Metrica malware spreading scams via compromised websites. It seemingly presents a routine human verification prompt that triggers redirects to malicious sites upon interaction. Unlike conventional malware injections, this scam employs image overlays with deceptive links. Mal.Metrica exploits WordPress plugin vulnerabilities and targets popular themes like "Responsive."
Tags
Posted on: May 03, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
