Social Engineering

Hiding Malware in Social Media Buttons

December 7, 2020 by ITSecurity.Org Ltd

This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks.

The payment skimmer malware pulls its sleight of hand trick with the help of a double payload structure where the source code of the skimmer script that steals customers’ credit cards will be concealed in a social sharing icon loaded as an HTML ‘svg’ element with a ‘path’ element as a container.

The syntax for hiding the skimmer’s source code as a social media button perfectly mimics an ‘svg’ element named using social media platform names (e.g., facebook_full, twitter_full, instagram_full, youtube_full, pinterest_full, and google_full).

A separate decoder deployed separately somewhere on the e-commerce site’s server is used to extract and execute the code of the hidden credit card stealer.

This tactic increases the chances of avoiding detection even if one of the two malware components is found since the malware loader is not necessarily stored within the same location as the skimmer payload and their true purpose might evade superficial analysis.

Filed Under: credit cards, IT Security, Malware, Social Engineering, social media, Uncategorized

Three Areas to Consider, to Focus Your Cyber-Plan

November 22, 2019 by admin

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Filed Under: budget, cybersecurity, DNS, InfoSec Insider, IT Security, justin jett, network monitoring, Phishing, plixer, preparedness, rogue employees, Social Engineering

Humble Bundle alerts customers to subscription reveal bug

December 4, 2018 by admin

Humble Bundle alerts customers to subscription reveal bug

Filed Under: 2-Step Verification, 2fa, Breach, bug, Cybercrime, games, gaming, humble bundle, IT Security, phish, Phishing, Social Engineering, spear phishing, two-factor authentication, video games

APT10 Stone Panda – Operation Cloud Hopper – Social Engineering

December 4, 2017 by admin

APT10 Stone Panda – Operation Cloud Hopper

On 3 Apr 2017, the National Cyber Security Centre (NCSC) briefed major UK businesses about a significant Chinese Cyber-Espionage Threat called APT10, also known as Stone Panda.

APT10, are operating a campaign called ‘Cloud Hopper’, which is actively targeting Managed Service Providers (MSPs) in order to steal their client’s NCSC has stated UK MSPs were known to be infiltrated, however they are not naming them.
The Cloud Hopper campaign focuses on sending malware infected emails to staff at Managed Service Providers (MPS). Once executed the malware creates a backdoor which allows the attacker remote access to the MSP’s backend systems. From there the attackers are able to navigate the MSP network and identify external connections with the MSP clients, which are their actual targets. These network channels are then used to steal data from those clients, data which is packaged and exhilarated through the MSP remote connection. These backdoors are known to remain undetected for months, due to tailored malware which is undetectable by anti-virus and security monitoring
PwC and BAE Systems have been assisting NCSC and have produced a list of IP addresses and MD5 hash files associated with Cloud Hopper attacks. These can be used to detect (scan) and prevent (monitor) against the Cloud Hopper

Filed Under: Social Engineering

The role of Social Engineering media in society

November 20, 2016 by admin

The role of Social Engineering media in society

Filed Under: Social Engineering

The Impacts Of Social Engineering Media In Everyday Life

November 14, 2016 by admin

The Impacts Of Social Engineering Media In Everyday Life

Filed Under: Social Engineering