minute read
Share this article:
The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued.
The Plus Addons for Elementor plugin for WordPress has a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website. First reported as a zero-day bug, researchers said it’s being actively attacked in the wild.
The plugin, which has more than 30,000 active installations according to its developer, allows site owners to create various user-facing widgets for their websites, including user logins and registration forms that can be added to an Elementor page. Elementor is a site-building tool for WordPress.
A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days.
At its previous peak in February, the Monero Miner cryptocurrency ransominer was targeting more than 2,500 users a day, disguised as an antivirus installer. Now, the tricky hybrid malware is on the rise again, this time impersonating an ad blocker and OpenDNS service.
In total, it has infected more than 20,000 users in less than two months, researchers at Kaspersky warned, in a report on Wednesday.
Ransomining lets threat actors take over computing power to mine cryptocurrency in this case Monero and also encrypts the data to hold for ransom. In this case, the open-source XMRig ransominer is used as its base, Kaspersky said.
minute read
Share this article:
A never-before-seen malware-dropper, Clast82, fetches the AlienBot and MRAT malware in a savvy Google Play campaign aimed at Android users.
A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers.
The malware is part of a campaign aimed at lifting victims’ financial information, but which also allows eventual takeover of mobile phones, according to Check Point Research.
The dropper, dubbed Clast82, was disguised in benign apps, which don’t fetch a malicious payload until they have been vetted and cleared by Google Play Protect. Google Play Protect is the store’s evaluation mechanism, meant to weed out apps with ill intent and malicious functions.
A phishing attack targeting Microsoft users leverages a bogus Google reCAPTCHA system.
Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies.
According to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Google reCAPTCHA is a service that helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).