Search the Community

Hacking techniques don’t have to be particularly advanced to be successful. Case in point - Lazy Koala. Cybersecurity researchers from Positive Technologies Expert Security Center (PT ESC) recently uncovered a new threat actor, which they dubbed Lazy Koala. Nothing about this group is notably progressive or sophisticated, but it is achieving outstanding results. As per the report, the attackers are targeting enterprises in Russia and six Commonwealth of Independent States countries - Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Their victims work in government agencies, financial organizations, and educational institutions, and they mostly go for login credentials to various services. Exfiltration via Telegram So far, almost 900 accounts have been compromised, the researchers said. It is unclear what the attackers are doing with the information, but it’s likely that they’re either selling it on the dark web, or using it in further, more devastating attacks. The attacks are simple - they include crafting convincing phishing attacks, often in languages native to the locals, and getting the victims to download and run the attachment. The files being distributed in these phishing attacks deploy a “primitive password stealer malware”. The infostealer then grabs the files and exfiltrates them via telegram bots. The person handling these bots is called Koala, giving PT ESC the idea behind the name. "The calling card of the new group is this: 'harder doesn't mean better.' Lazy Koala doesn't bother with complex tools, tactics, and techniques, but they still get the job done,” said Denis Kuvshinov, Head of Threat Analysis, Positive Technologies Expert Security Center. “After establishing itself on the infected device, the malware exfiltrates the stolen data using Telegram, a favorite tool among attackers," Kuvshinov added. PT ESC said that it notified the victims, adding that the information stolen in this campaign will most likely be sold on the dark web. More from TechRadar Pro Crypto wallets are being hit by a new Mac infostealerHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

Hackers are using complex social engineering campaigns and calendar invites to distribute Mac malware. The hackers are abusing calendar scheduling tool Calendly to distribute meeting invites as part of their attempts to fool the best Mac antivirus. The narrative behind this campaign is far more complex than the usual email spam you might be used to, so here is how they did it, and how to keep yourself safe if you get targeted. Shady investments Disclosed by a reader of Krebs On Security, the campaign saw hackers go after cryptocurrency by posing as investors looking for their next startup to provide with funding. In this case, the victim was originally contacted via Telegram looking for an investment opportunity. The scammer wanted to organize a meeting to discuss the potential investment options, and so the victims sent over their Calendly details in order to organize a video call. The fateful day approached, but nothing happened when the victim attempted to open the meeting link. Low and behold, the scammers’ ‘IT team’ fixed the issue by sending out a new meeting link. Alas, the second link opened up a technical error message instead of the meeting, with a message displaying that there was an error with the video service. Luckily the message had a handy little script that could fix the issue and allow the victim to finally get some facetime with the potential investors. Rather than being graced with the face of the generous benefactor, the script installed a trojan with the ability to steal sensitive information from the victims Mac device. The victim, realizing the error of their ways, then changed their passwords and installed a fresh version of macOS. While this was a good choice on the victims part, it unfortunately means that there is no evidence to suggest exactly what strain of malware was used. In order to keep your device safe, always have a healthy amount of suspicion when receiving and clicking on any links sent from a stranger, and be sure to keep your device up to date with the latest updates, or take a look at some of the best firewalls to keep your device secure. Via TomsGuide More from TechRadar Pro Forget ransomware and phishing attacks — CTOs rate human error as their number one security riskTake a look at our guide to the best productivity tools aroundKeep your details safe with the best password manager View the full article