Cyber Security News Update 05/03/2019

Scammers have been taking advantage of Google AdWords to have their numbers replace the correct support lines for Amazon, PayPal, and other online services. The scammers leverage the trust that search engine users place in their results and have been using the numbers to have Google Play cards sent to their accounts. This purchase is to “verify” that their account is still under the owner’s control, and the scammer says that they’ll be reimbursed after the transaction goes through. Apparently, the scam only works on mobile devices where ads are subject to less scrutiny and the ads are able to pass through the automated measures that are supposed to stop them. Why exactly mobile ads would have less stringent safeguards against exploits like this isn’t clear, nor has it been clarified. The ads were reported to Google by BleepingComputer, and Google has since taken steps to remove the ads and stop their spread. As of now, there will no be any repayment to customers who have been scammed.
Source: Scammers deceive PayPal, Amazon and eBay clients through fake customer support numbers

In an unsurprising turn, hackers are turning to jailbroken and cracked devices to infect their users with malware. This makes sense, as someone who buys a cracked Amazon Firestick is incapable of going to Amazon itself for assistance and is unlikely to notify a law enforcement agency of their problem. Malicious actors have included payloads that steal user credentials, financial information, and other data. They also use the infected devices as jumping off points to get into the rest of the owner’s Internet of Things (IoT) devices. This is especially dangerous, as IoT devices are already incredibly vulnerable to being rolled up by a single infected device. Now, attackers can leverage the owner willingly allowing an infected device on to their network and giving it the access it needs to deliver its payload relatively unmolested. The malware doesn’t stop at just physical devices, but the content that streams to it is also infected. This is also true for devices that are bought legally but then tuned into illicit broadcasts and apps. Devices that find themselves streaming content from illegal sources rapidly find themselves infected with malware and that spreads to other connected IoT services and devices. Users can find their WiFi network compromised within minutes of beginning a stream, and from there attackers are able to pose as legitimate apps such as Netflix to further spread their attack. This sort of malware infection is a devious way of spreading a potential attacker’s reach, as they may be able to spread beyond the initial user. These attacks usually start with an offer of free content that entices the user to go with an app that has not been checked or is not available through standard means. Roughly 1 in 3 of websites offering this sort of app or streaming service attempt to hack their users as soon as they land on the website.
Source: Hackers are Targeting Piracy Apps to Install Malware and Steal Data