The Month in Hacks: May 2017

One of the largest cyberattacks in history affects PCs, DocuSign users are targeted by a phishing scam and Bell Canada and Zomato fall victim to hackers with demands. It's all this and more in The Month in Hacks.

WannaCry Ransomware Affects Over 200,000 Computers in Three Days

In one of the most widespread cyberattacks in recent history, hackers released a ransomware called WannaCry, affecting more than 200,000 computers in 150 countries in less than three days. The ransomware scrambled the data on affected computers and demanded a ransom, payable in Bitcoin, before users could regain access to their data.

WannaCry was particularly effective because it did not require users to click a link to spread the ransomware - instead, it could spread itself between computers connected to the same network and scan and attack random hosts on the internet. As a result, WannaCry caused many hospitals to shut down, as they were unable to admit new patients, and also affected a host of other businesses.

While researchers discovered a kill switch for the original bug, new versions of the ransomware are circulating, meaning that computers globally are still at risk.

Judy Malware Reaches 36.5 Million Google Play Store Users

41 Android applications in the Google Play Store have been found to contain a malware program called Judy that is used to generate fraudulent clicks to generate revenue from advertisements. It's estimated that over 36.5 million Google Play Store users have been affected by the malware.

Google has removed the apps from the store, but more apps containing the malware could be uploaded. As all the affected apps had Judy in the name (like Fashion Judy, Animal Judy, and Chef Judy), experts recommend that Android users uninstall any apps that they have containing the name Judy, and refrain from downloading apps with the name in the future.

Subtitle Files Bring Malware in Through Media Players

Researchers discovered vulnerabilities in four media players - VLC, Kodi, Popcorn Time, and Stremio - that can be exploited with malicious code hidden in subtitle files. The code is embedded in subtitle files that users download online. Once a subtitle file is opened and run in one of the media players, hackers can gain full access to the computer or Smart TV.

At publishing, all four media players have patched the flaw.  Users who regularly download subtitle files from online and use one of the vulnerable apps are recommended to update to the newest version of their player.

Hackers Access Zomato's User Database

Zomato, an online restaurant guide, had the account information of 17 million users stolen from their database, including their user IDs, usernames, email addresses, and hashed passwords. While Zomato encrypts their password information, it can take hackers only a few hours to decrypt the information. As a result, users are recommended to change their password for any accounts that use the same email and password combination and turn on two-factor authentication wherever it's available.

While the hacker originally placed the stolen information for sale on the dark web, he/she took it down when Zomato agreed with the terms, which included acknowledging security vulnerabilities, working with ethical hackers to patch them, and launching a bug bounty program.

Phishing Scam Targets DocuSign Users After Hack

DocuSign users were targeted by phishing emails after hackers stole a database of all DocuSign customer emails. The phishing email sent by hackers contains a Word document, that, when opened, installs malware on the user's computer, giving hackers full access to their information stored on that computer.

DocuSign confirmed that no other information was stolen in the attack besides email addresses, and advises users to delete any suspicious messages immediately. The phishing attack came from addresses ending in, a lookalike domain to the actual domain,

Bell Canada Resists Hacker's Demands and 1.9 Million Customers Pay

Hackers released the email addresses of 1.9 million Bell customers, as well as the names and phone numbers of 1,700 customers, after the company refused to meet their demands. While the details of the hackers' demands are unclear, experts say they were asking for a ransom for the stolen information.

While the company said that no financial, password, or other sensitive personal information was accessed in the attack, they warn users to be wary of phishing attacks trying to get them to give up more information, including financial data.

Hackers Access Handbrake Server to Spread Trojan

A popular Mac-based video transcoder app was targeted by hackers, changing one version of the software into a trojan. Hackers gained access to one of Handbrake's download servers and used it to distribute a macOS version of the application that contains malware.

While the affected software has been removed, users that downloaded the program between May 2 and May 6 have a 50% chance of getting the trojan. Handbrake suggests that users who downloaded the application in that time to run a full malware scan on their systems.

Intel Server Chipsets Receive Patch After Seven-Year Vulnerability Discovered

Researchers recently discovered that PCs with Intel Server Chipsets could be hacked remotely, allowing hackers to tamper with the machine's hardware or installing virtually undetectable malware. The flaw also allows hackers to access and manipulate any other computer on the same network.

According to researchers, the vulnerability has existed for over seven years. The company just released a firmware patch to fix the issue, but since so many manufacturers use Intel Server Chipsets, each will have to release their own tailored version of Intel's patch to fix their affected systems.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.