The Month in Hacks: November 2017

Fake Whatsapp tricks Google Play users, Forever 21 is targeted, and Imgur hack discovered by researchers. It's all this and more in The Month in Hacks.

One million Android users download fake WhatsApp

Over 1 million Android users downloaded a fake version of WhatsApp, a popular messaging service, called “Update Whatsapp Messenger.” The app appeared to be published by WhatsApp Inc., which is the same title that the real WhatsApp uses on Google Play.

The app appears to be malware and encourages users to download other third-party games, and is capable of click fraud, data extraction, and SMS surveillance. Google has since removed the app after a researcher reported the scam.

Parity Technologies accidentally freezes $280 million in Ether

Up to $280 million of Ether from several Parity Ethereum wallets has been locked due to a vulnerability in the source code. A GitHub user manipulated the code on multi-user wallets to transfer ownership to a single user, then removed the contract. As a result, users' funds stored in the wallets are now locked away, with no way for the any of the users to access the funds.

The Github user claimed that triggering the flaw was accidental, and not an attempt to hack the wallets. While Parity has yet to resolve the problem, they are working to bolster security to prevent a similar issue from occurring, and are weighing several options to regain access to the wallets.

Forever 21 payment systems targeted by hackers

Clothing retailer Forever 21 announced that hackers gained access to data from payment systems at several of its retail locations. The number of consumers or the data stolen have not been released, but shoppers who purchased from the store between March and October may have been affected.

While the hackers have not been found, Forever 21 claims that the encryption on some of its payment devices was not working, allowing the hackers to access the payment data of customers at certain stores. Customers are encouraged to monitor their credit card statements for any suspicious activity.

BlueBorne attack spreads to Amazon Echo and Google Home

A series of critical Bluetooth flaws, dubbed BlueBorne, has spread to affect Google Home and Amazon Echo. The attack allows hackers to remotely access data and interactions with Bluetooth devices and spread the exploit to other Bluetooth devices on the network. It is estimated that 15 million Echos and 5 million Homes were affected by BlueBorne.

Google and Amazon have both issued patches and automatic updates to prevent the attack.  When researchers originally discovered the BlueBorne attack, it was believed to only target computers, mobile phones, and certain IoT devices.

Intel processors found to be vulnerable to hackers

Intel released a statement in November informing consumers that their chipsets' remote administration feature, called the Management Engine, could allow hackers to gain full control of a computer. If the attackers have local access to a computer with an Intel chipset, they can edit data on the computer, crash systems, or make them unstable.

The company has released patches to protect against the attacks, but consumers must wait until the manufacturers push out the update. So far, only Lenovo has offered a firmware update to consumers with devices containing an Intel processor.

2014 Imgur data breach discovered by security researchers

The email addresses and passwords of over 1.7 million Imgur users were compromised in a data breach in 2014. The company was notified of the breach in November by a security researcher and assured users that no other data was stolen in the breach. While the passwords were encrypted, they could have been cracked using brute force.

The company does not know how the attack occurred but sent an email to all affected users encouraging them to change their passwords. The company was praised for its swift response after being notified of the breach. If two-factor authentication is available to Imgur users, they should turn it on.

Necurs botnet sends two million spam emails per hour

The world's largest spam botnet, called Necurs, is spreading a new strain of ransomware to computers across the globe at the rate of 2 million emails per hour. The ransomware, Scarab, contains a zip file and a subject line that says “Scanned from (printer company name)”.

The ransom is not set to a specific amount, but depends on how quickly an affected user messages the hackers. Users who receive a spam email are encouraged to never download a document from an unknown source, and to keep a backup of files in case your computer data is locked for ransom.

First arrest made in 2014 Yahoo hacks

An arrest has been made in the 2014 Yahoo hacks that affected 3 billion Yahoo accounts. The Toronto Police Department arrested 22-year-old Karim Baratov, a Canadian citizen, who pleaded guilty to nine counts of cyber criminal activities. His role in the hack was to access email accounts of people of interest to the FSB, Russia's security agency, and send the passwords to his Russian counterparts.

Baratov is the first arrest made in the case - the other three men linked to the hack reside in Russia, with whom the U.S. has no extradition treaty. Two of the men work for the FSB, and the other is a Latvian hacker.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.