The latest round up of recent cybercrime news stories from Phil Ashley, Director of Crossword Labs. A pick of the weird spam, quirky scams and downright scary cyber attacks that remind us why we do what we do.
There is a new type of fast-growing spam called SquirrelWaffle which uses Microsoft Office documents to deliver Qakbot malware. This mal-spam campaign started in mid-September when Cisco Talos researchersnoticed malicious Office documents were working to infect systems with Squirrel Waffle in its initial stages. SquirrelWaffle emails typically contain hyperlinks to malicious ZIP archives which are hosted on the cyber criminal’s servers. Besides English, the top five languages being used in the spam emails include French, German, Dutch and Polish.
Teenager uses Google ads for his scam website
A teenager had £2.1 million confiscated after he made a phishing website in which he tricked victims into giving away their gift card codes. The teenager made a website which was nearly identical an actual gift card website called Love2Shop. Unsuspecting gift card owners would click on Google Ads from legitimate websites, which would dupe them into thinking that the scam website was real. It is believed that before the A-Level student was caught that he had in his possession information on 197 PayPal accounts.
Android users being swindled vis SMS
Fraudsters are using malicious Android apps to trick their victims into downloading premium SMS subscriptions which leads to them being overcharged. Avast’s Jakub Vavra, who first discovered this fraud, said the fake apps featured a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, among others. This campaign is believed to have started in May 2021, and now has around 151 apps which have frequented the Google Playstore and have been downloaded over 10 million times.