Cybersecurity news headlines (November 1-8)
November 1-8 has been a pretty slow week. We did not witness major breaches involving millions of people, and no worldwide ransomware attack took place. However, some more notable incidents did occur, from popular anime site being hacked to a fake app being downloaded a million times from Google Chrome.
Without further ado, here are the most notable cyber security incidents of the last 8 days.
Crunchyroll hijacked to distribute malware
Some visitors accessing the popular anime streaming website Crunchyroll.com on the 4th ended up downloading malware onto their computers, after the site fell victim to what is believed to be a DNS hijack. When visitors accessed the website, they were greeted with a message asking them to download the program Crunchyroll Viewer. It was advertised as a new media player, and since it seemed to come from the legitimate Crunchyroll website, some users did not hesitate to try it out. However, instead of the video player, they got malware. The site was taken down as soon as Crunchyroll staff noticed what was going on. They warned their users via Twitter to not access the website, and later released a statement, explaining that hackers changed their Cloudflare configuration, which led users to a non-Crunchyroll-hosted server.
Users who downloaded the ‘player’ infected their computers with malware, which was later revealed to download Meterpreter. It is essentially a backdoor that can allow malicious parties to control your computer.
Critical vulnerability in Tor leaks users’ real IP addresses
Filippo Cavallarin, CEO of an Italian cybersecurity company We Are Segment, noticed a vulnerability in the Tor browser that leaks users’ real IP addresses, which defeats the point of Tor since it is supposed to provide anonymity. The issue was the way Firefox (Tor is based on Firefox) handles file:// URLs.
“Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser,” We Are Segment warns.
Windows users were not affected by this vulnerability, and Linux and Mac users are prompted to install a security patch. Tor developers warn that the patch is only a temporary walkaround, a way to prevent someone from taking advantage of the vulnerability. They also explain that some users may experience issues with file:// URLs until a proper update becomes available.
Fake WhatsApp downloaded over 1 million times from Google Play
A fake version of WhatsApp was downloaded over a million times from Google Play before it was discovered last week. It was available as Update WhatsApp Messenger and had a pretty high rating of 4.2. What’s more, the developer’s name was WhatsApp Inc., which is the name of the legitimate WhatsApp maker. The legitimate name of the developer might have fooled even the more cautious users since they appeared to be identical. And if you are wondering how Update WhatsApp Messenger developers managed to use the same name, they used a Unicode character space after the WhatsApp Inc., which read as WhatsApp+Inc%C2%A0 in computer code but appears as WhatsApp Inc. on Google Play. This space was invisible to Google Play users, which made it appear as the legitimate WhatsApp Inc.
Users on Reddit downloaded the app, and found out that it shows users advertisements prompting to download other applications. Update WhatsApp Messenger has since been removed from Google Play.
While Google Play acted quickly and removed the app, this incident only highlights that Google Play is not always safe to download apps from. This is not the first time the app store hosted apps with malicious intentions, and checking the developer’s name did not help users differentiate between this fake and the legitimate app.
Donald Trump’s Twitter account shut down by rogue Twitter employee
A Twitter employee made headlines all over the world last week when he/she disabled President Trump’s Twitter account for 11 minutes. The absence of the President’s twitter account was immediately noticed by both supporters and critics, who had a variety of different reactions. Twitter initially announced in a statement that the disabling was due to human error by a Twitter employee, but later revealed that it was intentionally done by a customer support employee on his/her last day.
Facebook is asking users to submit nudes to prevent “revenge porn”
“Revenge porn” or posting nude pictures of an ex is a big issue on Facebook. Last spring, the social media giant introduced photo-matching technology that prevents previously posted revenge porn photos from being posted again. To further fight this problem, Facebook has come up with a new way to prevent revenge porn from being posted in the site, and it involves uploading your nudes to Messenger. So if you are worried that your ex might post your private photos on Facebook, send them to yourself via Messenger. Facebook’s hashing system would then be able to recognize the photos, and they would be prevented from being uploaded onto Facebook if someone decided to post them.
“They’re not storing the image, they’re storing the link and using artificial intelligence and other photo-matching technologies,” Australian government agency’s, e-Safety, Commissioner Julie Inman Grant told ABC. “So if somebody tried to upload that same image, which would have the same digital footprint or hash value, it will be prevented from being uploaded.”
Facebook is carrying out tests to see whether this would work, and currently Australia is the test subject.
A vulnerability has frozen hundreds of millions of dollars worth of Ethereum
It has been reported that a big number of ethereum users had their funds frozen because of a bug in Parity wallet software. Approximately $200 million worth of ether is currently not accessible. The vulnerability in Parity software affects wallets deployed after July 20, and only those that use the ‘multi-signature’ function. The biggest issue right now is how to unfreeze the funds, and one of the solutions is a hard-fork of the entire Ethereum currency. However, this method is not favored by users, and alternatives solutions will be considered first.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.