This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also, read about how hackers are hijacking routers and changing Domain Name System (DNS) settings in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps.
Read on:
[**Apple iOS Users Served Mobile Malware in Poisoned News Campaign**](<https://www.zdnet.com/article/apple-ios-users-served-mobile-malware-in-operation-poisoned-news-campaign/>)
_Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware__. This week, Trend Micro researchers said the scheme, dubbed _[_Operation Poisoned News_](<https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/>)_, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories. _
[**The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring**](<https://blog.trendmicro.com/the-wawa-breach-30-million-reasons-to-try-dark-web-monitoring/>)
_Data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records._ _The latest data breach from convenience store and gas station chain Wawa could be one of the largest ever, affecting 30 million card records from customers._
[**Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic**](<https://www.infosecurity-magazine.com/news-features/infosec-compassionate-covid19/>)
_As the coronavirus pandemic continues, large numbers of organizations have been forced to implement work from home measures for staff. While working from home, employees are more susceptible to cybersecurity threats, especially with a rise in tailored COVID-19 cyber-scams.__ In this article, read about how Trend Micro and other information security companies have taken steps to offer free resources and support to organizations and employees at this difficult time. _
[**Nefilim Ransomware Threatens to Expose Stolen Data**](<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/nefilim-ransomware-threatens-to-expose-stolen-data>)
_A new ransomware named Nefilim has been discovered threatening to release its victims’ data to the public if they fail to pay the ransom. It is most likely distributed through exposed Remote Desktop Protocol (RDP), as shared by SentinelLabs’ Vitali Krimez and ID Ransomware's Michael Gillespie._
[**Remember Cryptojacking from Way, Way Back (2019)? Site Infections are Down 99% – Thanks to Death of Coinhive**](<https://www.theregister.co.uk/2020/03/17/cryptojacking_coinhive/>)
_Cryptojacking, the theft of computing power to mine digital currency, has been around at least since 2013 – and has shrunk in use dramatically with the death of Monero-mining service Coinhive. Since Coinhive's closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada. _
[**Microsoft Alerts Users About Critical Font-Related Remote Code Execution Vulnerability in Windows**](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/microsoft-alerts-users-about-critical-font-related-remote-code-execution-vulnerability-in-windows>)
_Microsoft released a security advisory on a zero-day remote code execution (RCE) vulnerability affecting Windows operating systems. The vulnerability is found in an unpatched library and comprises two RCE flaws found in Adobe Type Manager Library (atmfd.dll), a built-in library for the Adobe Type Manager font management tool in Windows. _
[**Credit Card Skimmer Found on Tupperware Website**](<https://www.securityweek.com/credit-card-skimmer-found-tupperware-website>)
_Cybercriminals hacked Tupperware.com and planted malicious code designed to steal payment card information, Malwarebytes warned this week. The credit card skimmer was planted on the main website and some of its localized versions. The website has nearly one million visitors every month, indicating that hackers may have obtained a significant number of payment card records. _
[**Mirai Updates: New Variant Mukashi Targets NAS Devices, New Vulnerability Exploited in GPON Routers, UPX-Packed FBot**](<https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/mirai-updates-new-variant-mukashi-targets-nas-devices-new-vulnerability-exploited-in-gpon-routers-upx-packed-fbot>)
_Researchers observed a number of new developments related to the internet of things (IoT) malware Mirai, which actively searches for vulnerabilities in IoT devices. A new Mirai variant named Mukashi was found attacking network-attached storage (NAS) devices, a new vulnerability in GPON routers was exploited by Mirai, and a UPX-packed Fbot variant was detected by a Trend Micro honeypot._
[**Hackers Hijack Routers to Spread Malware Via Coronavirus Apps**](<https://threatpost.com/hackers-hijack-routers-to-spread-malware-via-coronavirus-apps/154170/>)
_Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information stealing Oski malware._ _This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic._
[**Working from Home? Here’s What You Need for a Secure Setup**](<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/working-from-home-here-s-what-you-need-for-a-secure-setup>)
_In response to the ongoing coronavirus outbreak, many companies have rolled out work-from-home arrangements. As a result, there has been an influx of employees signing in remotely to corporate networks and using cloud-based applications, potentially opening doors to security risks. In this blog, Trend Micro shares how security teams and home office users can mitigate the risks that come with remote-working setups. _
[**Russian Hackers Using Stolen Corporate Email Accounts to Mask their Phishing Attempts**](<https://www.cyberscoop.com/fancy-bear-phishing-email-trend-micro-apt-28/>)
_In the last year, Russian military intelligence hackers have used previously hacked email accounts to send a wide array of phishing attempts. Feike Hacquebord, senior threat researcher at Trend Micro, explains new research regarding the group known as Fancy Bear, APT28, or Pawn Storm, and how they used hacked emails of high-profile personnel at defense firms in the Middle East to carry out an attack._
[**Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape**](<https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/review-refocus-and-recalibrate-the-2019-mobile-threat-landscape>)
_Trend Micro analyzed 2019’s most notable mobile threats to assess the landscape and help users and enterprises reevaluate their measures and practices to defend against future threats. While there was a decrease in certain threats compared to 2018, in 2019 cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline._
Have you seen any COVID-19 related cyber-scams? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: [@JonLClay.](<https://twitter.com/jonlclay>)
The post [This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps](<https://blog.trendmicro.com/this-week-in-security-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links-and-hackers-hijack-routers-to-spread-malware-via-coronavirus-apps/>) appeared first on [](<https://blog.trendmicro.com>).
{"id": "TRENDMICROBLOG:778729113683CD1AC0A6B13B8CBAF857", "type": "trendmicroblog", "bulletinFamily": "blog", "title": "This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps", "description": "\n\nWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also, read about how hackers are hijacking routers and changing Domain Name System (DNS) settings in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps.\n\nRead on:\n\n[**Apple iOS Users Served Mobile Malware in Poisoned News Campaign**](<https://www.zdnet.com/article/apple-ios-users-served-mobile-malware-in-operation-poisoned-news-campaign/>)\n\n_Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware__. This week, Trend Micro researchers said the scheme, dubbed _[_Operation Poisoned News_](<https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/>)_, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories. _\n\n[**The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring**](<https://blog.trendmicro.com/the-wawa-breach-30-million-reasons-to-try-dark-web-monitoring/>)\n\n_Data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records._ _The latest data breach from convenience store and gas station chain Wawa could be one of the largest ever, affecting 30 million card records from customers._\n\n[**Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic**](<https://www.infosecurity-magazine.com/news-features/infosec-compassionate-covid19/>)\n\n_As the coronavirus pandemic continues, large numbers of organizations have been forced to implement work from home measures for staff. While working from home, employees are more susceptible to cybersecurity threats, especially with a rise in tailored COVID-19 cyber-scams.__ In this article, read about how Trend Micro and other information security companies have taken steps to offer free resources and support to organizations and employees at this difficult time. _\n\n[**Nefilim Ransomware Threatens to Expose Stolen Data**](<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/nefilim-ransomware-threatens-to-expose-stolen-data>)\n\n_A new ransomware named Nefilim has been discovered threatening to release its victims\u2019 data to the public if they fail to pay the ransom. It is most likely distributed through exposed Remote Desktop Protocol (RDP), as shared by SentinelLabs\u2019 Vitali Krimez and ID Ransomware's Michael Gillespie._\n\n[**Remember Cryptojacking from Way, Way Back (2019)? Site Infections are Down 99% \u2013 Thanks to Death of Coinhive**](<https://www.theregister.co.uk/2020/03/17/cryptojacking_coinhive/>)\n\n_Cryptojacking, the theft of computing power to mine digital currency, has been around at least since 2013 \u2013 and has shrunk in use dramatically with the death of Monero-mining service Coinhive. Since Coinhive's closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada. _\n\n[**Microsoft Alerts Users About Critical Font-Related Remote Code Execution Vulnerability in Windows**](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/microsoft-alerts-users-about-critical-font-related-remote-code-execution-vulnerability-in-windows>)\n\n_Microsoft released a security advisory on a zero-day remote code execution (RCE) vulnerability affecting Windows operating systems. The vulnerability is found in an unpatched library and comprises two RCE flaws found in Adobe Type Manager Library (atmfd.dll), a built-in library for the Adobe Type Manager font management tool in Windows. _\n\n[**Credit Card Skimmer Found on Tupperware Website**](<https://www.securityweek.com/credit-card-skimmer-found-tupperware-website>)\n\n_Cybercriminals hacked Tupperware.com and planted malicious code designed to steal payment card information, Malwarebytes warned this week. The credit card skimmer was planted on the main website and some of its localized versions. The website has nearly one million visitors every month, indicating that hackers may have obtained a significant number of payment card records. _\n\n[**Mirai Updates: New Variant Mukashi Targets NAS Devices, New Vulnerability Exploited in GPON Routers, UPX-Packed FBot**](<https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/mirai-updates-new-variant-mukashi-targets-nas-devices-new-vulnerability-exploited-in-gpon-routers-upx-packed-fbot>)\n\n_Researchers observed a number of new developments related to the internet of things (IoT) malware Mirai, which actively searches for vulnerabilities in IoT devices. A new Mirai variant named Mukashi was found attacking network-attached storage (NAS) devices, a new vulnerability in GPON routers was exploited by Mirai, and a UPX-packed Fbot variant was detected by a Trend Micro honeypot._\n\n[**Hackers Hijack Routers to Spread Malware Via Coronavirus Apps**](<https://threatpost.com/hackers-hijack-routers-to-spread-malware-via-coronavirus-apps/154170/>)\n\n_Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information stealing Oski malware._ _This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic._\n\n[**Working from Home? Here\u2019s What You Need for a Secure Setup**](<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/working-from-home-here-s-what-you-need-for-a-secure-setup>)\n\n_In response to the ongoing coronavirus outbreak, many companies have rolled out work-from-home arrangements. As a result, there has been an influx of employees signing in remotely to corporate networks and using cloud-based applications, potentially opening doors to security risks. In this blog, Trend Micro shares how security teams and home office users can mitigate the risks that come with remote-working setups. _\n\n[**Russian Hackers Using Stolen Corporate Email Accounts to Mask their Phishing Attempts**](<https://www.cyberscoop.com/fancy-bear-phishing-email-trend-micro-apt-28/>)\n\n_In the last year, Russian military intelligence hackers have used previously hacked email accounts to send a wide array of phishing attempts. Feike Hacquebord, senior threat researcher at Trend Micro, explains new research regarding the group known as Fancy Bear, APT28, or Pawn Storm, and how they used hacked emails of high-profile personnel at defense firms in the Middle East to carry out an attack._\n\n[**Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape**](<https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/review-refocus-and-recalibrate-the-2019-mobile-threat-landscape>)\n\n_Trend Micro analyzed 2019\u2019s most notable mobile threats to assess the landscape and help users and enterprises reevaluate their measures and practices to defend against future threats. While there was a decrease in certain threats compared to 2018, in 2019 cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline._\n\nHave you seen any COVID-19 related cyber-scams? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: [@JonLClay.](<https://twitter.com/jonlclay>)\n\nThe post [This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps](<https://blog.trendmicro.com/this-week-in-security-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links-and-hackers-hijack-routers-to-spread-malware-via-coronavirus-apps/>) appeared first on [](<https://blog.trendmicro.com>).", "published": "2020-03-27T12:50:03", "modified": "2020-03-27T12:50:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://blog.trendmicro.com/this-week-in-security-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links-and-hackers-hijack-routers-to-spread-malware-via-coronavirus-apps/", "reporter": "Jon Clay (Global Threat Communications)", "references": [], "cvelist": [], "lastseen": "2020-03-27T15:45:32", "viewCount": 53, "enchantments": {"dependencies": {}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645678939, "score": 1659814272, "epss": 1678892217}, "_internal": {"score_hash": "307de5abd455c954c4e9ac89710e96da"}}
This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps