Masslogger, cred-stealing trojan harvests logins from Chrome, Outlook and more<\/strong><\/h2>\n\n\nCisco Talos researchers warn against Masslogger Trojan being used in attacks designed to steal Microsoft Outlook, Google Chrome, and instant messengers account credentials. The operators have been linked to the use of AgentTesla, Formbook, and AsyncRAT.<\/p>\n\n\n\n
Delivered through phishing emails, the Masslogger trojan\u2019s latest variant is contained within a multi-volume RAR archive using the .chm file format and .r00 extensions, said Switchzilla\u2019s security research arm.<\/p>\n\n\n\n
Opening the \u201chelp\u201d file deploys the malware onto the target system.<\/p>\n\n\n\n
Cisco Talos added: \u201cMasslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel web application.\u201d<\/p>\n\n\n\n
Apps vulnerable to these dastardly cred-stealing doings include Discord, Microsoft Outlook, Mozilla Thunderbird, Firefox and Chromium-based browsers. The malware also tries to exclude itself from Windows Defender scans.<\/p>\n\n\n\n
The second stage of the infection is a PowerShell script, a common technique, that loads the main Masslogger loader from compromised legitimate hosts as a .jpg file. From there the loader is deployed and executed.<\/p>\n\n\n\n
Talos said the malicious folk behind Masslogger were mostly targeting southern and eastern European countries.<\/p>\n\n\n\n
Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n![\"\"](\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/12\/beta-zapisy-en.png\")
<\/a><\/figure><\/div>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nWindows and Linux servers targeted by new WatchDog botnet for almost\u2026 two years<\/strong><\/h2>\n\n\nCryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years \u2013 in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. It is clear that the WatchDog operators are skilled coders and have enjoyed a relative lack of attention regarding their mining operations. <\/p>\n\n\n\n
The attack is still in operation and due to the size and scope of the infrastructure, it will be difficult to fully contain. Attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency. However, researchers estimated the size of the botnet to be around 500 to 1,000 infected systems.<\/p>\n\n\n\n
Right now, the attackers behind this campaign are sticking to cryptojacking. But it is \u201chighly likely\u201d they could find identity and access management (IAM) data on previously-compromised cloud systems, due to the root and administrative access that\u2019s acquired during the malware implantation. This could open the door for future \u2013 and more dangerous \u2013 attacks. On infected servers, WatchDog usually runs with admin privileges and could perform a credentials scan & dump without any difficulty, if its creators ever wished to.<\/p>\n\n\n\n
The point of entry for their attacks has been outdated enterprise apps. According to an analysis of the WatchDog botnet operations published on Wednesday, Unit 42 said the botnet operators used 33 different exploits to target 32 vulnerabilities in software such as:<\/p>\n\n\n\n
Drupal, Elasticsearch, Apache Hadoop, Redis, Spring Data Commons, SQL Server, ThinkPHP, Oracle WebLogic, CCTV.<\/p>\n\n\n\n
Profits were estimated at 209 Monero coins, currently valued at around $32,000, but the real figure is believed to be much higher since researchers only managed to analyze a few binaries, and the WatchDog gang is thought to have used many more Monero addresses to collect their illegal crypto-mining funds.<\/p>\n\n\n\n
How can you protect your system? Let us say it once again and again – keep systems and apps up to date to prevent attacks using exploits for old vulnerabilities.<\/p>\n\n\n\n
Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nBarcode Scanner<\/strong>: a popular Android app has become malware\u2026 overnight<\/strong><\/h2>\n\n\nEarlier this month, cybersecurity firm Malwarebytes explored how a trusted, useful barcode and QR code scanner app on Google Play became malware after a few malicious updates.<\/p>\n\n\n\n
Innocent software until proven guilty?<\/strong><\/p>\n\n\n\nThe app gathered a quite large community \u2013 with over 10 million installs \u2013 over the years. But in recent months, users began to complain that their mobile devices were suddenly full of unwanted adverts. Barcode Scanner was fingered as the culprit and the source of the nuisance were, tracked as Android\/Trojan.HiddenAds.AdQR. The researchers tracked malicious updates during which an aggressive advert pushing was implemented in the app’s code. The app’s analytics code was also modified and updates were heavily obfuscated.<\/p>\n\n\n\n
The owner – Lavabird Ltd. – was likely to blame. However, further investigation showed that there was a third-party involved \u2013 literally, a buyer, later the app\u2019s new owner.<\/p>\n\n\n\n
What really happened?<\/strong><\/p>\n\n\n\nFor a start a clever social engineering feat in which malware developers purchased an already popular app and exploited it. This way, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections. And by being able to modify the app’s code before full purchase \u2013 during the test access to the Google Play app\u2019s console to verify the software’s key and password prior to purchase – and transfer, they were able to test if their malware went undetected by Google Play on another company’s account.<\/p>\n\n\n\n
Neat.<\/p>\n\n\n\n
Source<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nIt\u2019s official! SolarWinds hackers stole some Microsoft Azure, Exchange and Intune source code<\/strong><\/h2>\n\n\nIn January we reported<\/a> that SolarWinds attackers were able to view some of Microsoft source code. During that time Microsoft has not found evidence of access to production services or customer data. But it did find something – an internal account had been used to view source code in a number of code repositories.<\/p>\n\n\n\nJust a few days ago Microsoft released the final update into their investigation and determined that the hackers could only access a few files for most repositories. However, for some repos, including ones for Azure, Intune, and Exchange, the attackers could download component source code.<\/p>\n\n\n\n
Small subsets of Azure (subsets of service, security, identity), Intune and Exchange components.<\/p>\n\n\n\n
The investigation confirmed voiced earlier assumptions that the accessed code did not contain any credentials \u2013 which is good information.<\/p>\n\n\n\n
Not just your every-day attack<\/strong><\/p>\n\n\n\nMicrosoft\u2019s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. It is possible that we are dealing with the largest and most sophisticated attack the world has ever seen. This discovery is disconcerting and could give us an idea of the complexity of the attack and of the effort spent by the threat actors.<\/p>\n\n\n\n
Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nDo you have thirst for knowledge? There are ten more cybersecurity stories below<\/h2>\n\n\n
1. Egregor ransomware criminals allegedly busted in Ukraine (Naked Security<\/a>)
2. A new Bluetooth overlay skimmer block chip-based transactions (Dark Reading<\/a>)
3. Microsoft will alert Office 365<\/a> admins of Forms phishing attempts (Bleeping Computer<\/a>)
4. 270 addresses are responsible for 55% of all cryptocurrency money laundering (ZDNet<\/a>)
5. Tracker pixels in emails are now an \u2018endemic\u2019 privacy concern (ZDNet<\/a>)
6. Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites (ZDNet<\/a>)
7. First Malware Designed for Apple M1 Chip Discovered in the Wild (The Hacker News<\/a>)
8. Kia Faces $20M DoppelPaymer Ransomware Attack (Dark Reading<\/a>)
9. Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (The Hacker News<\/a>)
10. Hackers steal credit card data abusing Google\u2019s Apps Script (Security Affairs<\/a>)<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.<\/p>\n","protected":false},"author":1,"featured_media":2447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[],"class_list":["post-3780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-news","post--single"],"yoast_head":"\n
Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials<\/title>\n<meta name=\"description\" content=\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials\" \/>\n<meta property=\"og:description\" content=\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"Xopero Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-22T08:18:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T10:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1843\" \/>\n\t<meta property=\"og:image:height\" content=\"481\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"xopero_blogger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:site\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"xopero_blogger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"},\"author\":{\"name\":\"xopero_blogger\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\"},\"headline\":\"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials\",\"datePublished\":\"2021-02-22T08:18:55+00:00\",\"dateModified\":\"2024-05-15T10:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"},\"wordCount\":1264,\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"articleSection\":[\"Cybersec news\"],\"inLanguage\":\"pl-PL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\",\"name\":\"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"datePublished\":\"2021-02-22T08:18:55+00:00\",\"dateModified\":\"2024-05-15T10:00:35+00:00\",\"description\":\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"width\":1843,\"height\":481},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/xopero.com\\\/blog\\\/pl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"name\":\"Xopero Blog\",\"description\":\"Backup & Recovery\",\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xopero.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\",\"name\":\"Xopero Software\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"width\":500,\"height\":132,\"caption\":\"Xopero Software\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XoperoSoftware\\\/\",\"https:\\\/\\\/x.com\\\/xoperobackup\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/opero-sp-z-o-o-\\\/?viewAsMember=true\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\",\"name\":\"xopero_blogger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"caption\":\"xopero_blogger\"},\"sameAs\":[\"https:\\\/\\\/xopero.com\"],\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/author\\\/xopero_blogger\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","og_locale":"pl_PL","og_type":"article","og_title":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","og_description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","og_url":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","og_site_name":"Xopero Blog","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2021-02-22T08:18:55+00:00","article_modified_time":"2024-05-15T10:00:35+00:00","og_image":[{"width":1843,"height":481,"url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","type":"image\/png"}],"author":"xopero_blogger","twitter_card":"summary_large_image","twitter_creator":"@xoperobackup","twitter_site":"@xoperobackup","twitter_misc":{"Napisane przez":"xopero_blogger","Szacowany czas czytania":"6 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#article","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"},"author":{"name":"xopero_blogger","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c"},"headline":"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials","datePublished":"2021-02-22T08:18:55+00:00","dateModified":"2024-05-15T10:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"},"wordCount":1264,"publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","articleSection":["Cybersec news"],"inLanguage":"pl-PL"},{"@type":"WebPage","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","url":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","name":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","datePublished":"2021-02-22T08:18:55+00:00","dateModified":"2024-05-15T10:00:35+00:00","description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","breadcrumb":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","width":1843,"height":481},{"@type":"BreadcrumbList","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/xopero.com\/blog\/pl\/"},{"@type":"ListItem","position":2,"name":"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials"}]},{"@type":"WebSite","@id":"https:\/\/xopero.com\/blog\/#website","url":"https:\/\/xopero.com\/blog\/","name":"Xopero Blog","description":"Backup & Recovery","publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xopero.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/xopero.com\/blog\/#organization","name":"Xopero Software","url":"https:\/\/xopero.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","width":500,"height":132,"caption":"Xopero Software"},"image":{"@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/xoperobackup","https:\/\/www.linkedin.com\/company\/opero-sp-z-o-o-\/?viewAsMember=true","https:\/\/www.youtube.com\/channel\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9"]},{"@type":"Person","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c","name":"xopero_blogger","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","caption":"xopero_blogger"},"sameAs":["https:\/\/xopero.com"],"url":"https:\/\/xopero.com\/blog\/author\/xopero_blogger\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/comments?post=3780"}],"version-history":[{"count":9,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780\/revisions"}],"predecessor-version":[{"id":5836,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780\/revisions\/5836"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media\/2447"}],"wp:attachment":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media?parent=3780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/categories?post=3780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/tags?post=3780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/a><\/figure><\/div>\n\n\n\nWindows and Linux servers targeted by new WatchDog botnet for almost\u2026 two years<\/strong><\/h2>\n\n\nCryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years \u2013 in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. It is clear that the WatchDog operators are skilled coders and have enjoyed a relative lack of attention regarding their mining operations. <\/p>\n\n\n\n
The attack is still in operation and due to the size and scope of the infrastructure, it will be difficult to fully contain. Attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency. However, researchers estimated the size of the botnet to be around 500 to 1,000 infected systems.<\/p>\n\n\n\n
Right now, the attackers behind this campaign are sticking to cryptojacking. But it is \u201chighly likely\u201d they could find identity and access management (IAM) data on previously-compromised cloud systems, due to the root and administrative access that\u2019s acquired during the malware implantation. This could open the door for future \u2013 and more dangerous \u2013 attacks. On infected servers, WatchDog usually runs with admin privileges and could perform a credentials scan & dump without any difficulty, if its creators ever wished to.<\/p>\n\n\n\n
The point of entry for their attacks has been outdated enterprise apps. According to an analysis of the WatchDog botnet operations published on Wednesday, Unit 42 said the botnet operators used 33 different exploits to target 32 vulnerabilities in software such as:<\/p>\n\n\n\n
Drupal, Elasticsearch, Apache Hadoop, Redis, Spring Data Commons, SQL Server, ThinkPHP, Oracle WebLogic, CCTV.<\/p>\n\n\n\n
Profits were estimated at 209 Monero coins, currently valued at around $32,000, but the real figure is believed to be much higher since researchers only managed to analyze a few binaries, and the WatchDog gang is thought to have used many more Monero addresses to collect their illegal crypto-mining funds.<\/p>\n\n\n\n
How can you protect your system? Let us say it once again and again – keep systems and apps up to date to prevent attacks using exploits for old vulnerabilities.<\/p>\n\n\n\n
Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nBarcode Scanner<\/strong>: a popular Android app has become malware\u2026 overnight<\/strong><\/h2>\n\n\nEarlier this month, cybersecurity firm Malwarebytes explored how a trusted, useful barcode and QR code scanner app on Google Play became malware after a few malicious updates.<\/p>\n\n\n\n
Innocent software until proven guilty?<\/strong><\/p>\n\n\n\nThe app gathered a quite large community \u2013 with over 10 million installs \u2013 over the years. But in recent months, users began to complain that their mobile devices were suddenly full of unwanted adverts. Barcode Scanner was fingered as the culprit and the source of the nuisance were, tracked as Android\/Trojan.HiddenAds.AdQR. The researchers tracked malicious updates during which an aggressive advert pushing was implemented in the app’s code. The app’s analytics code was also modified and updates were heavily obfuscated.<\/p>\n\n\n\n
The owner – Lavabird Ltd. – was likely to blame. However, further investigation showed that there was a third-party involved \u2013 literally, a buyer, later the app\u2019s new owner.<\/p>\n\n\n\n
What really happened?<\/strong><\/p>\n\n\n\nFor a start a clever social engineering feat in which malware developers purchased an already popular app and exploited it. This way, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections. And by being able to modify the app’s code before full purchase \u2013 during the test access to the Google Play app\u2019s console to verify the software’s key and password prior to purchase – and transfer, they were able to test if their malware went undetected by Google Play on another company’s account.<\/p>\n\n\n\n
Neat.<\/p>\n\n\n\n
Source<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nIt\u2019s official! SolarWinds hackers stole some Microsoft Azure, Exchange and Intune source code<\/strong><\/h2>\n\n\nIn January we reported<\/a> that SolarWinds attackers were able to view some of Microsoft source code. During that time Microsoft has not found evidence of access to production services or customer data. But it did find something – an internal account had been used to view source code in a number of code repositories.<\/p>\n\n\n\nJust a few days ago Microsoft released the final update into their investigation and determined that the hackers could only access a few files for most repositories. However, for some repos, including ones for Azure, Intune, and Exchange, the attackers could download component source code.<\/p>\n\n\n\n
Small subsets of Azure (subsets of service, security, identity), Intune and Exchange components.<\/p>\n\n\n\n
The investigation confirmed voiced earlier assumptions that the accessed code did not contain any credentials \u2013 which is good information.<\/p>\n\n\n\n
Not just your every-day attack<\/strong><\/p>\n\n\n\nMicrosoft\u2019s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. It is possible that we are dealing with the largest and most sophisticated attack the world has ever seen. This discovery is disconcerting and could give us an idea of the complexity of the attack and of the effort spent by the threat actors.<\/p>\n\n\n\n
Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nDo you have thirst for knowledge? There are ten more cybersecurity stories below<\/h2>\n\n\n
1. Egregor ransomware criminals allegedly busted in Ukraine (Naked Security<\/a>)
2. A new Bluetooth overlay skimmer block chip-based transactions (Dark Reading<\/a>)
3. Microsoft will alert Office 365<\/a> admins of Forms phishing attempts (Bleeping Computer<\/a>)
4. 270 addresses are responsible for 55% of all cryptocurrency money laundering (ZDNet<\/a>)
5. Tracker pixels in emails are now an \u2018endemic\u2019 privacy concern (ZDNet<\/a>)
6. Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites (ZDNet<\/a>)
7. First Malware Designed for Apple M1 Chip Discovered in the Wild (The Hacker News<\/a>)
8. Kia Faces $20M DoppelPaymer Ransomware Attack (Dark Reading<\/a>)
9. Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (The Hacker News<\/a>)
10. Hackers steal credit card data abusing Google\u2019s Apps Script (Security Affairs<\/a>)<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.<\/p>\n","protected":false},"author":1,"featured_media":2447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[],"class_list":["post-3780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-news","post--single"],"yoast_head":"\n
Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials<\/title>\n<meta name=\"description\" content=\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials\" \/>\n<meta property=\"og:description\" content=\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"Xopero Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-22T08:18:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T10:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1843\" \/>\n\t<meta property=\"og:image:height\" content=\"481\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"xopero_blogger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:site\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"xopero_blogger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"},\"author\":{\"name\":\"xopero_blogger\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\"},\"headline\":\"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials\",\"datePublished\":\"2021-02-22T08:18:55+00:00\",\"dateModified\":\"2024-05-15T10:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"},\"wordCount\":1264,\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"articleSection\":[\"Cybersec news\"],\"inLanguage\":\"pl-PL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\",\"name\":\"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"datePublished\":\"2021-02-22T08:18:55+00:00\",\"dateModified\":\"2024-05-15T10:00:35+00:00\",\"description\":\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"width\":1843,\"height\":481},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/xopero.com\\\/blog\\\/pl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"name\":\"Xopero Blog\",\"description\":\"Backup & Recovery\",\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xopero.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\",\"name\":\"Xopero Software\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"width\":500,\"height\":132,\"caption\":\"Xopero Software\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XoperoSoftware\\\/\",\"https:\\\/\\\/x.com\\\/xoperobackup\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/opero-sp-z-o-o-\\\/?viewAsMember=true\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\",\"name\":\"xopero_blogger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"caption\":\"xopero_blogger\"},\"sameAs\":[\"https:\\\/\\\/xopero.com\"],\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/author\\\/xopero_blogger\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","og_locale":"pl_PL","og_type":"article","og_title":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","og_description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","og_url":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","og_site_name":"Xopero Blog","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2021-02-22T08:18:55+00:00","article_modified_time":"2024-05-15T10:00:35+00:00","og_image":[{"width":1843,"height":481,"url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","type":"image\/png"}],"author":"xopero_blogger","twitter_card":"summary_large_image","twitter_creator":"@xoperobackup","twitter_site":"@xoperobackup","twitter_misc":{"Napisane przez":"xopero_blogger","Szacowany czas czytania":"6 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#article","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"},"author":{"name":"xopero_blogger","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c"},"headline":"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials","datePublished":"2021-02-22T08:18:55+00:00","dateModified":"2024-05-15T10:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"},"wordCount":1264,"publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","articleSection":["Cybersec news"],"inLanguage":"pl-PL"},{"@type":"WebPage","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","url":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","name":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","datePublished":"2021-02-22T08:18:55+00:00","dateModified":"2024-05-15T10:00:35+00:00","description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","breadcrumb":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","width":1843,"height":481},{"@type":"BreadcrumbList","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/xopero.com\/blog\/pl\/"},{"@type":"ListItem","position":2,"name":"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials"}]},{"@type":"WebSite","@id":"https:\/\/xopero.com\/blog\/#website","url":"https:\/\/xopero.com\/blog\/","name":"Xopero Blog","description":"Backup & Recovery","publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xopero.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/xopero.com\/blog\/#organization","name":"Xopero Software","url":"https:\/\/xopero.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","width":500,"height":132,"caption":"Xopero Software"},"image":{"@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/xoperobackup","https:\/\/www.linkedin.com\/company\/opero-sp-z-o-o-\/?viewAsMember=true","https:\/\/www.youtube.com\/channel\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9"]},{"@type":"Person","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c","name":"xopero_blogger","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","caption":"xopero_blogger"},"sameAs":["https:\/\/xopero.com"],"url":"https:\/\/xopero.com\/blog\/author\/xopero_blogger\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/comments?post=3780"}],"version-history":[{"count":9,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780\/revisions"}],"predecessor-version":[{"id":5836,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780\/revisions\/5836"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media\/2447"}],"wp:attachment":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media?parent=3780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/categories?post=3780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/tags?post=3780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Barcode Scanner<\/strong>: a popular Android app has become malware\u2026 overnight<\/strong><\/h2>\n\n\nEarlier this month, cybersecurity firm Malwarebytes explored how a trusted, useful barcode and QR code scanner app on Google Play became malware after a few malicious updates.<\/p>\n\n\n\n
Innocent software until proven guilty?<\/strong><\/p>\n\n\n\nThe app gathered a quite large community \u2013 with over 10 million installs \u2013 over the years. But in recent months, users began to complain that their mobile devices were suddenly full of unwanted adverts. Barcode Scanner was fingered as the culprit and the source of the nuisance were, tracked as Android\/Trojan.HiddenAds.AdQR. The researchers tracked malicious updates during which an aggressive advert pushing was implemented in the app’s code. The app’s analytics code was also modified and updates were heavily obfuscated.<\/p>\n\n\n\n
The owner – Lavabird Ltd. – was likely to blame. However, further investigation showed that there was a third-party involved \u2013 literally, a buyer, later the app\u2019s new owner.<\/p>\n\n\n\n
What really happened?<\/strong><\/p>\n\n\n\nFor a start a clever social engineering feat in which malware developers purchased an already popular app and exploited it. This way, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections. And by being able to modify the app’s code before full purchase \u2013 during the test access to the Google Play app\u2019s console to verify the software’s key and password prior to purchase – and transfer, they were able to test if their malware went undetected by Google Play on another company’s account.<\/p>\n\n\n\n
Neat.<\/p>\n\n\n\n
Source<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nIt\u2019s official! SolarWinds hackers stole some Microsoft Azure, Exchange and Intune source code<\/strong><\/h2>\n\n\nIn January we reported<\/a> that SolarWinds attackers were able to view some of Microsoft source code. During that time Microsoft has not found evidence of access to production services or customer data. But it did find something – an internal account had been used to view source code in a number of code repositories.<\/p>\n\n\n\nJust a few days ago Microsoft released the final update into their investigation and determined that the hackers could only access a few files for most repositories. However, for some repos, including ones for Azure, Intune, and Exchange, the attackers could download component source code.<\/p>\n\n\n\n
Small subsets of Azure (subsets of service, security, identity), Intune and Exchange components.<\/p>\n\n\n\n
The investigation confirmed voiced earlier assumptions that the accessed code did not contain any credentials \u2013 which is good information.<\/p>\n\n\n\n
Not just your every-day attack<\/strong><\/p>\n\n\n\nMicrosoft\u2019s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. It is possible that we are dealing with the largest and most sophisticated attack the world has ever seen. This discovery is disconcerting and could give us an idea of the complexity of the attack and of the effort spent by the threat actors.<\/p>\n\n\n\n
Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n<\/div>\n\n\n\n<\/a>\n\n\nDo you have thirst for knowledge? There are ten more cybersecurity stories below<\/h2>\n\n\n
1. Egregor ransomware criminals allegedly busted in Ukraine (Naked Security<\/a>)
2. A new Bluetooth overlay skimmer block chip-based transactions (Dark Reading<\/a>)
3. Microsoft will alert Office 365<\/a> admins of Forms phishing attempts (Bleeping Computer<\/a>)
4. 270 addresses are responsible for 55% of all cryptocurrency money laundering (ZDNet<\/a>)
5. Tracker pixels in emails are now an \u2018endemic\u2019 privacy concern (ZDNet<\/a>)
6. Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites (ZDNet<\/a>)
7. First Malware Designed for Apple M1 Chip Discovered in the Wild (The Hacker News<\/a>)
8. Kia Faces $20M DoppelPaymer Ransomware Attack (Dark Reading<\/a>)
9. Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (The Hacker News<\/a>)
10. Hackers steal credit card data abusing Google\u2019s Apps Script (Security Affairs<\/a>)<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.<\/p>\n","protected":false},"author":1,"featured_media":2447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[],"class_list":["post-3780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-news","post--single"],"yoast_head":"\n
Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials<\/title>\n<meta name=\"description\" content=\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials\" \/>\n<meta property=\"og:description\" content=\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"Xopero Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-22T08:18:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T10:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1843\" \/>\n\t<meta property=\"og:image:height\" content=\"481\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"xopero_blogger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:site\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"xopero_blogger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"},\"author\":{\"name\":\"xopero_blogger\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\"},\"headline\":\"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials\",\"datePublished\":\"2021-02-22T08:18:55+00:00\",\"dateModified\":\"2024-05-15T10:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"},\"wordCount\":1264,\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"articleSection\":[\"Cybersec news\"],\"inLanguage\":\"pl-PL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\",\"name\":\"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"datePublished\":\"2021-02-22T08:18:55+00:00\",\"dateModified\":\"2024-05-15T10:00:35+00:00\",\"description\":\"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"width\":1843,\"height\":481},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/xopero.com\\\/blog\\\/pl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"name\":\"Xopero Blog\",\"description\":\"Backup & Recovery\",\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xopero.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\",\"name\":\"Xopero Software\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"width\":500,\"height\":132,\"caption\":\"Xopero Software\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XoperoSoftware\\\/\",\"https:\\\/\\\/x.com\\\/xoperobackup\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/opero-sp-z-o-o-\\\/?viewAsMember=true\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\",\"name\":\"xopero_blogger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"caption\":\"xopero_blogger\"},\"sameAs\":[\"https:\\\/\\\/xopero.com\"],\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/author\\\/xopero_blogger\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","og_locale":"pl_PL","og_type":"article","og_title":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","og_description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","og_url":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","og_site_name":"Xopero Blog","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2021-02-22T08:18:55+00:00","article_modified_time":"2024-05-15T10:00:35+00:00","og_image":[{"width":1843,"height":481,"url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","type":"image\/png"}],"author":"xopero_blogger","twitter_card":"summary_large_image","twitter_creator":"@xoperobackup","twitter_site":"@xoperobackup","twitter_misc":{"Napisane przez":"xopero_blogger","Szacowany czas czytania":"6 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#article","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"},"author":{"name":"xopero_blogger","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c"},"headline":"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials","datePublished":"2021-02-22T08:18:55+00:00","dateModified":"2024-05-15T10:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"},"wordCount":1264,"publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","articleSection":["Cybersec news"],"inLanguage":"pl-PL"},{"@type":"WebPage","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","url":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/","name":"Masslogger comeback - a new and powerful variant steals Outlook and Chrome credentials","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","datePublished":"2021-02-22T08:18:55+00:00","dateModified":"2024-05-15T10:00:35+00:00","description":"MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform...","breadcrumb":{"@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#primaryimage","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","width":1843,"height":481},{"@type":"BreadcrumbList","@id":"https:\/\/xopero.com\/blog\/en\/masslogger-comeback-a-new-and-powerful-variant-steals-outlook-and-chrome-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/xopero.com\/blog\/pl\/"},{"@type":"ListItem","position":2,"name":"Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials"}]},{"@type":"WebSite","@id":"https:\/\/xopero.com\/blog\/#website","url":"https:\/\/xopero.com\/blog\/","name":"Xopero Blog","description":"Backup & Recovery","publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xopero.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/xopero.com\/blog\/#organization","name":"Xopero Software","url":"https:\/\/xopero.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","width":500,"height":132,"caption":"Xopero Software"},"image":{"@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/xoperobackup","https:\/\/www.linkedin.com\/company\/opero-sp-z-o-o-\/?viewAsMember=true","https:\/\/www.youtube.com\/channel\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9"]},{"@type":"Person","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c","name":"xopero_blogger","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","caption":"xopero_blogger"},"sameAs":["https:\/\/xopero.com"],"url":"https:\/\/xopero.com\/blog\/author\/xopero_blogger\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/comments?post=3780"}],"version-history":[{"count":9,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780\/revisions"}],"predecessor-version":[{"id":5836,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3780\/revisions\/5836"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media\/2447"}],"wp:attachment":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media?parent=3780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/categories?post=3780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/tags?post=3780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
The app gathered a quite large community \u2013 with over 10 million installs \u2013 over the years. But in recent months, users began to complain that their mobile devices were suddenly full of unwanted adverts. Barcode Scanner was fingered as the culprit and the source of the nuisance were, tracked as Android\/Trojan.HiddenAds.AdQR. The researchers tracked malicious updates during which an aggressive advert pushing was implemented in the app’s code. The app’s analytics code was also modified and updates were heavily obfuscated.<\/p>\n\n\n\n
The owner – Lavabird Ltd. – was likely to blame. However, further investigation showed that there was a third-party involved \u2013 literally, a buyer, later the app\u2019s new owner.<\/p>\n\n\n\n
What really happened?<\/strong><\/p>\n\n\n\n For a start a clever social engineering feat in which malware developers purchased an already popular app and exploited it. This way, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections. And by being able to modify the app’s code before full purchase \u2013 during the test access to the Google Play app\u2019s console to verify the software’s key and password prior to purchase – and transfer, they were able to test if their malware went undetected by Google Play on another company’s account.<\/p>\n\n\n\n Neat.<\/p>\n\n\n\n Source<\/a><\/p>\n\n\n\n In January we reported<\/a> that SolarWinds attackers were able to view some of Microsoft source code. During that time Microsoft has not found evidence of access to production services or customer data. But it did find something – an internal account had been used to view source code in a number of code repositories.<\/p>\n\n\n\n Just a few days ago Microsoft released the final update into their investigation and determined that the hackers could only access a few files for most repositories. However, for some repos, including ones for Azure, Intune, and Exchange, the attackers could download component source code.<\/p>\n\n\n\n Small subsets of Azure (subsets of service, security, identity), Intune and Exchange components.<\/p>\n\n\n\n The investigation confirmed voiced earlier assumptions that the accessed code did not contain any credentials \u2013 which is good information.<\/p>\n\n\n\n Not just your every-day attack<\/strong><\/p>\n\n\n\n Microsoft\u2019s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. It is possible that we are dealing with the largest and most sophisticated attack the world has ever seen. This discovery is disconcerting and could give us an idea of the complexity of the attack and of the effort spent by the threat actors.<\/p>\n\n\n\n Source: 1<\/a> | 2<\/a><\/p>\n\n\n\n 1. Egregor ransomware criminals allegedly busted in Ukraine (Naked Security<\/a>) MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.<\/p>\n","protected":false},"author":1,"featured_media":2447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[],"class_list":["post-3780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-news","post--single"],"yoast_head":"\nIt\u2019s official! SolarWinds hackers stole some Microsoft Azure, Exchange and Intune source code<\/strong><\/h2>\n\n\n
Do you have thirst for knowledge? There are ten more cybersecurity stories below<\/h2>\n\n\n
2. A new Bluetooth overlay skimmer block chip-based transactions (Dark Reading<\/a>)
3. Microsoft will alert Office 365<\/a> admins of Forms phishing attempts (Bleeping Computer<\/a>)
4. 270 addresses are responsible for 55% of all cryptocurrency money laundering (ZDNet<\/a>)
5. Tracker pixels in emails are now an \u2018endemic\u2019 privacy concern (ZDNet<\/a>)
6. Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites (ZDNet<\/a>)
7. First Malware Designed for Apple M1 Chip Discovered in the Wild (The Hacker News<\/a>)
8. Kia Faces $20M DoppelPaymer Ransomware Attack (Dark Reading<\/a>)
9. Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (The Hacker News<\/a>)
10. Hackers steal credit card data abusing Google\u2019s Apps Script (Security Affairs<\/a>)<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"