Popular search terms are part of a new attack, Car companies are selling device gathered data to data brokers and MacAfee claims to have software that will detect deep fakes on your laptop.
Welcome to Cyber Security Today. I’m your host Jim Love.
Researchers have identified a significant increase in malware infections linked to a malvertising campaign distributing a loader called FakeBat. This malware, also known as EugenLoader or PaykLoader, is associated with a threat actor named Eugenfest.
The Mandiant Managed Defense team reports that these attacks are opportunistic, targeting users searching for popular business software. The infection process uses a trojanized Microsoft Installer Package, or MSIX, which executes a PowerShell script to download additional malicious payloads.
What makes this campaign particularly noteworthy is its use of drive-by download techniques. Users searching for well-known software are redirected to fake websites hosting malicious installers disguised as legitimate programs like Brave, KeePass, Notion, Steam, and Zoom.
The threat actor behind this campaign, tracked as UNC4536, is essentially a malware distributor. FakeBat serves as a delivery mechanism for various malware families, including IcedID, RedLine Stealer, and Carbanak – the latter associated with the FIN7 cybercrime group.
One key insight is the sophisticated nature of these fake installers. They exploit a configuration called startScript, which allows them to execute malicious code before launching the main application, effectively bypassing user suspicion.
Another crucial point is FakeBat’s information-gathering capabilities. It collects system details, including operating system information, domain status, and installed antivirus products. Some variants even gather the host’s public IP addresses.
This campaign underscores the ongoing need for vigilance when downloading software, even from seemingly reputable sources. Users should always verify the authenticity of download sources and be wary of unexpected installer behavior.
Sources include: The Hacker News
And on the heels of the Public Data release of close to 3 billion records last week we are seeing another example of how these data brokers are gathering more and more data about all of us.
It turns out that major automakers are reportedly collecting and selling drivers’ data without their knowledge or consent. A recent investigation has revealed that companies like GM, Honda, Kia, Subaru, Hyundai, and Mitsubishi are tracking extensive driver data and sharing it with third-party brokers.
The data collected includes detailed information such as trip start and end times, driving distances, braking patterns, and acceleration habits. This level of surveillance raises significant privacy concerns, as one data broker reportedly has detailed driving data on over 10 million drivers.
The consequences of this data sharing are already becoming apparent. In one case, a driver experienced an unexplained 21% increase in his insurance premium overnight. It was later discovered that GM had sold his driving data to a third-party broker, which compiled a 130-page report on his driving behavior and sold it to his insurance company.
Beyond insurance rate hikes, the potential risks of this data sharing are substantial. R.J. Cross, Director of the Don’t Sell My Data Campaign at PIRG, warns: “With every secret handoff from data broker to buyer, we’re more at risk for data breaches, identity theft or targeted scams.”
What’s particularly troubling is that much of this data collection cannot be opted out of, as most new cars come equipped with some form of location-tracking technology. This leaves consumers in a difficult position, unable to prevent their personal information from being collected and potentially misused.
The situation calls for increased transparency and regulation in the not just the automotive industry, but for all devices that collect data on us as part of their function especially where companies sell data they collect to data brokers.
Sources include: pirg,org
McAfee has unveiled a new tool designed to detect AI-generated audio in videos across various platforms, including YouTube and X, formerly known as Twitter.
The McAfee Deepfake Detector focuses on identifying artificial intelligence-generated audio within almost any audio or video stream available on a PC. When the software detects AI-generated audio, it displays a red icon, which users can click for more details about the suspicious content.
This tool addresses a growing concern in the tech world. As Steve Grobman, McAfee’s Chief Technology Officer, explains, “The barrier to create AI-generated content has come way down, and consumers don’t really have great tools to know whether what they’re looking at is potentially generated with AI.”
What sets this tool apart is its on-device functionality. Unlike many AI-powered tools that rely on cloud processing, the Deepfake Detector operates locally on the user’s computer. This approach not only enhances privacy but also sets the stage for future applications that might involve more sensitive data analysis.
Grobman highlights the potential for this local processing in areas like malware detection, where analyzing a wider array of user content could improve security without compromising privacy or requiring excessive bandwidth.
It’s worth noting that the tool won’t work on content protected by digital rights management, which typically comes from major studios or large companies.
The McAfee Deepfake Detector will initially be available exclusively on Lenovo Copilot+ PCs through mid-September, with plans to expand to other PCs afterward.
As AI-generated content becomes more prevalent and sophisticated, tools like this could play a crucial role in helping users navigate an increasingly complex digital landscape.
Sources include: Axios
That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick. Cybersecurity returns to its three shows a week.
Our week in review show features our cybersecurity panel doing a deeper dive into the stories from this week. We post that just after midnight so it’s available for listening with your Saturday morning coffee.
I’m your host Jim Love. Thanks for listening.
