Ransomware, malware and fraud, three terms that no tech user wants to hear, especially when recent attacks have serious long-term consequences. For the first time in four years, a type of ransomware is specifically targeting Apple Mac computers and both infects a system and steals financial information from the device. A malware known as FakeSpy has been active for at least three years and has developed into a new attack via SMS phishing. Finally, two cybercriminals have been accused of business email compromise scams and money laundering.
It seems that these types of cyberattacks are happening more frequently in our modern world. However, these particular attacks will decide whether systems remain vulnerable to future attacks and may change the way criminals are brought to justice for their online crime. If consumers continue to accept these incidents as a part of the technology industry, there will be no chance of protecting data and improving security for consumers worldwide.
Mac Ransomware Offers Double Threat
The recent ransomware designed for Apple Mac computers, known as ThiefQuest, was recently discovered by a malware researcher at K7 Lab. This is the first ransomware tailored for these types of devices in four years, meaning the creators had specific intent in mind. ThiefQuest has spyware capabilities that allow it to extract files from an infected computer while also searching the system for passwords and cryptocurrency data. It also runs a keylogger, which takes passwords, credit card numbers, and other financial information.
The worst part is that it remains on a system as a backdoor even after a reboot and could potentially be the starting point for a second attack. In order for a Mac to become infected, a user must download pirated or unvetted software that has not been certified by Apple as being legitimate. ThiefQuest is being distributed within bundles of name-brand software and is designed to look like a Google software update program.
Researchers have found the ransomware portion of the attack to be somewhat buggy, but the malware portion of the attack is cleverly hidden. It will not run if security tools like Norton Antivirus are present and will lay low if opened in a digital environment used for security testing.
Director of Forensics for SecureData, Allan Buxton, said, “This is a dangerous escalation for ransomware attacks. They’re not just going after local files, but password theft opens cloud systems to attack as well, like Gmail or even mobile phone backups. Anyone with weak passwords and poor malware defenses really does run the risk of losing all their data if attacked successfully.”
FakeSpy Malware Launches New Phishing Attempt
The malware FakeSpy has been active in the wild since at least 2017 according to Bank Info Security. The creators have been refining the code over the years and have added capabilities to steal people’s personal information. The latest version has been targeting Android devices through SMS (short message service) phishing messages. These correspondences appear to come from legitimate postal and delivery services throughout the world. However, if a recipient clicks on links in the messages, malicious code is downloaded to the device and the malware is installed.
The information stealer can exfiltrate data including financial information including data from banking or cryptocurrency apps as well as contact information from the device. The whole message appears to be reliable because a user is waiting to receive a message about their package or a general update from their postal service. Once downloaded, the attackers send the SMS message to the victim’s phone contacts.
International Fraudsters Held Responsible by US
A pair of online fraudsters from Nigeria, Ramon Olorunwa Abbas and Olakean Jacob Ponle, were sent to the United States by the United Arab Emirates. Abbas is accused of money laundering schemes with the intent to gain hundreds of millions of dollars and was part of a plan to launder $14.7 million from a foreign financial institution. He also helped to take almost $923,000 from a New York law firm and was involved in an attack to steal $124 million from an English Premier League Club.
Ponle on the other hand, allegedly participated in fraud campaigns in 2019 that were worth tens of millions of dollars. One example was $15.2 million that was taken from a Chicago-based company. His tactic was to trick victims into wiring money to money mules, who then converted the funds to Bitcoin and sent them to a digital wallet.
The two are charged with business email compromise and could face up to 20 years in prison pending a conviction. This is the beginning of a possible move towards countries holding fraudsters responsible for their attacks no matter where they live, especially if the victims were in the country prosecuting.
Think Before You Click
Many of the attacks above could have been avoided if users followed cybersecurity rules more closely. In terms of Apple Mac ransomware, users should only download software that has been certified as secure and keep up-to-date on software updates. The FakeSpy malware asks a user for permissions as it is downloading and the user must give access to contacts and SMS messaging.
In the case of the large scale fraud attackers, some large scale attacks are too complex for companies to recognize, which is why pentesters and other security personnel are indispensable for any staff. The possible conviction for the fraudsters could be the beginning of a strong movement towards persecuting cybercriminals.
In the meantime, users need to take great pains to bolster their data security. The SecureForensics team at SecureData investigate cyber crimes such as data breaches, ransomware, fraud investigation and more to find what information was compromised and bring the attacker to justice with a court-admissible document of the evidence. SecureData also offers hardware encrypted storage devices to protect data from unauthorized parties and act as a long-term backup solution. Call 1-800-388-1266 to learn more.