News for August 31, 2022

Malware Hidden in Webb Telescope Images
by Artie Kaye

Golang is a programming language which is being used by hackers to develop malware.  Part of the reason is because it functions on Windows, Mac, and Linux.  Another part is that it can be difficult to analyze, which can slow down response time for remedies.  A malware has been found to be taking advantage of the interest in the James Webb Space Telescope’s images.  A phishing campaign using an Office document attached promises images from space.  Opening it will encourage the user to click on some of the contents, which will download malicious code, as well as images from the telescope.  Because this malware is new and different, it likely won’t be caught by antimalware detection systems soon.  It is a reminder to practice good cyber hygiene, and not open files from untrusted sources.

Decentralized Finance Warning From FBI
by Artie Kaye

In a PSA released on August 29, the FBI warns people using decentralized finance to be cautious.  Cyber attacks against these institutions have caused investors to lose over $1.3 billion in the first quarter of 2022.  They recommend anyone choosing to invest research the platforms they’re doing business through.  Make sure a company has performed a code audit.  Be wary of any short time frames for signing up or investing.  Check if their source code is open or proprietary.  If you are planning to, or have already invested, checking this information can help keep your money safe.  The PSA is linked below.

Chrome Extensions Injecting Code and Cookies
by Artie Kaye

Five extensions were found to have code which could be considered malicious.  They would monitor the user’s activity online and send data to the creator’s server.  If the site being visited were an affiliated vendor, the extension would inject code and alter cookies which would credit its creator for any purchase.  To add to their deception, the function to inject code laid dormant for 15 days to decrease suspicion.  It is always recommended to check extensions before installing them, and to pay attention to what permissions they have or request on your machine.  Below are the extensions, their IDs, and user installs.

Name Extension ID Users 

Netflix Party mmnbenehknklpbendgmgngeaignppnbe 800,000 

Netflix Party 2 flijfnhifgdcbhglkneplegafminjnhn 300,000 

FlipShope – Price
Tracker Extension adikhbfjdbjkhelbdnffogkobkekkkej 80,000 

Full Page Screenshot
Capture –
Screenshotting pojgkmkfincpdkdgjepkmdekcahmckjp 200,000

AutoBuy Flash Sales gbnahglfafmhaehbdmjedfhdmimjcbed 20,000

Chrome Update 105
by Artie Kaye

Google has officially released version 105 of Chrome.  This update fixes 24 bugs that have been discovered in the program.  They report that they have seen no evidence of the high severity exploits being maliciously used in the wild.  Of note however, is a function which a website can use to overwrite your machine’s clipboard, replacing anything that a user had intended to paste elsewhere.  This mechanism can be found in other chrome based browsers, and will hopefully be patched by their developers.  Google’s release notes can be found in the link below.