Headline
Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
TEMPE, Ariz. and PRAGUE****, Feb. 9, 2023 /PRNewswire/ – Avast, a leader in digital security and privacy, and a brand of Gen™ (NASDAQ: GEN), saw an increase in threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, during Q4 of the calendar year 2022. Cybercriminals also remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details. Avast threat researchers also discovered zero-day exploits in Google Chrome and Windows. These vulnerabilities have since been patched. These insights are covered in the Avast Q4/2022 Threat Report.
“At the end of 2022, we have seen an increase in human-centered threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cybercriminals succeed,” said Jakub Kroustek, Avast Malware Research Director. “When people face surprising pop-up messages or emails, we recommend they stay calm and take a moment to think before they act. Threats are so ubiquitous today that it’s hard for consumers to keep up. It is our mission to help protect people by detecting threats and alerting users before they can do any harm, using the latest AI-based technology.”
Growth in refund and invoice fraud, and tech support scams
The Avast threat labs also saw an increase in tech support scam activity. Top affected countries include the United States, Brazil, Japan, Canada, and France. These scams often start with a pop-up window that alerts people of an alleged malware infection and urges them to call a helpline to resolve the issue. Scammers will convince the caller to set up a remote connection to their computer, opening the door to theft of personal information and money, as the criminals try to access people’s bank accounts or crypto wallets, and ask for a payment for their services.
“We recommend people ignore such pop-up messages and close the window with the escape key, or if that’s not possible, restart their computer,” advises Kroustek. “Also, never give remote access to your computer to somebody you don’t know.”
The Avast threat labs also saw an uptick in refund and invoice fraud of 14% from October to November 2022, and another increase of 22% in December. Refund fraud works in a comparable way to tech support scams, and often comes in the form of an email that looks like it was sent from a trusted company. People will receive an email including a fake receipt making them believe they were charged for a purchase they didn’t make. People are then tricked into calling a phone number, where an agent asks them to create a remote connection to their computer and open their banking account, so the person can see how the refund is done. The goal of the attacker is to steal the person’s money. In the case of invoice fraud, people, and more often businesses, receive bills for goods or services the business never ordered or received.
“To avoid invoice fraud, people need to pay close attention to invoices they receive. Fraudulent invoices often look legitimate, and people need to verify whether an order really was made, the service received, and whether the sender is truly who they pretend to be,” said Kroustek.
Information stealing adware, remote access trojans and bots
Web-based adware was also prevalent in the quarter, not only annoying people with intrusive ads, but also trying to steal their personal data. For example, people are asked to take part in a lottery, spinning a roulette wheel to win, and are then asked to enter their contact information and pay a “handling fee” using their credit card or Google Pay or Apple Pay account. Avast researchers also saw a flood of DealPly adware, which comes as a Google Chrome extension and sends statistical and search information to the attackers. The risk to get infected by DealPly increased around the world, most significantly in the Americas, in Europe, and South and Southeast Asia.
Avast researchers saw a significant increase of 437% in the global spread of the Arkei information stealer, which is known for stealing data from browsers’ autofill forms, passwords and other sources. There was also a 57% increase in people and businesses protected against AgentTesla, a strain of malware that often spreads through phishing emails to businesses and designed to steal credentials, as well as a 37% increase in RedLine stealer, which often spreads in cracked games and services, stealing information from browsers and cryptowallets.
Avast telemetry also shows that the global spread of LimeRAT tripled in Q4. LimeRAT is a remote access trojan capable of stealing passwords, cryptocurrencies, driving Distributed Denial of Service (DDoS) attacks and installing ransomware on a victim’s computer. It was mostly active in South and Southeast Asia and Latin America. The Emotet botnet, also a malware distributor with a wide variety of capabilities to steal information and spread malware, has evolved its technique of evading detection by antivirus software in the past few months through the use of timers to incrementally continue the payload’s execution. The Qakbot information stealer botnet has also evolved further and started using “HTML smuggling” to hide an encoded malicious script within an email attachment. For example, the threat actors have started abusing SVG images to hide malicious payloads and the code used for its reassembly.
Zero-day exploits in the wild
Two sophisticated zero-day exploits were also discovered by Avast researchers in the quarter. Avast protected its users as both were exploited in the wild. The first, CVE-2022-3723, was a type confusion in V8 and used to do a ‘get Remote Code Execution’ (RCE) against Google Chrome. Avast reported this vulnerability to Google who quickly rolled out a patch in just two days, on October 27, 2022. The second zero-day CVE-2023-21674, was an LPE vulnerability in ALPC that allowed attackers to get from the browser sandbox all the way into the Windows kernel. Microsoft patched this exploit in the January 2023 Patch Tuesday update. In addition, the Avast Q4/2022 Threat Report from the Avast Threat Labs shares insights into spyware, and the latest in mobile banking Trojans and Trojan SMS. Avast helps protect its users from all threats covered in the report. The Avast Q4/2022 Threat Report can be found on the Decoded blog: https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report
About Avast:
Avast is a leader in digital security and privacy, and a brand of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom through its family of trusted consumer brands. Avast protects hundreds of millions of users from online threats with a threat detection network that is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of the Coalition Against Stalkerware, No More Ransom and Internet Watch Foundation. Visit: www.avast.com.
SOURCE Avast Software, Inc.
Related news
Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These
January saw a slew of security patches for iOS, Chrome, Windows, and more.
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239115 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Nessus, Rapid7 and ZDI […]
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: CVE-2023-21674 Tags: APLC Tags: CVE-2023-21743 Tags: Sharepoint Tags: CVE-2023-21563 Tags: BitLocker The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges (Read more...) The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Categories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine (Read more...) The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.
With scant details attached, Google Chrome seeks to shore up yet another exploited zero-day vulnerability.
Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of