Mar 01 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s got bigger stories than Sam Bankman Fried’s hair style.
Today’s hottest cyber security stories:
A threat actor (posh way of saying hacker) managed to infiltrate Activision (the American gaming giant) back in December, but they kept it quiet.
Now, that’s backfired because the data has apparently been leaked and it’s not a great look that they didn’t tell anyone.
Be better, Activision!
Activision is most famous for games such as:
The hackers said they got hold of 19,444 unique records from an Activision Azure database amd are offering the lot out (get this!) for FREE.
The leaked data contains names, phone numbers, job titles, locations, and email addresses of Activision employees.
See tweet below, folks:
.@Activision was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.
Activision did not tell anyone.
— vx-underground (@vxunderground)
Feb 20, 2023
According to Activision, threat actors obtained the credentials of an HR employee through a smishing attack.
Smishing is a type of phishing attack that uses social engineering to get personal information about someone using text messaging.
The availability of Activision employees’ data in the cybercrime ecosystem exposes them to social engineering attacks.
You may have heard of the ChromeLoader browser hijacking malware. It’s been doing the rounds for quite a while now and was usually known for sneaking into systems via promoting fake giveaways, unwanted software, surveys, adult games, and dating sites. But now…. It’s coming for the gamers. Retro gamers, to be exact.
Give me the 411
Basically, ASEC (cybersecurity firm) security researchers have discovered a steady rise in the use of disk image files, such as ISO and VHD (definitions below), to distribute the dreaded ChromeLoader browser hijacking malware, in all its infectious infamy.
ISO: stands for the identical storage image of optical media. An ISO file contains all the same data you would transfer when copying data to CD, DVD, or Blu-ray.
VHD: A virtual hard disk is a virtualized file that appears and operates like a hard disk that’s physically connected to a system
In the ongoing campaign, malicious VHD files are designed to appear like either hacks or cracks for Nintendo and Steam on:
When a VHD file is downloaded, the user is redirected to a network of malvertising sites distributing the ChromeLoader extension.
ChromeLoader hijacks browser searches to show advertisements and later modifies the browser setting and collects credentials and browser data.
Is nothing sacred? Gotta Catch ‘Em All, huh? Maybe not this one. So yeah, be careful when you’re hacking and cracking, gamers 💀
This one’s a bit of fun. Thousands of real estates in the US favour a WordPress theme appropriately named Houzez.
The problem is, this theme’s not exactly safe as houses; in fact, it’s got a rather glaring vulnerability which promises to have hackers and threat actors interest rates rising.
The vulnerability has been described by security company Patchstack as “critical”.
Hang on, what’s Houzez again?
A ‘theme’ is a generic sort of skin that companies can use for their respective website. They provide aesthetics but also, in many cases, industry-specific functionality.
Houzez is a premium theme for the real estate industry, with more than 35,000 sales on ThemeForest. Basically, it allows agencies to easily manage content and listings.
Patchstack CTO Dave Jong discovered recently that the Houzez theme and its associated Houzez Login Register plugin are impacted by a critical vulnerability that can allow an unauthenticated attacker to hack WordPress websites. Uh-oh spaghetti-ohs.
Don’t leave the backdoor unlocked!
Long said: “It is safe to assume that if a site is exploited with this vulnerability and the attacker is logged in with administrator privileges, they are likely to upload a malicious plugin which contains a backdoor.
“This backdoor may perform actions such as listening for commands to be executed on a future date, inject advertisements into the website or redirect traffic to another malicious site.”
Hmm, there’s a theme here…
WordPress website owners and administrators using the Houzez theme should ensure that their installation is patched to prevent malicious exploitation.
Don’t forget to hatch a patch, folks!
So long and thanks for reading all the phish!