Cyber Threat Report - 16 Jun 2021
SolarMarker - the remote access trojan hiding in online document templates
A Remote Access Trojan (RAT) has been found lurking in office form and document templates uploaded by threat actors to the internet.
In April, SolarMarker was found to be flooding search results with over 100,000 web pages offering free office forms such as CVs, invoices, receipts, and questionnaires.
The templates are filled with keywords that will make them more visible in Google searches for people looking for business style document templates, which when downloaded infects the victim's system with the trojan that can create backdoors and steal data.
Exercise caution when downloading such templates, use sites you trust and virus scan anything you download before you open it.
TeaBot virus spreading via fake antivirus app
TeaBot is a trojan virus that is being spread by a fake antivirus app pretending to be Kaspersky Internet Security for Android on third-party app stores.
The fake app is spreading the TeaBot banking trojan, aka HEUR: Trojan-Banker.AndroidOS.Teaban or HEUR: Trojan-Banker.AndroidOS.Regon which has powerful data-stealing capabilities.
Not much to say on this one really except avoid downloading apps from third-party stores and make sure 'only install apps from trusted sources' is enabled in your settings.
Peleton Bike+ vulnerability allowed complete control of the device
Peloton has just fixed a bug in the Peloton Bike+ that would allow an attacker to take complete control of the device, including its camera and microphone and harvest users Peloton accounts.
So how does the bug work?
Underneath the Peloton Bike's interface is a standard Android operating system and all Android operating systems have a feature that allows someone to upload and run a modified version of the OS. Now usually, for obvious reasons, this is set to 'locked' to prevent this and in Pelotons case they had set this correctly, however, the bug in the code meant that this could be bypassed as the system could not verify if the state was set to locked or unlocked.
The Peloton bug is another little reminder that any internet-enabled device you bring into your home and connect to your network could potentially be used as an attack vector or entry point into your home network. Devices such as smart speakers, TV's, wireless cameras, smart kitchen appliances and so on that use the internet to provide advanced features and connectivity are all known as 'Internet of Things' (IoT) devices, many of which have weak security (particularly the cheaper lesser-known brands) and are therefore a weak spot in your home network.
I've actually heard of people starting to put these devices on their own subnets (basically dividing your one network into two or more networks to separate certain devices from each other) for this very reason so that their laptops, PCs and phones aren't accessible from these devices should they be compromised.
It begs the question - do we really need everything to be connected to the internet?
I personally feel there needs to be a line drawn somewhere. The connectivity the internet has given us is incredible and has so many great uses, making life a lot easier for many of us, but do our toasters and fridges really need to be connected to the internet and be accessible from anywhere on the planet?
That's all for now, stay safe!