Tag Archive for: search

Crooks manipulate GitHub’s search results to distribute malware

/in


Crooks manipulate GitHub’s search results to distribute malware

Pierluigi Paganini
April 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware.

Checkmarx researchers reported that threat actors are manipulating GitHub search results to deliver persistent malware to developers systems.

Attackers behind this campaign create malicious repositories with popular names and topics, they were observed using techniques like automated updates and fake stars to boost search rankings.

“By leveraging GitHub Actions, the attackers automatically update the repositories at a very high frequency by modifying a file, usually called “log”, with the current date and time or just some random small change. This continuous activity artificially boosts the repositories’ visibility, especially for instances where users filter their results by “most recently updated,” increasing the likelihood of unsuspecting users finding and accessing them.” reads the report published by Checkmarx. “While automatic updates help, the attackers combine another technique to amplify the effectiveness of their repo making it to the top results. The attackers employed multiple fake accounts to add bogus stars, creating an illusion of popularity and trustworthiness.”

To evade detection, threat actors concealed the malicious code in Visual Studio project files (.csproj or .vcxproj), it is automatically executed when the project is built.

GitHub malware

The researchers noticed that the payload is delivered based on the victim’s origin, and is not distributed to users in Russia.

In the recent campaign, the threat actors used a sizable, padded executable file that shares similarities with the “Keyzetsu clipper” malware.

The recent malware campaign involves a large, padded executable file that shares similarities with the “Keyzetsu clipper” malware, targeting cryptocurrency wallets.

On April 3rd, the attacker updated the code in one of their repositories, linking to a new URL that downloads a different encrypted .7z file. The archive contained an executable named feedbackAPI.exe.

Threat actors padded the executable with numerous zeros…

Source…

Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Adapting authentication to a cloud-centric landscape
In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies.

What makes a good ASM solution stand out
In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete.

What does optimal software security analysis look like?
In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security.

PoC for no-auth RCE on Juniper firewalls released
Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit.

Easy-to-exploit Skype vulnerability reveals users’ IP address
A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret.

Qakbot botnet disrupted, malware removed from 700,000+ victim computers
The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world.

The removal of Qakbot from infected computers is just the first step
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software.

Cisco VPNs with no MFA enabled hit by ransomware groups
Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching…

Source…

How to remove Search Alpha from Mac

/in


Have you recently noticed suspicious browser redirects through “search-alpha.com” on your Mac? If the answer is yes, your Mac has contracted a Search Alpha virus, a browser hijacker that redirects web traffic to Microsoft’s Bing search engine.

This nasty piece of malware can fill your screen with unwanted ads, modify default browser settings, and direct you to shady websites filled with more dangerous viruses. This can lead to even more threats to your device and sensitive information.

In this article, we’ll explain step by step how to remove Search Alpha from your Mac. We’ll also offer the best Search Alpha removal tool.

Remove Search Alpha from Mac with TotalAV

TotalAV is the easiest way to remove Search Alpha or any other virus from your Mac. Its real-time online threat detection also prevents future infections.

What is search-alpha.com?

Search-alpha.com is a browser hijacker virus that redirects users’ web traffic to the Bing search engine.

Search-alpha.com

The data flow is first redirected through “search-location.com” and then jumps to “api.lisumanagerine.club”, which are well-known hijacking domains. Finally, the user is landed on the Bing search engine with unwanted ads or modified results.

Although Search Alpha is primarily designed to monetize web traffic on a Mac environment, browser hijackers are capable of more serious damage. They can collect private information like the original IP address, browsing, and search histories. Unwanted ads can contain spyware or keyloggers to extract online account credentials for possible financial damages.

Name Search Alpha virus
Type Browser hijacker
Affected devices Mac computers
Symptoms Unwanted redirects through “search-alpha.com”, altered browser default settings (home and new tab pages, default search engine), intrusive ads and pop-ups, unwanted apps and/or browser extensions, general decrease in device performance
Damage Personal data leak, increased risk of future contaminations, decrease in device and browser performance, identity theft


Protect your Mac with TotalAV

Similar scam examples

The Search-Alpha virus did not surprise our malware analyst because it’s a variant of the well-known Search Marquis browser hijacker. In…

Source…

How to delete your search history and why that’s important

/in


Some of the products written about here are offered in affiliation with AOL. We may receive a share from purchases made via links on this page. Pricing and availability are subject to change.

Beautiful south american woman working at computer at office

It’s a good idea to clear your browser history regularly. (Photo: Getty)

You may not give your search history much thought, but by practicing good browser hygiene, you can help maintain your privacy online.

Your computer’s search history is like a diary of your life. If you don’t delete it regularly, you might be exposing more sensitive data than you think. So it’s a good idea to clear your browsing history now and then. And if you ever use a public computer, always clear your search history after each session.

Installing and running a powerful tool like System Mechanic can assist in keeping your browsing history private. Quick Scan, a program that comes with System Mechanic, alerts you to any compromised privacy settings and helps find browser-stored passwords that may be vulnerable to hacking.

Try System Mechanic for 30 days free*

You can also help maintain your privacy while online by opening a private browsing window, called “incognito” in some browsers. You can close it when you’re done and delete your browsing history on the browsers you use.

However, it’s important to point out that when you clear, delete, or hide browsing history on-screen, you do not remove your visits to those websites. In other words, even though the next person to use your computer won’t be able to see where you’ve been if you clear your history, the sites you visit still can. If you’re concerned about websites sharing your data with a third party, installing a system tune-up like System Mechanic can help. The software helps prevent your private data from being shared with third-party companies.

Smiling man working at home

Use a public computer? Be sure to clear your browser history each time. (Photo: Getty)

Leaving breadcrumbs of your identity all over the internet can make it easier for scammers to collect enough information about your private life to deceive you.

“No matter what information someone contacting you already claims to have about you, never confirm or help fill out that data further, or provide them any additional information…

Source…