The full repercussions of the Covid-19 pandemic will be felt for years, but one more immediate ripple is already occurring. Microsoft this week shared research that shows how ransomware hackers are seizing on this moment of uncertainty, springing traps that were laid months ago.
The novel coronavirus has also sparked a debate over voting by mail, which despite the partisan rift doesn’t favor one party over the other in practice. Kicking white nationalists and other extremists off of your platform also seems like it shouldn’t be controversial, and yet Steam continues to give neo-Nazis and other bad actors a wide berth.
We also took a look at a hacking group that managed to sneak malware into the Google Play Store repeatedly over several years. And we explored fleeceware, which isn’t malware exactly but is sneaky, as developers hide exorbitant fees for rudimentary apps.
And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
The Office of the Director of National Intelligence released a brief statement this week confirming that “the Covid-19 virus was not manmade or genetically modified.” It left open the possibility that it may have originated in a Chinese lab, but did tamp down some of the rampant, unfounded speculation from certain conservative commentators and politicians. (The scientific community dismissed those rumors from the start, but it’s nice that the spies have caught up.) The statement also comes as the White House has reportedly pressured the intelligence committee to find links between Covid-19 and China, a type of “conclusion shopping” that critics say may result in less reliable reports.
A complicated chain of attacks that involves viewing a GIF would have let hackers take over an entire organization’s Microsoft Teams accounts. According to new research this week from security firm CyberArk, the malicious file could be paired with a subdomain takeover vulnerability to wreak havoc for anyone using the Teams browser or desktop versions. Microsoft fixed its misconfigured DNS records in late March, and pushed a patch on April 20 that should prevent the problem from popping up again in the future.
Stop us if you’ve heard this one: Android malware poses as a legitimate app, only to steal your credentials once installed. That’s EventBot in a nutshell, according to new research from security firm Cybereason. One unfortunate added trick: EventBot also intercepts your two-factor authentication codes, meaning it can break into the accounts whose passwords it stole with relative ease. The good news is that EventBot appears not to have slipped into the Google Play Store yet, meaning as long as you stick to official channels you should be fine. (Unless you’re being targeted by a sophisticated nation state hacking group, in which case you’re… not fine.)
The NSO Group sells spyware to governments around the world, and has been at the center of several controversies over how its software gets used. WhatsApp recently sued the company, alleging that its Pegasus malware had been used against journalists and human rights advocates. This week, Motherboard reports that several years ago an NSO Group employee used the company’s powerful surveillance tools to look up a woman he knew personally. It’s a jarring report, and a reminder that companies too often don’t put tight enough controls on who can access their most sensitive systems.
More From WIRED on Covid-19