An old hacking technique is getting new attention
It underscores the fact that people must exercise extreme caution when it comes to deciding who to trust and where to download files from.
Hackers have long been in the business of spoofing legitimate sites; making exact replicas of popular websites offering a variety of free downloads.
Of course, instead of getting genuinely useful code, you find yourself on the poisoned domain. Rather than the legitimate site, what you download will be malware of one type or another.
It offers the Smart Game Booster
The most recently discovered instance of this involves the Smart Game Booster site (the legit game site). It's a legitimate piece of code that helps to improve the performance of the games you play, and it has become popular enough that it's caught the attention of at least one hacking group. That group cloned the site and pretends to offer the same product.
In this case, though, the malware the hackers deploy is one of the more insidious we've seen. Unlike many malware attacks which latch onto a system with a persistent presence, this one runs only once and then deletes itself. Even more alarming is that it leaves no trace that it was ever there.
It collects your critical files and sends them to the hackers
When it runs, it scans the infected device for passwords, your browser history, any cryptocurrency wallets you may have, and a wide range of other critical files. It collects these and sends all the data to its command and control server, and then self-destructs.
With no outward sign, many users will be completely unaware that there's a problem until they start seeing suspicious charges on credit cards, noticing funds being removed from bank accounts and the like. By then, of course, it's far too late.
Our perspective
The bottom line here is simple: Be mindful about where you download files from. Check your URLs, and unless you can avoid it, never stray far from the big, well-respected sites like the Apple Store, Microsoft Store, or Google Play Store. It's just not worth the risk.
As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.
