A game that cryptojacks, a town under seige, and more data breaches | Avast

Avast Security News Team, 3 August 2018

Steam game found to cryptomine, ransomware locks down an Alaskan city, and data breaches continue to spring up.

Steam game found to be secretly cryptomining

“Malicious cryptomining has become so popular among cybercriminals that it has earned its own name: cryptojacking,” states Avast security evangelist Luis Corrons. “It is one of the most popular ways to make easy money nowadays, and we have seen in the last months how thousands of vulnerable websites have been hacked to make their visitors cryptomine, or using ads to push cryptomining JavaScript.”

Corrons’ comments are in reference to the news this week that game developer Valve removed a game from its Steam platform for allegedly cryptomining using the unsuspecting players’ systems, as well as a couple of other offenses (like counterfeit digital items). The malicious game was called Abstractism, and featured a very minimalist 2D game of sliding squares around as you listen to relaxing music. Game instructions urged users to keep the game running even when they were done playing.

“This tactic of using a game is new,” says Corrons. “However, my bet is that it won’t become popular. In fact I’d say that these game developers didn’t think about it as a malicious action, for them it was just a way to make some money on the side. Being removed and banned from Steam will make everyone think twice before making such a bold move again.”

US DOJ arrests 3 high-ranking cybercriminals

The FIN7 cybercrime group has attacked hundreds of US companies, and the FBI believes it now has in custody three of the infamous group’s highest-ranking members. Fedir Hladyr (33), Dmytro Fedorov (44), and Andrii Kolpakov (30) all hail from Ukraine, and their federal indictments tie them to FIN7, AKA Carbanak Group, AKA Navigator Group. Each accused faces 26 charges, including identity theft, bank fraud, and conspiracy to commit computer hacking. Most commonly, FIN7 would go after fast-food and casual dining restaurants.

Restaurants all over the US have been under attack for the last few years, having their point of sale (PoS) terminals compromised,” comments Corrons. “We are talking about thousands of restaurants affected. At the end of the day, these PoS terminals are just computers with a card reader. To compromise them, cybercriminals install malware customized to extract debit and credit card information while customers pay. Usually some of the groups behind these attacks are from overseas, and being able to find them is really hard, let alone arresting them. This is really great news that the FBI caught these criminals.”

Ransomware drives Alaska town to typewriters

The Alaskan borough of Matanuska-Susitna dusted off its typewriters when ransomware locked up 500 desktop computers and 120 servers on July 24. A spokeswoman for the borough says their systems are in the process of being rebuilt, but in the meantime city staff were resourcefully continuing operations in analog style — using typewriters and writing by hand.

In addition to the computers and servers, the ransomware also affected the telephone network and key card entry system. “Though it initially appeared that our data was a complete loss,” says IT Director Eric Wyatt, “We have recently recovered data from the shared drives. There is optimism for the recovery of additional data.”

Surprise news on two data breaches

Back in June, we reported on the Dixons Carphone data breach, which purportedly affected 1.2M users. However, the electronics retailer announced this week that further investigation proved 10M users were affected — virtually 10 times the initial estimate. The company has not yet shared information on how the breach occurred, but chief executive Alex Baldock says, “We’ve been working round the clock to put it right. That’s included closing off the unauthorized access, adding new security measures, and launching an immediate investigation.” There has been no indication that the personal data which was breached has been used for fraud as of yet.

In stranger news, Yale University announced this week that it experienced a major data breach ten years ago. The school claims 119,000 people had their names, social security numbers, and in some case birthdates, physical addresses, and email addresses, compromised between 2008 and 2009. The university also found that another data breach occurred at some point between March 2016 and June 2018, where names and social security numbers of 33 people were stolen. As with the Dixons breach above, there is no evidence that the breached info has been misused. But, we recommend if you believe your credentials were part of any of these breaches to change your passwords now.  



Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today’s cyberthreats and how to beat them at blog.avast.com.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.