Cyber security news roundup: malicious Chrome extensions, COVID-19 inspired attacks, Zoom vulnerability for Windows 7 users & more

In an increasingly digital world, cyber security issues are an inevitable (and ever-growing) part of the landscape. As a result of COVID-19’s increased effect on security breaches, this continues to be a hot topic in local, national and international news coverage. Here is a brief roundup of some of the most interesting recent news items from the past month.

Malicious Google Chrome extensions found available for download in Chrome store

Malicious applications (apps) made their way into the Google Chrome store, disguised as legitimate apps. Once installed, these apps took screenshots, read data and stole login information from users. Google has since prevented more than 100 malicious Chrome extensions.

Takeaway: Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices. Learn how to protect yourself against malware.

Tim Hortons mobile app tracks more than meets the eye

Tim Hortons is under scrutiny for not disclosing the high level of user location tracking made possible through their app. The company’s app uses technology that checks locations on mobile phones, uses GPS coordinates to infer the location of customers’ homes and workplaces and notes every time they may have visited a competitor. However, Tim Hortons does not disclose this level of information to app users.

Takeaway: Privacy practices are not always as they seem. Managing settings on your devices to disclose as little information as possible is a good start. Turn off locations services when available or only enable location settings when the application is in use.

COVID-19 lockdown inspires malware attack on fashion retailer

One day after closing all 3,000 of their stores due to the COVID-19 lockdown, fashion retailer Claire’s online presence was hacked. Payment skimmers and malicious code were added to their online stores to steal customer data and credit card information.

Takeaway: Online shopping is always a risk, even if the retailer is legitimate and the website appears to be safe. Once notified by Sansec, Claire’s confirmed that they identified and removed the unauthorized code and took additional measures to reinforce the security of their e-commerce platform.

Fake COVID-19 tracing app with ransomware targets Canadians

Shortly after Prime Minister Justin Trudeau announced the approval of a nationwide COVID-19 tracing app, hackers took advantage and launched a fake government website with a malicious app for download. Once downloaded, the app activated a program that stole the user’s data and held it for ransom.

Takeaway: Malicious websites are designed to look very convincing. Check the website URL to confirm you are on a legitimate website before downloading files or providing personal information. In this case, Communications Security Establishment researchers were able to crack the app’s code and wrote a decryption tool that rescued victims’ data.

Outdated Windows versions puts users at risk through Zoom software

A researcher discovered a vulnerability for Windows 7 (or older) users who are running the Zoom video conferencing software on their devices. To exploit the Zoom vulnerability, an attacker simply tricks the user into opening a document file.

Takeaway: Enable automatic updates on your devices. By ensuring your computers and mobile devices install these updates promptly, you make it much more difficult for hackers to succeed.

 

For more tips on staying safe online, visit the Remote Security Matters webpage.