Cyber-Security: WOROK – Powerful Malware Hidden in .PNG Images

WOROK: Powerful Malware Hidden in .PNG Images


“Unless it’s your first day on the internet, you’re probably aware that downloading certain files can be a serious mistake. It doesn’t take a cybersecurity expert to know that double-clicking the TotallyNotAVirus.exe file that mysteriously appeared in your downloads folder is a bad idea. If you’re a bit more security conscious, you probably also know that PDF files, Excel spreadsheets, and Word documents can also contain malicious code. But how many times have you considered the possibility of malware hidden inside an image file? A sophisticated hacking group known as Worok has developed a new type of malware that can be concealed in innocuous-looking PNG images, and they’ve been using it to target governments and large corporations around the world.”


Cyber-Security Threat Update: Don’t Get Juice-Jacked

You are racing through the airport. The low power light is blinking red. You are desperate to plug into any outlet you can find.

Watch out.

You could get juice jacked.

Guess what? In every smart phone—no matter what the model—power and data flow through the same USB port and power cable. That creates a potential attack vector for a malicious actor to break into your device. A virus could be injected right into the phone. That’s a problem. There are some nasty bugs out there.

Another possibility is that a hacker could use the power cord like a vacuum cleaner and suck all kinds of data off your phone. Hackers can do an awful lot with the information they steal including identity theft. The FBI described a stolen identity as “a powerful cloak of anonymity for criminals and terrorists…and a danger to national security and private citizens alike.”

There are already lots of ways to break into your phone—the most common is when users log on to an unsecured wifi site.

Sneaking in through the power cable—called “juice jacking”–is now another concern.

At the 2011 DEF CON security conference, researchers from Aries Security showed how this scam might work. They built a charging kiosk and installed it on the conference floor.  Security “professionals” plugged in all day long. When they did, they got flashed a message—“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent.”

For now, the danger seems mostly just a possibility. Seems like hackers are finding plenty of other ways to wreak havoc on smart phone users.

Still, better to be safe than sorry.

There are some common sense practices for avoiding juice jacking.  There is also a suggested tech protection—a USB condom.

Read the Original Article at PJ Media