Be ever mindful of the possibility that your website or credit card are being hacked by intruders seeking your personal data, Tara Seals advises on ThreatPost.com.
“A new version of the IcedID banking trojan has debuted” she writes, “that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity.
“Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the United States spreading the malware. The messages use the COVID-19 pandemic and the Family and Medical Leave Act (FMLA) as their theme, including using related keywords in email sender names and attachment names..
“The attachments are boobytrapped with malicious macros that, if opened, execute the IcedID banking trojan, which has been around since 2017. IcedID specializes in mounting man-in-the-browser attacks to intercept and steal financial information from victims. In the latest campaign, it harvests credentials and payment-card data from Amazon.com, American Express, AT&T, Bank of America, Capital One, Chase, Discover, eBay, E-Trade, J.P. Morgan, Charles Schwab, T-Mobile, USAA, Verizon Wireless, Wells Fargo and others.”
It’s one thing for the web to be your window on the world, quite another to have intruders peering in. It happens, be mindful of that.