Cyber Security Today, Oct. 22, 2012 – A new ransomware strain discovered, a scam hijacks YouTube accounts and watch those open source code libraries

A new ransomware strain discovered, a scam hijacks YouTube accounts and watch those open-source code libraries.

Welcome to Cyber Security Today. It’s Friday October 22nd. I’m Howard Solomon, contributing writer on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Evil Corp., believed to be the gang behind ransomware strains called WastedLocker, Hades, Phenoix Locker and PayLoadBin, has created another brand. Called Macaw Locker, it is thought to be the ransomware strain that hit optical equipment maker Olympus and the U.S. Sinclair chain of TV stations this month. The discovery of Macaw Locker by security firm Emsisoft was reported by the Bleeping Computer news site. It says victims of the new strain have faced ransoms for up to $40 million. There is speculation that by adopting a bunch of different names Evil Corp. is trying to avoid U.S. sanctions forbidding American companies from negotiating with certain named groups

Creators of YouTube videos have a lot of fun, especially if their flicks pull in lots of followers, and, if they’re lucky, money. This is why their sites are targets for hackers. In a column this week Google – which owns YouTube – outlined how crooks are tricking thousands of YouTube creators into giving up control of their sites. The crooks, in turn, sell that control to others who use the sites to spread malware including cryptomining apps. Here’s how it’s done: The hacker sends emails with fake collaboration opportunities, like a link to a demo for anti-virus software, a virtual private network app, a music player or photo editing app. The pitch is something like, ‘Try our product, promote it and you’ll get more viewers and we’ll buy an ad.’ Some pitches are for COVID-19 news. When a victim downloads the software, it steals their YouTube login username, password and pieces of code called cookies from their browser. This kind of attack gets around a victim’s use of multifactor authentication for security. The scam works partly because many YouTube creators are looking for lots of viewers. In some cases the pitch looks genuine because the crook has created a copy of a legitimate company’s web page. Google has been trying since May to detect and remove these phony pitches. In addition, it has restored more than 4,000 YouTube accounts to their rightful owners. For their part YouTube content creators have to be smarter. If your browser or antivirus warns of suspicious activity, take it seriously. Never turn off antivirus even if an application says that has to be done to download software. After downloading any file or app and before installation scan it with your antivirus software. That’s what’s there for. And protect a YouTube account with multifactor authentication. Note that starting November 1 monetizing YouTube creators must turn on two-step verification on their accounts.

Hackers are increasingly trying to sneak malware into widely sold or distributed applications used by companies rather than directly infect organizations. The latest example was discovered by a security firm called Sonatype. In a blog this week Sonatype described how it found three malicious software libraries in the open-source NPM code registry. It’s a public collection of packages of code needed by JavaScript developers. Anyone with an account can contribute code packages. The three libraries disguised themselves as legitimate code, but in fact they launch cryptomining functions on victims’ Windows, macOS and Linux computers. They were quickly taken down after NPM was notified. But the incident is an example of why developers relying on outside code have to regularly scan for malicious code.

Canadians are getting phony recorded calls claiming to be from the Canada Border Agency. The recorded message says the agency has seized a package in your name. You’ll be asked to press a number so a support person can speak to you. What this scam is after is personal information, like your name and credit card number. If you get a recorded call like this, hang up.

Finally, later this afternoon the Week in Review podcast will be available. Today’s discussion will focus on how small businesses can lower their risk of being victimized by a cyber attack.

As always to details about podcast stories are in the text version at Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Pragya Sehgal
Pragya Sehgal
Born and raised in the capital city of India - Delhi - bounded by the river Yamuna on the west, Pragya has climbed the Himalayas, and survived medical professional stream in high school without becoming a patient or a doctor. Pragya now makes her home in Canada with her husband - a digital/online marketing fanatic who also loves to prepare beautiful, healthy and delicious meals for her. When she isn’t working or writing around tech, she’s probably watching art films on Netflix, or wondering whether she should cut her hair short or not. Can be contacted at [email protected] or 647.695.3494.

Follow this Cyber Security Today

More Cyber Security Today