Malware

Cyber Blurbs: Anti-Piracy Malware Is Apparently a Thing

In this week’s Cyber Blurbs Roundup, we talk about anti-piracy malware, the problem with Peloton bikes, and a website aimed at identifying schools that may be violating student privacy.

Anti-Pirate Malware is A Thing

We’ll kick things off with what is easily one of the more unusual stories we’ve shared before. 

If you’ve spent any amount of time reading our blog, you’ve most certainly seen us talk about malware. Virtually 100% of those instances, the malware in reference has been designed to steal information from an unlucky victim. Whether it be passwords, sensitive company data, network access, or privacy, malware has almost always been used for malicious intent. 

Enter “Vigilante” — the unofficial name given to a piece of malware (credit: Andrew Brandt of SophosLabs) — which essentially prevents its victims from accessing websites that are known to provide pirated content. 

Think Batman... but instead of beating the snot out of criminals on the streets of Gotham, he’s hacking their computers to prevent them from stealing his movies from The Pirate Bay. 

According to ArsTechnica, Brandt encountered some of the trojan viruses embedded in software packages on Discord. He also said they were hiding behind the veneer of popular games, software tools, and security products found on BitTorrent. 

We won’t go into the specific details of how Vigilante is making this happen, but feel free to check out this writeup from ArsTechnica if you want to get pretty deep in the weeds. 

Peloton Bikes Patched After McAfee Report

Watch out, rich people, your very expensive stationary bike could put you at risk of a cybersecurity attack. Earlier this month, cybersecurity company McAfee published a report detailing the potential for hackers to gain access to Peloton’s machines. Peloton has since pushed an update to resolve the issue. 

Fortunately for the 1%, hacking a Peloton bike or treadmill isn’t possible without first having physical access to the machine. Hackers would first need to insert a USB device into the equipment’s touch screen tablet, which would then allow the malicious actor to have remote access to the device. 

After infecting the device, hackers would be able to install malware, intercept traffic, steal personal data, and control the camera and microphone featured on Peloton’s higher-end Bike+ and Tread+ (assuming users haven’t already returned the latter). According to McAfee, hackers would also be able to install malicious apps disguised as Netflix and Spotify that would then enable them to acquire login credentials (which, again, doesn’t have to be the end of the world if you use a password manager). 

Peloton’s update went live earlier this month, so be sure to keep an eye out for that if you haven’t updated your machine already. 

You can read McAfee’s full report here

Website Created To Identify Pro-eProctoring Schools

Turns out students value their privacy, too. That prompted a nonprofit named Fight for the Future to launch a website that allows users to easily determine whether colleges and universities plan to use virtual proctoring software this fall. 

Virtual proctoring software gained steam early in the pandemic, as schools looked for ways to keep students out of the classroom while maintaining academic integrity during exams. The software requires students to have their cameras turned on to ensure that they wouldn’t be cheating while taking a test at home. 

Many schools across the country plan on having students physically return to campus later this year, but it appears that many will also continue to employ the software in some capacity. The website — baneproctoring.com — offers a scorecard for each college and university on its list. 

“We asked prominent colleges and universities if they plan to use eproctoring in the 2021 fall semester. Some were happy to provide a statement confirming that their school is not using eproctoring and 'WON’T USE’ it in the future. Others ‘MIGHT USE,’ since they either failed to respond to our requests, or they issued a statement implying they might use this tech in the future. Even worse, many schools ‘ARE USING’ invasive proctoring apps and plan to do so in the fall. Scroll down to see whether or not your campus is experimenting on you.”

The list doesn’t cover every major academic institution at the moment, but it’s possible that the website creators are still waiting to hear back. 

RECENT POSTS