BYOD – bring your own device – probably every organisation has non-company devices handling sensitive information.
Threat actors have created a trojanised version of a legitimate game installer that they are promoting through side channels to attract users (victims) to install it. The Super Mario game is installed and works but crypto miner and information stealing malware is also installed and communications established to malicious servers.
Trojanized Super Mario game used to install Windows malware (bleepingcomputer.com)
Your BYOD takeaway
Issuing company laptops will quickly address this sort of attack. If your team cannot install unauthorised software on their company equipment then “no Mario malware”. When your people are using their own equipment and where that equipment is shared with their children, then you have a problem. Modern browsers and apps do address keeping credentials and information safe – but hackers work to break this security – and the Umbral Stealer does just that stealing credentials and sessions among other things.
This is the risk you are taking when you do not exercise control over any BYOD equipment used to process your information.
Clive Catton MSc (Cyber Security) – by-line and other articles
