Source: National Cyber Security – Produced By Gregory Evans
Be extra careful the next time you visit a suspicious-looking eBay store page. According to Help Net Security, researchers from the Check Point security firm have discovered a vulnerability in the eBay platform that allows criminals to distribute malware by bypassing the site’s code validation process and control the code themselves. MUST SEE: 15 paid iPhone apps on sale for free right now Here’s how it works: an attacker sets up a store page with listings for products. On the page, a pop-up message will appear telling customers that they can receive a limited-time discount if they download the eBay mobile app. By clicking the download button, the user will unknowingly download the code and put their device at risk. “The eBay attack flow provides cybercriminals with a very easy way to target users: sending a link to a very attractive product to execute the attack. The main threat is spreading malware and stealing private information. Another threat is that an attacker could have an alternate login option pop up via Gmail or Facebook and hijack the user’s account,” said Oded Vanunu, Security Research Group Manager at Check Point. Although Check Point made eBay aware of the vulnerability on December 15th, 2015, […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Unpatched eBay vulnerability leaves shoppers at risk of downloading malware appeared first on National Cyber Security.
View full post on National Cyber Security