Skip to main content

Thursday Threat Report: Chinese phones crammed with malware, the Sage email scam, and the Dominos Pizza breach

Welcome to ITProPortal's Thursday Threat Report, where we round up the three greatest security threats facing Internet users, smooth-running enterprise, and occasionally even the survival of the world as we know it. Hold onto your hats - things are about to get scary.

Chinese whispers

How can you infect your smartphone with malicious software without downloading dozens of questionable apps? Simple. Buy a phone that's already infected!

Yes folks, spyware already comes preloaded on the Star N9500 and possibly the Orient N9500, Android smartphones manufactured in China and sold on Amazon and eBay.

According to a German security company G Data, the spyware, called Uupay.D, is capable of intercepting personal data transmitted over the phone, such as banking data, phone calls, email messages and text messages.

One pizza, hold the massive data breach

Hacking group Rex Mundi has stolen the details of some 650,000 Domino's Pizza customers in France and Belgium, and threatened to publish that data in full unless the company coughs up a cool €30,000 (£24,000).

On Friday, Rex Mundi announced on its Twitter feed: "We hacked the websites of @dominos_pizzafr & Domino's Belgium, and downloaded 600,000+ customer records."

The group then followed up that tweet: "If you're a @dominos_pizzafr customer, u may want to know that we have offered Domino's not to publish your data in exchange for 30,000EUR."

While it appears only French and Belgian customers have been compromised, all users should be careful of using the same password on incidental accounts like Dominos Pizza and their critical accounts like banking and email.

Sage advice

If you use Sage accounting software, or any of the company's services, then be aware that an email scam is doing the rounds with the express intention of loading your PC up with malware.

Security expert Graham Cluley brought this to the attention of the Internet at large, posting on his blog after he'd received a fake email purporting to be from Sage (it was from a address). The email consists of a demand to pay an outstanding invoice.

It simply reads: "Please remit BACs before 12/06/2014. Please view complete invoice please click here."

Highly unconvincing, of course, with all the usual clues of a scam including being overly brief, and poorly written with a minimum of effort made. Don't get caught out!