Chinese Budget Shopping App, Pinduoduo, Temporarily Suspended on Google Play Store Over Malware Concerns

The discovery of malware on certain versions of the Chinese budget shopping app, Pinduoduo, has led to the app’s temporary suspension on the Google Play Store. News of the ban came shortly after Shein, another Chinese shopping giant, was caught copying clipboard content on Android phones of users who were using an older, non-updated version. Google has enforced its Play Protect software, which scans installed Android phone apps for malicious behavior, to block the installation of these apps and prompt users to uninstall them if they have already downloaded them to their devices.

Pinduoduo has confirmed that it is in talks with Google to analyze its next steps. The platform has over 900 million users and is one of China’s most popular e-commerce platforms. Last year, Pinduoduo’s US-listed parent company, PDD, launched the online shopping platform Temu in the US. It has since become the most downloaded app in the US for iOS and Android, with 24 million downloads since its launch in September.

In a statement, Pinduoduo said that “we strongly reject the speculation and accusation by some anonymous researcher and non-conclusive response from Google that the Pinduoduo app is malicious.”

Read: https://www.hackread.com/google-suspends-china-pinduoduo-app-malware/


Meta’s former trust and safety manager among the targets of Predator hack

According to officials involved in the case, a US citizen was hacked and placed under a yearlong wiretap with a powerful cyberespionage tool. The spyware known as Predator, which was used to infect her device, is marketed by an Athens-based company and has been exported from Greece despite potentially breaching European Union laws.

Artemis Seaford, a dual US-Greek national who spends much of her time in Greece, was working for Facebook’s parent company Meta at the time of the hack. In her role at Meta, Seaford worked on policy questions on cybersecurity and maintained working relations with Greek and other European officials.

She discovered she had been hacked on seeing her name on a leaked list of spyware targets in the Greek media last November. She took her phone to The Citizen Lab at the University of Toronto for forensics. Their lab reports confirmed that Seaford’s mobile phone had been hacked with the Predator spyware in September 2021.

The same spyware was at the center of a similar illegal wiretapping scandal last year. Greek politicians, state officials, journalists, and other notable families were targeted and had their devices infected. Greek newspaper Documento published the story with a list of affected individuals’ names.

The Greek government’s response has mostly been opaque. Giannis Oikonomou, the government spokesperson, denied that the Greek authorities and security services had acquired or used Predator. “The alleged use of this software by nongovernmental parties is under ongoing judicial investigation,” he said.

“Greece was among the first countries in Europe that passed legislation banning the sale, use and possession of malware in December 2022, which has the most severe legal consequences and strict penalties for individuals and legal entities involved in such an offense,” he added. Meanwhile, European Union lawmakers have launched their own investigation.

Read: https://www.nytimes.com/2023/03/20/world/europe/greece-spyware-hacking-meta.html

SpaceX RaptorV2 Documents Leaked in Latest LockBit Ransomware Attack

The LockBit ransomware group has managed to penetrate Elon Musk’s SpaceX program via the latter’s third-party contractor, Texas-based Maximum Industries. LockBit claims to have gotten hold of some 3000 SpaceX engineering drawings from Maximum Industries and has leaked several of these documents as proof of its claims, along with a signed non-disclosure agreement. LockBit is now trying to blackmail SpaceX, demanding that Elon Musk himself should come to the negotiating table.

One of the designs the ransomware gang has leaked seems to be a part of the Raptor V2 engine schematic. The Raptor is the proprietary engine used by the SpaceX launch vehicle, and the V2 is an improvement on the original decade-old model. LockBit posted these samples on March 13 and is now threatening to auction the designs off to the aerospace pioneer’s rival competitors if negotiations are not initiated within a week of the initial leak.

This is not the first time SpaceX documents have been breached due to a third-party leak. The exact same scenario occurred three years ago when the DoppelPaymer ransomware gang broke into the SpaceX and Tesla contractor Visser Precision, stole internal documents from both companies and threatened to leak them if not paid off. However, in that scenario, the criminals targeted Visser Precision for payment. When the third-party vendor refused to pay, DoppelPaymer leaked the documents the following month. The LockBit ransomware group may have learned from DoppelPaymer’s previous attack, as evidenced by its decision to go after Elon Musk directly.

Read: https://www.cpomagazine.com/cyber-security/spacex-third-party-vendor-hit-by-lockbit-ransomware-gang-claims-that-it-stole-engineering-schematics/

Apple to Monitor Employee Attendance Amid Back-to-Office Controversy

According to a report by the New York Post, Apple will reportedly monitor employee attendance to ensure they comply with a company requirement that they report to the office at least three days a week. The iPhone maker will review badge records to track attendance at its corporate offices in an effort to crack down on workers who ignore the back-to-work mandate. Employees who fail to return to their desks three days a week could be fired, though it is unclear if the company has adopted that as an official policy.

Apple’s monitoring of employees’ badge information appears to contradict the firm’s claim to be conscious of protecting users’ privacy and data. Apple employees have chafed at management’s return-to-office edict, which was announced last year following the lifting of coronavirus lockdown measures and the mass vaccination campaign nationwide. In August, more than 1,200 Apple employees signed a petition denouncing the company’s return-to-office order, which was implemented on Labor Day.

Last spring, several Apple employees took to social media platforms, including Blind, to vent about the company’s demands for in-office work. Some employees even threatened to quit over the issue. Ian Goodfellow, who worked as Apple’s director of machine learning, abruptly resigned in May in response to the company’s return-to-office mandate. Goodfellow joined Google’s DeepMind division as a contributor.

Read: https://nypost.com/2023/03/23/apple-will-spy-on-workers-to-enforce-return-to-office-mandate-report/

Redis Bug Causes ChatGPT User Data Exposure

On March 20, 2023, OpenAI announced that a flaw in the Redis open-source library caused the exposure of personal information and chat titles of other users in their ChatGPT service. This defect allowed some users to see short summaries of other users’ conversations in the chat history sidebar. As a result, OpenAI temporarily shut down the chatbot.

The issue stemmed from the redis-py library. When requests were canceled, it could lead to corrupted connections and unexpected data being returned from the database cache. In this instance, data from an unrelated user was returned. A server-side change by OpenAI by mistake resulted in increased request cancellations and a higher error rate.

Although the problem has been resolved, OpenAI stated there may have been further consequences. Payment information for 1.2% of ChatGPT Plus subscribers may have been revealed on March 20 between 1-10 a.m. PT. This included the name, email address, payment address, the last four digits of the credit card number, and the credit card expiration date of another active user.

OpenAI has contacted affected users to inform them of the accidental leak. The company also added additional checks to ensure that data returned by their Redis cache corresponds to the user making the request.

Read: https://thehackernews.com/2023/03/openai-reveals-redis-bug-behind-chatgpt.html

GoAnywhere ransomware attack

A group of hackers named Clop, have taken responsibility for a series of ransomware attacks. They claim 130 of them so far. 

GoAnywhere, a popular file transfer program software, is their way in. 

TechCrunch has learned many organizations were affected by the attack and contacted them.
They include the City of Toronto for example. 

Read: https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

Google Pixel: Cropped or edited images can be recovered

If you ever edited out things you wanted to keep off photos you shared, on a google pixel, here’s a surprise: they maybe recoverable. 

Researches have published a proof of concept on how the aCropalyse bug can be exploited in certain scenarios. There’s also an online tool provided that allows you to check if your cropped images are vulnerable. 

Read: https://www.malwarebytes.com/blog/news/2023/03/google-pixel-cropped-or-edited-images-can-be-recovered

Elsewhere online:

Adobe confirms ColdFusion flaw which allowed for “limited attacks”
Read: https://thehackernews.com/2023/03/cisa-issues-urgent-warning-adobe.html

Threat Actors Discovered Abusing Google Ads to Distribute BatLoader Malware
Read: https://cyware.com/news/hackers-push-batloader-via-google-search-ads-37dcab32/

Windows11 Vulnerable to “aCropalypse” Bug, Leaving Modified User Images Susceptible to Reconstruction
Read: https://nakedsecurity.sophos.com/2023/03/22/windows-11-also-vulnerable-to-acropalypse-image-data-leakage/

Leading Cloud Security Solution for SaaS Companies, Lightspin, Launches Remediation Hub to Target Cloud Security Threats
Read: https://www.darkreading.com/cloud/lightspin-launches-remediation-hub-to-identify-and-fix-cloud-security-threats

Mysterious Crypto Trader ‘Smartestmoney’ Profits from Market Turmoil
Read: https://crypto.news/mysterious-crypto-trader-quit-ftx-and-svb-just-before-they-collapsed/