Malware Disguised as Popular Apps Targets Android Users

Android users are facing a new threat as hackers disguise malware as popular apps like Instagram, Snapchat, and WhatsApp. The SonicWall Capture Labs threat research team reports these malicious apps aim to steal sensitive data, including contacts, messages, call logs, and passwords.

These apps appear legitimate, using familiar logos and names to deceive users. Upon installation, they request access to the Android Accessibility Service and Device Admin Permission. If granted, the app gains full control of the device. SonicWall explains that by requesting these permissions, the malicious app seeks to gain control over the victim’s device, potentially enabling it to perform harmful actions or steal sensitive information without the user’s knowledge or consent.

The malware connects to a hacker-controlled server to receive further instructions. It can read messages, access notification data, send messages, install more malware, and open malicious websites for phishing. Additionally, it redirects users to fake login pages of services like Facebook and Netflix, prompting them to enter their credentials.

Researchers suspect distribution via phishing sites, emails, text messages, or bundled with pirated software. To protect yourself, download apps only from the official Google Play Store and be cautious of apps requesting excessive permissions. Stay vigilant against this deceptive cyberattack.

Read: https://www.hackread.com/android-malware-whatsapp-instagram-snapchat-data/

Government Shuts Down 1,000 Skype Accounts in Massive Cyber Crime Crackdown

The Indian government has blocked over 1,000 Skype accounts operated by cross-border cybercriminals. These criminals engaged in online intimidation, blackmail, extortion, and “digital arrests.” The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, announced this crackdown on Tuesday.

The I4C warned internet users about the increasing number of complaints involving criminals posing as officials from regulatory and enforcement agencies. These cybercriminals have caused significant financial losses to victims. Citizens are urged to report such incidents by calling 1930 or visiting www.cybercrime.gov.in.

The scams, often referred to as the “parcel scam,” involve fraudsters informing victims about a parcel containing illegal items like drugs or fake passports. In other cases, the criminals claim that a relative of the victim is involved in a crime or accident, demanding money for their release. “A demand for money is made to compromise in the ‘case’,” the statement explained.

The Home Ministry is collaborating with various ministries, the Reserve Bank of India, and other organizations to combat these frauds. “I4C has also blocked more than 1,000 Skype IDs involved in such activities, in collaboration with Microsoft,” the statement added. The initiative also includes blocking SIM cards, mobile devices, and mule accounts used by the fraudsters.

Read: https://www.ndtvprofit.com/law-and-policy/government-blocks-1000-skype-accounts-in-cybercrime-crackdown

LockBit Black Ransomware Rampage: Millions Targeted in Global Email Campaign

Millions of messages carrying LockBit Black ransomware were distributed daily from April 24, 2024, by the Phorpiex botnet, according to Proofpoint. It’s the first time LockBit Black has been seen at such volumes, indicating a significant shift in cybercrime tactics. The emails, purportedly from “Jenny Green” at jenny@gsd[.]com, contained ZIP files with executable attachments, initiating the ransomware download from Phorpiex infrastructure.

Proofpoint researchers highlighted the indiscriminate targeting across various sectors globally. Despite the attack’s apparent simplicity, its sheer volume raises concerns. The ransomware’s execution relies on user interaction, with the .exe file initiating network calls to Phorpiex.

Although the campaign’s origin remains unattributed, Phorpiex has a history dating back to 2011, evolving into a Malware-as-a-Service. LockBit Black, a variant of the LockBit ransomware, surfaced in June 2022, with its builder leaked in September of that year, granting access to sophisticated ransomware capabilities.

The resurgence of ransomware as a primary payload in email campaigns marks a significant departure from previous trends, with LockBit Black’s scale echoing past malware epidemics like Emotet. This shift underscores the evolving threat landscape and the need for updated defense strategies.

Read: https://www.proofpoint.com/us/blog/threat-insight/security-brief-millions-messages-distribute-lockbit-black-ransomware

Meta Adopts Global Human Rights Norms Over US Free Speech Standards

The Meta Oversight Board has adopted international human rights norms over US free speech principles, sparking debates about censorship and surveillance. Kenji Yoshino, a member of the Oversight Board, emphasized this shift, stating, “Our baseline here is not the US Constitution and free speech, but rather international human rights norms.”

Critics argue that such ambiguity may lead to biased interpretations and abuse. Yoshino, from the William J. Brennan Center for Justice, defended the decision, citing Meta’s global reach and the need to align with diverse speech values worldwide. However, the disparity between US and international norms, particularly regarding hate speech laws in Europe, raises concerns about achieving a balance in content moderation policies.

With the looming threat of censorship ahead of crucial elections, Meta’s stance has drawn skepticism, especially amid reports of resumed collaboration between the FBI, CISA, and social media platforms. This resurgence fuels fears of coordinated censorship efforts, both externally through government pressure and internally within Meta.

Read:https://reclaimthenet.org/metas-oversight-board-adopts-international-norms-instead-of-us-free-speech-principles

Google Cloud Misconfiguration Deletes UniSuper Account Causing Week-Long Outage

Google Cloud inadvertently deleted UniSuper’s online account due to a “one-of-a-kind” misconfiguration. This incident left over 620,000 UniSuper members without access to their superannuation accounts for a week. Services began restoration on Thursday, more than a week after the outage started.

UniSuper CEO Peter Chun reassured members that the outage was not caused by a cyber-attack and confirmed that no personal data was compromised. The issue originated from a misconfiguration in Google Cloud’s service. Chun and Google Cloud CEO Thomas Kurian issued a joint apology, calling the incident “extremely frustrating and disappointing.”

Kurian explained that an unprecedented sequence of events during the provisioning of UniSuper’s private cloud services led to the accidental deletion of the account. This was a first for Google Cloud globally. Measures have been taken to prevent such an event from recurring.

UniSuper’s usual duplication strategy failed due to the deletion affecting all geographical backups. Fortunately, backups with another provider allowed for service restoration. Chun highlighted, “These backups have minimized data loss and significantly improved the restoration process.” Both UniSuper and Google Cloud worked intensely to recover the private cloud, including hundreds of virtual machines, databases, and applications. UniSuper manages approximately $125 billion in funds.

Read:
https://www.theguardian.com/australia-news/article/2024/may/09/unisuper-google-cloud-issue-account-access

FBI, DoJ Shut Down BreachForums, Launch Investigation

In a move that shocked absolutely no one, the FBI and DoJ finally pulled the plug on BreachForums. The site, once a bustling digital flea market for all things illegal, now proudly displays an FBI sign and a plea for snitches to step forward. The message reads, “We are reviewing this site’s backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us.” Thrilling stuff.

The forum’s Telegram channel also got a makeover, announcing its seizure with a similar message. The site now features mugshot-style profile pictures of administrators “Baphomet” and “ShinyHunters” behind virtual bars, with logos from global law enforcement agencies adding an international flair. After a year-long game of cat and mouse following the arrest of its founder, the forum that once replaced RaidForums has finally met its demise. The FBI, which has been investigating the group since June 2023, couldn’t be happier to see it go.

Read: https://www.darkreading.com/threat-intelligence/fbi-doj-shut-down-breachforums-launch-investigation

Elsewhere Online:


Cybercriminals Exploit One-Time Passcodes in Rampant SIM Swap Attacks
Read:https://techcrunch.com/2024/05/13/cyber-criminals-stealing-one-time-passcodes-sim-swap-raiding-bank-accounts/

Ebury Botnet Expands to Crypto and Financial Theft in Record-Breaking Year
Read: https://www.infosecurity-magazine.com/news/ebury-botnet-diversify-crypto-theft/

Exposing MITM Vulnerability in FIDO2: How Attackers Bypass Phishing-Resistant Security
Read: https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/

Critical Google Chrome Zero-Day: New Exploit Escapes Sandbox, Poses Severe Threat
Read: https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape

Kaspersky Unveils Alarming Global Spike in APTs, Hacktivism, and Sophisticated Cyber Attacks
Read: https://www.hackread.com/kaspersky-rise-apt-hacktivism-targeted-attacks/

Previously on #AxisOfEasy