Stay up-to-date with this week’s bulletin featuring intriguing updates from across the globe, including insights into recent activities of threat actors and the latest advancements in the field of cybersecurity.
Over 60 Google Play Apps With 100M Installs Infiltrated by Android Malware
A recently discovered Android malware has infiltrated Google Play Store via 60 genuine applications with over 100 million downloads.
Dubbed “Goldoson,” the malicious software comes hidden in a third-party library used by all affected applications. McAfee’s research team discovered the malware and highlighted how the malware is a sophisticated threat that can collect data on installed applications, exfiltrate GPS locations, and collect data on WiFi and Bluetooth-connected devices.
Furthermore, the malware can also be employed for advertisement fraud via anonymous background clicks without the device owner’s consent. Here are some of the infected applications:
- L.POINT with L.PAY: 10 million downloads
- Swipe Brick Breaker: 10 million downloads
- Money Manager Expense & Budget: 10 million downloads
- GOM Player: 5 million downloads
The library has been removed from the store, and individuals should apply the latest updates to their mobile devices.
Tax Day Approaching: Accountants Targeted in Phishing Attack, Warns Microsoft
Microsoft has warned individuals of a large-scale phishing campaign targeting accounting enterprises and tax preparers.
With the US reaching the end of its tax season, threat actors target taxpayers with malicious files that install the Remcos RAT (Remote Access Trojan) to their devices.
“With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos remote access trojan (RAT) and compromise target networks beginning in February of this year,” said Microsoft.
Image sourced from statista.com
The phishing campaign starts with threat actors impersonating clients and containing links that use click-tracking services to evade detection and lead the victim to a ZIP archive on a file-hosting website. The ZIP archive downloads multiple PDFs to the devices that are actually Windows shortcuts to execute PowerShell to download the RAT to the devices.
To stay safe, individuals should enable the display of file extensions in their systems and refrain from opening unknown file extensions.
Dutch Police Sends Warning Emails to Raidforums Members Under Surveillance
The Dutch Police have sent emails to RaidForums members warning them to delete the stolen data and half of the malicious cybercriminal activities.
RaidForums, one of the most popular and notorious hacking and data leak websites, was seized in an international law enforcement operation with two members arrested.
The Dutch National Police announced this week that they had sent thousands of emails, letters, and stop calls to members of RaidForums warning them that their malicious activities are being monitored. The members are identified in the forum database that reveals the member’s email addresses and IP (Internet Protocol) addresses.
The Dutch Police have already arrested three individuals who were extorting organizations and are working with full force to stop threat actors worldwide.
Widespread Attacks Targeting NATO and EU Linked to Russian Hackers
Poland’s Military Counterintelligence Service and Computer Emergency Response Team linked state-sponsored threat actors to the latest attacks targeting NATO and European countries.
The cyberespionage group Cozy Bear harvests information from diplomatic organizations and foreign governments using spear-phishing emails and impersonates embassies. These phishing links contain links to malicious websites and attachments that deploy malware via various files.
The threat actors use SNOWYAMBER and QUARTERRIG downloaders to monitor and deliver additional malware. The threat actors also employ HALFRIG, a CobaltStrike Beacon stager.
The threat actors are still rampant, as outlined in the advisory, “At the time of publication of the report, the campaign is still ongoing and in development.”
Reddit’s Mobile App Users Experiencing Content Loading Issues and Downtime
Reddit has been investigating a global outage that prevents its users from accessing its mobile application.
The platform’s users reported unsolicited log-outs on the application and saw several content loading errors. Reddit confirmed that its native mobile applications were down, primarily affecting iOS devices. After 20 minutes, Reddit updated that the issue had been fixed.
However, according to Downdetector.com, Reddits reported experiencing connection issues. The activity could be related to the previous Reddit outage, but significant downtimes for one of the most influential social media and forum websites are alarming.
Reddit suffered a massive outage on 14 March 2023 and a 4-hour-long partial outage the month before.
KFC and Pizza Hut Owner Reveals Data Breach Following Ransomware Attack.
Brands, the brand owner behind multiple fast food chains, including KFC, Pizza Hut, and Taco Bell, sent some customers data breach notifications.
The organization sent these notifications to the individuals whose personal information was compromised in a ransomware attack on 13 January 2023. The organization clarified at the time that some data was stolen from its network.
However, they also outlined that there was no evidence that the threat actors exfiltrated customer information. The notifications inform customers that their personal information, including their names, driver’s licenses, or other identification cards, may be at risk.
Brands highlight that the investigation is ongoing and has found no evidence of the stolen data being used for fraud.