What happens when a known application becomes a source of threat? The cyber world is witnessing newer innovations every day, but so are the intentions of cyber adversaries. Here are this week’s news headlines to keep you updated on what went around in the cyber world
Beware of Fake Netflix App Flixonline
Adversaries are back with an innovative wormable Android malware that uses Whatsapp messages to spread on a users’ device and monitor their notifications. Going by the name of FlixOnline, the malicious app could evade Google Play Store’s cybersecurity tools and has been downloaded over 500 times in the last two months.
The application monitors a user’s WhatsApp notifications and replies to incoming messages using a payload it receives from a remote command-and-control (C&C) server. Once operational, FlixOnline also creates fake Login screens and steals user credentials from other apps. Using this relatively new and innovative technique, adversaries can send malicious texts to the victim’s contacts on Whatsapp and even blackmail the victim of leaking their sensitive Whatsapp chats and media.
A similar Whatsapp-linked attack campaign was in talks recently. FlixOnline looks inspired by this fake Huawei app and could even be a creation of the same threat actors. Either way, this looks like the new hacker move, which is here to stay. Users are advised to check applications for authenticity before downloading them, even when the links seem to come from trusted contacts or appear on the official PlayStore.
Chinese Hacker Selling Private Videos of People
What would you say if you find out that the home camera you got for security breaches your privacy? Imagine spending a night at a hotel and others viewing what you do there! Adversaries in China are selling stolen videos from cameras at private properties in the Hubei, Guangdong, and Hunan provinces in China. While nudity videos sell for $8, those filming someone spending a night in a hotel room costs $3. The hackers even have packages of home videos where camera credentials for ten households cost $11. Ten hotels and households come for $23, whereas twenty households and hotels cost $39.
The malicious actor involved sounds fearless of legal actions. He says he has an non exhaustive collection of such videos and a team of people who travel across the country to install cameras. Getting caught is the last thing on his mind, and he says that the cost of a detected camera can be easily covered by selling a few clips online. While such filming and selling of videos are illegal, hackers continue to engage in such activities; hence, it’s citizens’ responsibility to take robust security measures such as ransomware protection, use strong passwords on their home security cameras and ensure that the hotel rooms they book are ‘safe.’
Google Patches 30 Vulnerabilities
The April edition of Google’s Android security bulletin updates on patches for over 30 vulnerabilities. The first of these is a critical severity bug dubbed as the CVE-2021-0430. It affected Android 10 and 11 and was patched in the 2021-04-01 security patch level. Two information disclosure issues and three elevations of privilege vulnerabilities of high severity were patched in the system component. Besides, three vulnerabilities in the Media framework and nine in the Framework component were addressed.
The 2021-04-05 security patch level comes with 18 patches in the Kernel components, System, Qualcomm components, MediaTek components, and Qualcomm closed-source components. Google’s proactive cybersecurity measures also include three patches for moderate severity vulnerabilities in Pixel devices.
Beware of Spooky Discord and Slack Links
Discord and Slack have become household names due to the COVID 19 pandemic and the induced remote working culture. It isn’t unusual for people to receive Discord and Slack links from their colleagues where they can collaborate and work. But the adversaries are leveraging on the comfortability we have with these applications. Threat actors are delivering malware via seemingly genuine Slack and Discord links. In some cases, they have even gone to the extent of integrating Discord into their malware for remote access of their malicious codes on victim devices.
The threat actors use Discord and Slack links, even in phishing emails, to make other Discord users access an infected link. Since these links are harder to block or take down, the only way to evade them is by shutting down a domain or server and blacklisting files. While Slack and Discord have robust ransomware protection policies and cybersecurity tools in place, users are advised to block links from unknown sources.
New Fake App to Stay Away from – Trezor
What would you do if all your cryptocurrency disappears from your wallet upon downloading an app? What if this app comes from the original creators and has good reviews and ratings? Would we still worry about safety then? In a recent attack campaign, cyber adversaries managed to get a fake Trezor app into Apple’s App Store and Google Play. Trezor (created by SatoshiLabs) is a small hardware device operating as a cryptocurrency wallet. A fake Trezor app claiming to be from SatoshiLabs was available on the App Store for over two weeks and downloaded over 1,000 times. A similar app was also operational on Play Store before authorities figured out the scam and brought down the fake apps. This fake Trezor app had 155 reviews and an almost 5-star rating.
Victims reported losing all their cryptocurrency upon downloading the doubtful app. It must be noted that there is no official Trezor app, so any app claiming to be Trezor has to be a scam. Trezor posted an alert on Twitter in January warning users to look out for fake apps. Email protection and cybersecurity must be taken seriously because adversaries always manage to find some loophole in the system, as evident from this scam.
Double Protection Against Phishing With This Acquisition
Email security is the need of the hour, and Cofense’s latest acquisition of Cyberfish promises enhanced phishing and email protection for all. Cofense’s detection and response technology merged with Cyberfish’s machine learning capabilities sure look like a newer and better cybersecurity shield for those looking for alternate email security providers.
They aim to provide a one-stop solution for all email security needs of an organization. The common goal of both teams shall be materialized using AI and automation capabilities.