Here is our latest weekly cybersecurity bulletin with the latest cybersecurity news covering new threats and security updates.
Malicious Malware Disguised as CapCut Websites Promote Information Theft
A novel malware campaign is underway where threat actors impersonate the CapCut tool to push malware strains.
CapCut, the official video editor by ByteDance, is a popular editor for music mixing, filtering, animation, and more. With over 500 million Google Play downloads, many individuals use the app for TikTok videos. However, threat actors saw this as an opportunity, and two campaigns are distributing different malware impersonating CapCut.
Researchers at Cyble discovered these two and highlighted the attack method wherein the threat actors use black hat SEO, advertisements, and social media to promote a CapCut impersonating website that delivers the Offx stealer or a PowerShell script that downloads the redline stealer to their devices.
Avoid such promotions and use the official Google Play and App Store applications.
Exploit Targeting Samsung ASLR Bypass Flaw Raises Alarm, CISA Reports
CISA (Cybersecurity and Infrastructure Security Agency) warned individuals of a new security vulnerability in Samsung devices that threat actors are using to bypass the ASLR.
The security feature ASLR (Address Space Layout Randomization) randomizes memory where application and OS components are loaded, making it challenging for threat actors to launch buffer overflow or memory-based attacks.
The vulnerability, CVE-2023-21492, is present on Samsung devices running Android versions 11, 12, and 13, and threat actors can use the sensitive information to conduct ASLR bypasses, allowing them to exploit memory management.
Samsung has not released any details about the exploit, but the FCEB (U.S. Federal Civilian Executive Branch) agencies were served with a 3-week deadline, ending on June 9, to address the flaw. You can read about CISA’s alert here.
Massive Android Device Infection: Cybercrime Syndicate Deploys Malware on Millions
A malicious enterprise, the Lemon group, has pre-installed the “Guerilla” malware on nearly 9 million Android smartphones and smart devices.
Image sourced from gdatasoftware.com
The threat actors can load additional payload intercept OTPs (One Time Passwords), set up reverse proxies, hijack WhatsApp sessions, and more. Trend Micro released a report when its analysts discovered Lemon Group and highlighted how the attack infrastructure of the group overlaps with the Triada malware operation of 2016.
Trend Micro exposed the group in February 2022, which led it to rebrand itself as “Durian Cloud SMS.” The complete details were not shared, but Trend Micro did share that the infection turns the infected devices into mobile proxies and that the threat actors can steal and sell the information transmitted on these devices and social media applications.
These infected devices are not limited by geography and include devices from around the world.
Revolutionary $15M Crypto Bug Bounty Program Introduced by LayerZero
LayerZero Labs launched a new bug bounty program offering a max reward of up to $15 million for critical vulnerabilities.
The significant figure is a record in the blockchain and crypto worlds. Bug bounty initiatives encourage software developers to reward researchers that identify bugs in their platforms so they can be fixed before any threat actor exploits them.
The creator of the LayerZero blockchain messaging protocol enables secure communication across multiple blockchains and has already facilitated the exchange of 10 million texts. With the $15 million bounty launch, LayerZero showcases its commitment to security and how it wants to promote trust.
Within the program, individuals will be rewarded based on the severity level of the vulnerabilities they discover, and the payouts start from $1,000, going up to $15 million.
Enhance Privacy: WhatsApp Introduces Chat Lock Feature with Password or Fingerprint
Meta, the organization behind WhatsApp, has released a new “Chat Lock” feature that users can utilize to block others from accessing personal conversations.
This feature will create a new folder that users can lock with a password or biometrics to ensure the privacy of conversations.
WhatsApp released the feature, stating, “Locking a chat takes that thread out of your inbox and puts it behind its folder that can only be accessed with your device’s password or biometric, like a fingerprint.”
The feature will automatically hide details of locked chat in notifications, preventing others from looking over your shoulders while using your devices. Users can quickly view the locked chats by swiping down on the inbox and authenticating the lock.
The new feature will also expand and include locks designed for companion devices and allow using different passwords for chats.
macOS Attacks Employ Open-source Cobalt Strike Port ”Geacon”
A Go-based implementation of Geacon is being utilized to target macOS devices.
Geacon and Cobalt Strike simulate attacks against enterprise networks to improve defenses, but malicious actors use these to conduct attacks. Threat actors have been using Cobalt Strike to compromise Windows systems for quite some time, but the researchers at Sentinel One recently discovered Geacon activity in the wild.
The researchers found two cases of various Geacon deployments, requesting access to the device camera, contacts, photos, microphone, reminders, and even administrator privileges once launched.
You can check out the IoCs (Indicators of Compromise) and details of the Geacon attacks here.