---
title: "Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions, Cybersecurity News [April 22, 2024] | DuoCircle"
description: "Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions - Cybersecurity News [April 22."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/"
---

Quick Answer

Cybersecurity stories from the week of April 22, 2024: ThreatFabric researchers detailed Brokewell, a new Android banking trojan capable of capturing on-device events, taking screenshots, and granting attackers remote control. Ring agreed to pay $5.6 million in FTC settlement refunds to customers over privacy violations involving employee video access. The US Treasury Department imposed sanctions on Iranian individuals tied to state-sponsored cyber operations. The HelloKitty ransomware operation rebranded as 'HelloGookie' and leaked source code stolen from CD Projekt Red and internal Cisco data. And researchers found malware bundled into game cheats and cracks that targeted gamers' credentials and crypto wallets.

Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions, Cybersecurity News \[April 22, 2024\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/04/Android-Data-Breach-Ring-Settlement-Payout-Iran-Cyber-Sanctions-Cybersecurity-News-April-22-2024.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-18-of-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Android%20Data%20Breach%2C%20Ring%20Settlement%20Payout%2C%20Iran%20Cyber%20Sanctions%2C%20Cybersecurity%20News%20%5BApril%2022%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-18-of-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-18-of-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-18-of-2024%2F&title=Android%20Data%20Breach%2C%20Ring%20Settlement%20Payout%2C%20Iran%20Cyber%20Sanctions%2C%20Cybersecurity%20News%20%5BApril%2022%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Android%20Data%20Breach%2C%20Ring%20Settlement%20Payout%2C%20Iran%20Cyber%20Sanctions%2C%20Cybersecurity%20News%20%5BApril%2022%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-18-of-2024%2F "Share via Email") 

![spear phishing attacks](https://media.mailhop.org/duocircle/images/2024/04/hosted-email-server-2.jpg) 

Here we are with the latest [cybersecurity](/) news of the week, covering the scoops on the new Brokewell malware, the FTC settlement for Ring users, the sanctions on Iranian threat actors, the **return of HelloKitty** malware, and the spread of Redline malware via game cheats. Let’s take a look!

## New Brokewell Malware Compromises Android Devices and Extracts Data

A new Android **banking trojan**, Brokewell, was discovered this week that captures [device data](https://getterms.io/blog/what-is-device-data-and-why-is-it-important-in-a-privacy-policy). 

Brokewell is delivered via a **fake Google Chrome update** that is shown to users of the web browser. The malware was found by ThreatFabric, who [shared](https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware) that the fake Chrome page delivers the payload that the threat actors can use to steal data and assume remote control. Brokewell is **particularly dangerous** because it can capture a ton of information, including. 

- **_Keystrokes_**_:_ _Every key you press is logged, including passwords and credit card numbers._
- **_Screen Information_**_:_ _Anything displayed on your screen, like online banking details or emails._
- **_Text Entries_**_:_ _Any text you enter in any app is fair game for Brokewell._
- **_App Usage_**_:_ _The malware **tracks the apps you launch**, giving the threat actors a complete picture of your digital activity._

The developer of Brokewell, Baron Samedit has been selling tools to [threat actors](https://healthitsecurity.com/news/threat-actors-increasingly-exploit-zero-day-vulnerabilities-to-evade-threat-detection) for checking stolen accounts for nearly 2 years now and has released a Brokewell Android Loader that can **bypass Google restrictions** and take over devices easily. _If you want to steer clear of the malware, do not download any apps or updates from outside the Google Play store._ 

## Ring Users Receive $5.6 Million in Settlement Over Privacy Violations

The FTC (Federal Trade Commission) will send a $5.6 million refund to **Ring users** following the class-action lawsuit against Ring, the popular [video doorbell](https://en.wikipedia.org/wiki/Smart%5Fdoorbell) organization.

The complaint was made in May 2023 when Ring failed to implement proper security measures to protect devices from unauthorized individuals, and **Amazon employees and contractors** [accessed private video feeds of its users](https://www.cbsnews.com/news/amazon-ring-ftc-lawsuit-customer-videos/).

_Ring is an Amazon subsidiary that sells smart home products that are connected to the Internet._ You can use these devices for remote access via a mobile application. Apart from the unauthorized access, Ring also failed at basic security like [MFA (Multi Factor Authentication)](/email-security/multi-factor-authentication-mfa-and-its-impact-on-email-security/), and many people had their **accounts hijacked** via [credential stuffing](https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html) and [brute-force attacks](https://www.spiceworks.com/it-security/cyber-risk-management/news/large-scale-brute-force-attacks-disrupt-ssh-vpn-services/). _The FTC is now sending PayPal payments to nearly 117,000 Ring customers as part of the settlement._ 

If you were a part of the attack, you can **redeem the funds** in the next 30 days. The funds are being given as payment to the consumers who had **indoor cameras** during the period when the time when the unauthorized access was noticed. You can apply for the funds and read more about them in the [FTC’s press release](https://www.ftc.gov/news-events/news/press-releases/2024/04/ftc-sends-refunds-ring-customers-stemming-2023-settlement-over-charges-company-failed-block). 

[![Cyberattacks](https://media.mailhop.org/duocircle/images/2024/04/email-migration-service-7288.jpg)](https://media.mailhop.org/duocircle/images/2024/04/email-migration-service-7288.jpg)

## US Government Imposes Sanctions on Iranians Connected to Cyberattacks

In other news, the US OFAC (Office of Foreign Assets Control) **sanctioned 4 Iranian nationals** who were a part of the [cyberattacks against the US government](https://www.theguardian.com/technology/2024/mar/26/china-cyber-attack-uk-us-explained-hack-apt-31) and private organizations. 

These individuals are [accused](https://home.treasury.gov/news/press-releases/jy2292) of working for or collaborating with the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC), a branch responsible for the country’s [cyberwarfare](https://en.wikipedia.org/wiki/Cyberwarfare) efforts. The four individuals sanctioned are: 

- **_Alireza Shafie Nasab and Reza Kazemifar Rahman_**_:_ _Believed to be involved in a **multi-year cyber campaign** targeting US enterprises and government entities._
- **_Hosein Mohammad Harooni_**_:_ _Accused of [spear phishing attacks](/email-security/spear-phishing-takes-advantage-of-your-employees-trust/) against the US Department of the Treasury and other institutions._
- **_Komeil Baradaran Salmani_**_:_ _Linked to attacks coordinated by the IRGC-CEC against US organizations._

The OFAC also sanctioned two Iranian organizations, MASN (Mehrsam Andisheh Saz Nik) and DAA (Dadeh Afzar Arman), which the **IRGC-CEC used as a front**. The threat actors are still at large, and the Justice Department has also released indictments charging them with the [cyber campaign](https://www.darkreading.com/endpoint-security/cisco-zero-days-arcanedoor-cyberespionage-campaign). 

## HelloKitty Ransomware Adopts New Name, Leaks Data from CD Projekt and Cisco

HelloKitty made its comeback this week when one of the operators behind the ransomware **released passwords** from leaked [CD Projekt](https://en.wikipedia.org/wiki/CD%5FProjekt) source code and Cisco network information. 

The comeback was first noticed by 3cp0rt, who took to X and [shared](https://twitter.com/3xp0rtblog/status/1781086941271748819) the details. _The threat actor “Gookee” also announced the **rebranding of the ransomware** along with a new dark web portal called HelloGookie_.

HelloKitty shut down at the end of 2023 after its developer leaked the [ransomware’s builder](https://digitalterminal.in/trending/lockbit-builder-based-ransomware-continues-to-pose-threats-kaspersky) and source code on a hacking forum. But now, the threat actor has made the announcement and shared 4 private keys that can decrypt the files of older attacks, internal information from a Cisco attack, and [leaked source code](https://www.sportskeeda.com/gta/news-gta-5-source-code-leaks-online-giving-rockstar-huge-blow-christmas-report) of Witcher 3 by CD Projekt. There’s **no evidence of any new attacks** by HelloGookie, and the website doesn’t show any recent leaks. 

Although many people have used the decryption keys to get back their data for free, the CD Projekt Red leak has already had consequences. Many developers have **compiled playable versions** of Witcher 3 from the leaked source code. We’re still unsure who HelloGookie [ransomware](/data-privacy/8-most-nefarious-ransomware-attacks-from-2017-to-mid-2023/) will target and if it will keep making headlines like HelloKitty did. 

[![ Ransomware attacks](https://media.mailhop.org/duocircle/images/2024/04/phishing-protection.jpg)](https://media.mailhop.org/duocircle/images/2024/04/phishing-protection.jpg)

_Implementing robust [ransomware protection](/resources/locky-ransomware) protocols, such as **regular data backups**, [network segmentation](https://www.techtarget.com/searchnetworking/definition/network-segmentation), and the use of advanced endpoint security solutions, can significantly mitigate the risk of falling victim to such attacks_. Regular employee training and simulated phishing exercises, known as [phishing simulation](/phishing-simulation), can foster a **culture of phishing awareness** within organizations.

## Deceptive Game Cheat Distributes Malware to Steal Information from Gamers

HelloGookie’s release of the Witcher 3 source code isn’t the only thing that happened this past week because there’s also a new [info-stealing malware](https://www.bleepingcomputer.com/news/security/coralraider-attacks-use-cdn-cache-to-push-info-stealer-malware/) that is **impersonating Cheat Lab**. 

The name of the [malware](/data-privacy/new-zero-click-hack-with-stealthy-root-privilege-malware-targets-ios-users/) is Redline, and it is a major info stealer that threat actors can use to **exfiltrate information** from infected devices, such as passwords, autofill, cookies, crypto wallet info, and more.

The malware has been gaining popularity and was researched by **McAfee’s team**, who [shared](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/) that it works on the [Lua bytecode](https://www.lua.org/about.html) to evade detection.

Redline payloads hide under the garb of **cheating tools** like Cheat Lab and Cheater Pro and are distributed as ZIP files that contain an [MSI installer](https://smallbusiness.chron.com/msi-installer-56267.html). _But that’s not all, the threat actors have also started a campaign offering a **fully licensed copy of the cheating program for free** if a friend or acquaintance downloads and installs the malware as well._ The malware is not an executable but an uncompiled bytecode that is stored in a separate readme.txt file. Once you run the installer, it compiles the code and [installs the malware on your device](https://windowsreport.com/hackers-use-the-latrodectus-malware-to-gain-control-of-your-device/). 

This attacks shows that **even trustworthy installers may hide malware** and can infect your devices so it’s best not to download anything from [untrusted sources](/phishing-protection/malicious-email-attachments-are-here-to-stay-how-to-protect-against-them/). _If you’re not sure about the legitimacy of a cheat program, do some research online before downloading it._ Robust [malware protection](/resources/malware-and-its-defense-mechanism) can also aid in mitigating such threats\_.\_

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions, Cybersecurity News [April 22, 2024]","description":"Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions - Cybersecurity News [April 22.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/","datePublished":"2024-04-29T16:23:16.000Z","dateModified":"2025-08-26T18:52:17.000Z","dateCreated":"2024-04-29T16:23:16.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1143,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/04/hosted-email-server-2.jpg","caption":"spear phishing attacks","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions, Cybersecurity News [April 22, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions, Cybersecurity News [April 22, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions, Cybersecurity News [April 22, 2024]","description":"Android Data Breach, Ring Settlement Payout, Iran Cyber Sanctions - Cybersecurity News [April 22.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/","datePublished":"2024-04-29T16:23:16.000Z","dateModified":"2025-08-26T18:52:17.000Z","dateCreated":"2024-04-29T16:23:16.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-18-of-2024/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1143,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/04/hosted-email-server-2.jpg","caption":"spear phishing attacks","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```