Malloc Privacy Weekly

Welcome to Malloc Privacy Weekly, where we discuss current events in the world of cybersecurity, including those related to personal digital security.

North Korean spyware, disguised as utility apps such as file managers and security tools, was found on Google Play. These apps, named KoSpy, could steal sensitive data like SMS messages, call logs, location, files, and even record audio and take photos. Google has removed these specific apps and their configuration database from Firebase.

Cybernews research has revealed widespread security flaws in iOS apps, with a vast majority containing hardcoded secrets like API keys and cloud storage credentials. These vulnerabilities could allow attackers to access sensitive user data, including personal information and financial details.

To learn more about these developments and other news, read the article below.

Android apps laced with North Korean spyware found in Google Play

Researchers have identified multiple Android apps in the Google Play store that were infiltrated by North Korean spyware, specifically the malware known as KoSpy. Disguised as utility applications, these malicious programs collected sensitive user information, including SMS messages, call logs, and location data, before transmitting it to North Korean intelligence. Although the apps passed Google's security vetting, they were found on multiple platforms, including a third-party market called Apkpure, and utilized Firebase for backend support. The findings indicate that APT37 and APT43, known North Korean spy groups, were likely responsible for this operation. Users are urged to be cautious before downloading applications, as many offer no genuine benefits and are used primarily for espionage.

Source: Ars Technica

GSMA Introduces End-to-End Encryption for Cross-Platform RCS Messaging

The GSM Association (GSMA) has announced the introduction of end-to-end encryption (E2EE) for Rich Communication Services (RCS) messaging, marking a significant enhancement in security for users across different platforms, including Android and iOS. This upgrade, utilizing the Messaging Layer Security (MLS) protocol, is the first of its kind to provide interoperable encryption between various client implementations. Developed through collaborations with major players like Apple and Google, the new standards aim to protect user messages from third-party access. The enhancement is part of the RCS Universal Profile 3.0, which includes further improvements such as better media sharing features and business messaging management. The rollout of this encryption will soon extend to several Apple platforms and is expected to facilitate a more secure messaging experience for users interacting across different ecosystems.

Source: Cyber Insider

Massive research into iOS apps uncovers widespread secret leaks, abysmal coding practices

A recent research study reveals that a significant number of iOS apps leak sensitive data due to poor coding practices, with over 815,000 hardcoded secrets found in 156,000 apps analyzed. The investigation uncovered alarming vulnerabilities, including the exposure of cloud storage keys, API credentials, and even payment processing information, posing substantial risks to users' personal data. Notably, 71% of apps leak at least one secret, prompting concerns about overall app security in the Apple App Store, which is traditionally viewed as a more secure environment. Researchers emphasize that hardcoding secrets is a serious security flaw, and they call for developers to adopt better practices, such as storing sensitive information on secure servers instead of embedding it directly into app code.

Source: Cyber News

Volt Typhoon Accessed US OT Network for Nearly a Year

The Volt Typhoon threat group has significantly compromised the US electric grid, maintaining unauthorized access to the operational technology (OT) network of Littleton Electric Light and Water Departments for nearly a year. Discovered by cybersecurity analysts at Dragos, this intrusion highlights critical infrastructure vulnerabilities, particularly as devices become outdated and susceptible to sophisticated attacks. Experts warn about the increasing geopolitical leverage that such cyber intrusions can provide to threat actors, enabling them to disrupt supply chains, steal intellectual property, and manipulate systems for specific objectives. A swift response managed to contain the breach without compromising sensitive customer data, but calls for enhanced monitoring and defense in critical national infrastructure (CNI) remain urgent as cyber threats evolve.

Source: Infosecurity Magazine

New Eleven11bot botnet infects 86,000 devices for DDoS attacks

A new botnet called Eleven11bot has infected over 86,000 IoT devices, mainly focusing on security cameras and network video recorders (NVRs), to launch DDoS attacks. Linked to Iran, this botnet has targeted telecommunication providers and online gaming servers, achieving attack volumes of several hundred million packets per second. Discovered by Nokia researchers, Eleven11bot represents one of the most significant DDoS botnets in recent years. Its spread is attributed to brute-forcing weak credentials and exploiting default settings on vulnerable devices. Users are urged to secure their devices by updating firmware, disabling unnecessary remote access, and using strong, unique credentials.

Source: Bleeping Computer

Top Bluetooth chip security flaw could put a billion devices at risk worldwide

A critical security flaw has been discovered in the widely used ESPC32 Bluetooth chip, which is manufactured by a Chinese company and powers millions of Internet of Things (IoT) devices globally. Researchers from Tarlogic found a hidden feature that allows malicious actors to execute arbitrary commands, unlock additional functionalities, and extract sensitive information from devices. Although initially labeled a "backdoor," it has been clarified as proprietary HCI commands that could lead to supply chain attacks and identity theft, enabling attackers to impersonate devices and access personal and business communications. The affordability of the chip, costing around $2, contributes to its prevalence in domestic IoT applications, raising concerns over privacy and data security.

Source: Tech Radar Pro

94% of Wi-Fi networks lack protection against deauthentication attacks

A recent analysis by Nozomi Networks Labs highlights alarming findings regarding Wi-Fi security, revealing that an overwhelming 94% of networks are vulnerable to deauthentication attacks, leaving critical systems exposed. This issue is particularly pressing in sectors like healthcare, where attacks could compromise sensitive patient data, and in industrial environments, which risk significant disruptions and safety hazards. The report outlines several main threats, including rogue access points, eavesdropping, and jamming attacks, all exploiting weaknesses in network protocols. Additionally, cyber threat activity is on the rise, with 48.4% of alerts occurring in the impact phase of the cyber kill chain, particularly affecting manufacturing and energy industries. Researchers urge organizations to address multiple critical vulnerabilities, as a substantial percentage of newly identified weaknesses are likely to be actively exploited, underscoring the urgent need for improved defenses in critical infrastructure to ensure safety and operational continuity.

Source: Help Net Security

Police Warning As Dangerous iPhone, Android Texts Soar 600%

A viral scam is rapidly spreading across the United States, with police agencies warning citizens to delete dangerous texts immediately. These unsolicited messages, disguised as communications from local toll collection agencies, threaten users with escalating fines unless they pay swiftly via a deceptive payment link. There has been a staggering 604% increase in these toll fee scam texts since early 2025, with law enforcement urging individuals to report the messages and verify any outstanding payments directly with the agency. The risk of financial loss and personal information theft is significant, making it crucial to avoid engaging with these scams.

Source: Forbes

US govt says Americans lost record $12.5 billion to fraud in 2024

In 2024, the U.S. Federal Trade Commission (FTC) reported that Americans suffered unprecedented losses of $12.5 billion to fraud, marking a 25% increase from the previous year. Investment scams accounted for the highest losses at $5.7 billion, with imposter scams at $2.95 billion. Younger individuals, particularly those aged 20 to 29, reported losses most frequently, comprising 44% of total reports. The prevalence of online scams led to losses exceeding $3 billion, whereas traditional methods resulted in $1.9 billion. Despite emails being the most common scam contact method, interactions by phone resulted in higher median individual losses. These findings were published in the FTC's Sentinel database, which received 6.5 million consumer reports, facilitating fraud investigations by law enforcement globally. Victims are encouraged to file reports via IdentityTheft.gov and ReportFraud.ftc.gov to aid in combating this widespread issue.

Source: Bleeping Computer

AI agents can be hijacked to write and send phishing attacks

Recent research reveals that AI agents, like OpenAI’s Operator, can be hijacked to conduct phishing attacks, significantly reducing the effort required by cybercriminals. Researchers demonstrated that these agents could identify targets, gather information, and send malicious emails using effective lures. The study highlights the growing sophistication of AI-assisted cyberattacks, which present serious threats to organizations as they exploit human error, leading to heightened security risks. Experts caution that as these AI tools become more powerful, they may autonomously execute complex cyberattacks, lowering barriers for attackers and increasing vulnerabilities for potential victims.

Source: Tech Radar

Passwordless authentication continues to grow, with biometrics helping push adoption

Biometric authentication is experiencing significant growth, particularly in Europe, with countries like Israel and South Korea leading adoption rates. According to Okta's report, nearly half of German businesses enforce biometric methods, while France pioneers in passwordless solutions despite having the lowest percentage of biometric logins. In total, 21% of users in Germany, Israel, South Korea, and Canada utilize these advanced security measures, compared to just 17% in the US. The momentum toward biometrics is indicated by a 377% increase in FastPass authentication, demonstrating a shift towards phishing-resistant methods. Challenges such as device compatibility and limited IT resources remain hurdles, but the trend indicates a movement towards a more secure authentication future.

Source: Tech Radar

One third of adults can't delete device data

A recent survey by the UK's Information Commissioner's Office (ICO) revealed that 29% of adults are unaware of how to properly wipe personal data from old devices, despite 71% recognizing its importance. Many choose to keep their outdated hardware, often due to privacy concerns, with three-quarters of respondents admitting to still owning at least one old device. Alarmingly, a significant portion of younger people, 21%, do not believe it's essential to erase their data, and 14% of those aged 18-34 would not bother at all. The survey highlights a critical need for education on data security as many plan to upgrade their devices around the holidays, emphasizing that proper data erasure is crucial to prevent unauthorized access and potential fraud.

Source: The Register