Wednesday 25th September 2024

Good morning everyone, thank you for joining me for today's instalment of Cyber Daily. Today's edition is covering stories from the latest attempt to keep our cars safe from foreign threats to a payments giant taking a hit. MoneyGram’s cyberattack is a fresh reminder that even the most established financial players aren’t immune to digital chaos. Meanwhile, the U.S. is taking big steps to keep connected vehicles free from foreign influence—because who knew that your car could be a spy.

Necro Android Malware: A New Threat Through Popular Apps

A new version of the Necro Android malware has infected millions of devices by infiltrating legitimate apps such as Spotify, WhatsApp, and Minecraft. Kaspersky researchers identified that some compromised apps, including Wuta Camera and Max Browser, were available on the Google Play Store, amassing over 11 million downloads. While Max Browser has been removed, Wuta Camera has since been updated to remove the malware.

The malware spread is linked to rogue software development kits (SDKs) used for ad integration, enabling attackers to deliver the Necro payload through seemingly safe applications. First detected in 2019 within the CamScanner app, Necro employs advanced obfuscation and steganography techniques, making it difficult to detect. The malware's functions include displaying ads, executing arbitrary code, and potentially subscribing victims to paid services.

Necro’s adaptability is enhanced by its modular architecture, allowing threat actors to deploy various plugins that perform malicious activities like creating tunnels, handling ads, and periodically contacting command-and-control servers. The malware's advanced evasion tactics pose a growing threat to millions of Android users worldwide.

U.S. Proposes Ban on Foreign-Made Software in Connected Vehicles

The U.S. Department of Commerce (DoC) is proposing a ban on importing or selling connected vehicles that include software and hardware from foreign adversaries, particularly China and Russia. The proposed rule targets Vehicle Connectivity Systems (VCS) and Automated Driving Systems (ADS), which enable external connectivity and autonomous driving capabilities.

The DoC’s Bureau of Industry and Security (BIS) warned that compromised VCS and ADS could allow adversaries to harvest sensitive data or remotely control vehicles, posing a national security risk. The ban extends to all wheeled on-road vehicles like cars, trucks, and buses, excluding agricultural and mining vehicles.

The ban would prohibit the import and sale of vehicles with specific VCS or ADS software from China and Russia. Software restrictions would start with Model Year 2027, while hardware prohibitions would take effect from Model Year 2030. The White House supports the move, emphasising the need to secure U.S. automotive supply chains and prevent the exploitation of sensitive information.

As vehicles become increasingly connected, the risk of data exploitation and remote manipulation grows, making this regulatory move critical to protect U.S. technology and privacy.

MoneyGram Hit by Cyberattack, Causing Service Outage

MoneyGram, the U.S.-based peer-to-peer payments and money transfer company, confirmed a cyberattack that has taken its services offline since September 22. The incident has impacted both in-person and online transactions, leaving millions of global customers unable to send or receive money.

MoneyGram reported a network outage affecting various systems, which forced the company to take some systems offline to contain the attack—signaling a potential ransomware breach. The company is investigating the security incident and has notified law enforcement, while efforts are underway to restore operations.

MoneyGram, acquired by Madison Dearborn Partners in June 2023, handles sensitive data from over 150 million customers in more than 200 countries, making it a lucrative target for cybercriminals. The outage underscores the growing risk to financial services as cyberattacks increasingly target critical infrastructure.

As of now, MoneyGram's website remains unreachable, and the company is working diligently to bring its systems back online and resume normal business operations. The attack highlights the ongoing cybersecurity challenges faced by financial institutions.