Weekly Cybersecurity News

Last week in cybersecurity, researchers identified over 90 malicious Android apps on Google Play, downloaded more than 5.5 million times, spreading malware and adware. This alarming discovery highlights the ongoing threats to mobile security. To learn more about this and other critical cybersecurity events from the past week, read the full article below.

Kakao Messenger App Fined $11.5 Million for Privacy Violations:

The Personal Information Protection Commission (PIPC) of South Korea has fined Kakao Corporation $11.5 million (15.14 billion KRW) for privacy violations related to its open chatting service on KakaoTalk. The investigation began after a March 2023 report exposed illegal trading of personal data from the app. Hackers exploited system vulnerabilities to access and sell user information, compromising anonymity. Key findings include the use of the same member serial numbers for general and open chats and inadequate security measures. Additionally, Kakao failed to report the breach and notify affected users, leading to the substantial fine and a mandate to inform users about the breach.

Source: Restore privacy

Spyware maker pcTattletale says it’s ‘out of business’ and shuts down after data breach:

The spyware app pcTattletale shut down after a data breach exposed sensitive information, including over 300 million screenshots of victims' devices. A hacker defaced the website and leaked data from the company's servers. Founder Bryan Fleming confirmed the deletion of the company's AWS account and servers to prevent further data exposure but did not notify affected users. This incident is part of a trend of spyware apps facing shutdowns due to security breaches and regulatory scrutiny.

Source: TechCrunch

Stalkerware App With Security Bug Discovered on Hotel Systems:

A spyware app called pcTattletale was found on the systems of several Wyndham hotels in the US, capturing screenshots of hotel booking systems and exposing guest information. This stalkerware exploits a security bug that makes these screenshots accessible online. pcTattletale can remotely view and capture screenshots of Android and Windows devices without detection.

Source: DarkReading

Over 90 malicious Android apps with 5.5M installs found on Google Play:

Over 90 malicious Android apps, with more than 5.5 million installs, were found on Google Play delivering malware and adware. The Anatsa banking trojan, which targets financial institutions to steal e-banking credentials, has seen a resurgence, now hidden in apps like 'PDF Reader & File Manager' and 'QR Reader & File Manager.' These dropper apps use a multi-stage payload mechanism to evade detection. Other notable malware families include Joker, Facestealer, and Coper.

Source: Bleeping Computer

Apple Location Services vulnerability can enable troop movements to be tracked:

Security researchers from the University of Maryland discovered a privacy vulnerability in Apple Location Services that allowed for tracking troop movements and personal devices using Wi-Fi-based Positioning Systems (WPS). Unlike Google's approach, which processes location data on its servers, Apple’s method returns extensive geolocation data to the device, which can be exploited. The researchers obtained a global map of Wi-Fi access points, enabling them to monitor movements in conflict zones. Starlink has responded by randomizing BSSIDs, and users can opt out by adding "_nomap" to their SSIDs. Apple plans to limit database query frequency to mitigate the risk.

Source: 9to5Mac

US sanctions operators of “free VPN” that routed crime traffic through user PCs:

The U.S. Treasury Department has sanctioned three Chinese nationals for operating a VPN-powered botnet called 911 S5, which had over 19 million residential IP addresses. These addresses, provided by free VPN services MaskVPN and DewVPN, were used by cybercriminals for activities such as COVID-19 aid scams and bomb threats. The botnet covertly turned users' devices into proxy servers, making detection difficult. The individuals sanctioned include Yunhe Wang, Jingping Liu, and Yanni Zheng, along with three Thailand-based businesses. The sanctions aim to disrupt this cybercriminal network and prevent further fraudulent activities .

Source: arsTechnica

Websites exposing over a million secrets, leaving visitors at risk:

Researchers have identified 58,364 websites globally that are exposing sensitive .env configuration files, leading to significant security risks. These files, which should be private, contain vital information such as passwords, API keys, and database credentials. The exposure of these secrets can lead to unauthorized access, data breaches, and website takeovers. The most affected websites are in the United States, followed by Germany, India, and France. The research highlights the need for better security practices and the use of secure, encrypted storage solutions to protect these critical files.

Source: Cybernews

How Are Hackers Targeting Gamers? (Security Risks Unveiled):

David Balaban's article on Forbes sheds light on the growing cybersecurity risks faced by gamers. Contrary to common assumptions, the gaming community includes a significant number of adults, with the average gamer being 30 years old. The global gaming industry, valued at $184.4 billion in 2022, has attracted cybercriminals seeking financial gain. Balaban outlines several common threats gamers may encounter, including credential reuse, booby-trapped games, mobile gaming insecurities, keyloggers, dangers of torrents and cheat codes, and phishing scams. He provides practical security advice, such as creating strong, unique passwords, avoiding suspicious email attachments, enabling multi-factor authentication, installing reliable security software, and staying vigilant against phishing attempts.

Source: Forbes