Weekly Cybersecurity News

This week, Malloc brings you the latest cybersecurity news, focusing on mobile security. Users should beware of downloading and using untrustworthy or non-mainstream cryptocurrency wallet apps, as there is a high chance of fraud and theft of users' cryptocurrency by malicious or fraudulent crypto applications and platforms. A recent incident highlighting this was uncovered where users lost large sums of cryptocurrency through the WallConnect app, which was available on the Play Store. In another development, a fine has been imposed on Meta, the parent company of Facebook and Instagram, by the authorities in Europe related to a March 2019 data breach where Meta stored user passwords in plain text (unencrypted) on its servers, thereby violating many mandates of the EU's GDPR. It is imperative for users not to entirely rely on Big Tech for their security and undertake adequate cybersecurity measures at a personal level, such as using MFA and privacy protection apps like our app, Malloc, which significantly enhances user security and privacy. To learn more about these events and other news, keep reading!

Fake WalletConnect app on Google Play steals Android users’ crypto:

A fraudulent app posing as the legitimate WalletConnect was available on Google Play for five months, misleading users into downloading it and stealing their cryptocurrency. Named WallConnect, the fake app garnered over 10,000 downloads by using deceptive tactics, including fake user reviews. Once installed, it redirected users to a malicious website to authorize transactions that compromised their digital wallets, ultimately resulting in losses exceeding $70,000 for at least 150 victims. Researchers reported the app to Google, leading to its removal, while advising users to exercise caution when connecting cryptocurrency wallets to third-party services.

Source: BleepingComputer

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext:

Meta has been fined €91 million (approximately $101.56 million) by the Irish Data Protection Commission (DPC) for a security breach involving the storage of millions of Facebook and Instagram passwords in plaintext. The breach, which occurred in March 2019, violated multiple articles of the EU's General Data Protection Regulation (GDPR), as it involved a failure to promptly report the incident and inadequate technical measures to protect user passwords. Although Meta stated that there was no evidence of improper access to the exposed passwords, the DPC highlighted the risks associated with storing sensitive data in this manner. Meta has since taken corrective actions and proactively notified the DPC about the issue.

Source: The Hacker News

New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing:

A new vulnerability in Bluetooth technology, identified as CVE-2020-26558, poses significant security risks by allowing hackers to intercept passcodes during the pairing process of Bluetooth devices. This flaw, affecting devices supporting the Passkey Entry association model from Bluetooth versions 2.1 to 5.4, enables a man-in-the-middle attack where an adversary can impersonate one device to extract the passkey used in the pairing session. Bluetooth Core Specification 5.4 recommends that devices should reject public keys that match their own coordinates to mitigate this issue, and future specification updates will enforce stricter checks. Users are advised to update their firmware regularly and be cautious when pairing devices in insecure environments to maintain secure communications.

Source: GBHackers

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68%:

Google's shift to using the Rust programming language in its Android development has significantly decreased memory vulnerabilities by 68% over six years, dropping from 76% to 24% of reported issues. This transition, initiated around 2019, aligns with the company's secure-by-design philosophy and aims to enhance overall code safety through proactive vulnerability discovery and Safe Coding practices. Despite an increase in memory-unsafe code, the decline in vulnerabilities is attributed to the exponential decay of vulnerabilities in older and newly developed code. Additionally, Google is exploring better interoperability between Rust, C++, and Kotlin to incrementally adopt memory-safe practices and collaborate with Arm to improve security across the Android ecosystem.

Source: The Hacker News

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware:

A recent report identified a prolonged watering hole attack targeting 25 websites linked to the Kurdish community, aimed at stealing sensitive information over the past year and a half. Dubbed "SilentSelfie," the campaign delivers multiple variants of information-stealing frameworks that can track users' locations, capture images from their devices, and prompt them to install malicious Android apps. While the exact breach methods remain unclear, researchers note the attack's sophistication is low, perhaps indicative of a relatively new threat actor. Notably, there are indications this campaign could be linked to the Kurdistan Regional Government of Iraq, especially following the arrest of a Kurdish journalist.

Source: The Hacker News

Russian Hackers Target Ukrainian Servicemen via Messaging Apps:

A report from the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) reveals that Russian hackers are intensifying their cyber warfare tactics against Ukrainian servicemen by targeting messaging apps like Signal to extract personal data. The analysis indicates a significant increase in malware incidents and highlights how hackers impersonate familiar contacts to deliver malicious files masked as legitimate content. This activity has been linked to the UAC-0184 cyber-espionage group, and over the past year, there has been a concerning rise in attacks on government organizations as well as critical infrastructure, including supply chain attacks on energy companies.

Source: Infosecurity Magazine

UK and US Warn of Growing Iranian Spear Phishing Threat:

The UK’s National Cyber Security Centre (NCSC) and U.S. agencies, including the FBI and Cyber Command, have issued a warning about a rising spear phishing threat attributed to Iran’s Islamic Revolutionary Guard Corps (IRGC). Targeting individuals connected to Iranian and Middle Eastern affairs, as well as U.S. political campaigns, the campaign employs tailored tactics to impersonate trusted contacts or organizations, enticing victims to click links that lead to fraudulent login pages to steal credentials. The advisory emphasizes the importance of vigilance against unsolicited communications and recommends cybersecurity measures for organizations, such as user training, updating software, and employing multi-factor authentication.

Source: Infosecurity Magazine

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign:

Chinese hackers, linked to the Beijing government, have infiltrated several U.S. internet service providers (ISPs) in a cyber espionage campaign aimed at obtaining sensitive information, as reported by The Wall Street Journal. Identified as the threat actor Salt Typhoon (also known as GhostEmperor), they are suspected of gaining access to critical Cisco Systems routers, facilitating persistent access to targeted networks for data harvesting and potential cyber attacks. This marks an ongoing pattern of state-sponsored efforts by China to target telecom and critical infrastructure, following recent U.S. efforts to disrupt another Beijing-affiliated hacking operation.

Source: The Hacker News

LG Has Started Showing Screensaver Ads on Their Smart TVs:

LG has begun displaying full-screen advertisements on their smart TVs during screensaver moments, a practice they call "Native Screensaver Ads," which aims to engage viewers even when the TV is idle. While LG claims these ads boost customer engagement through targeted marketing, many users find this intrusive, arguing they didn't purchase a TV to be bombarded with ads. Fortunately, viewers can disable these screensaver ads by adjusting the settings on their LG smart TV.

Source: LifeHacker

Hackers Could Have Remotely Controlled Kia Cars With Only License Plates:

A group of cybersecurity experts revealed critical vulnerabilities in Kia's dealer portal that could have allowed hackers to remotely control various functions of Kia vehicles made after 2013 by exploiting just the cars' license plates. The flaws, discovered in June 2024 and patched by Kia in August, could have exposed sensitive personal information of vehicle owners and allowed attackers to add themselves as unauthorized users without detection. The researchers demonstrated this by accessing the dealer portal and taking control of a locked rental car within about 30 seconds. While Kia stated there is no evidence of these vulnerabilities being exploited maliciously, the incident underscores the ongoing risks associated with connected vehicle technology.

Source: Tech Worm