Weekly Cybersecurity News

This week we bring you the latest Cybersecurity News. Russian state-linked hackers, known as Star Blizzard and associated with the FSB, have been targeting WhatsApp accounts of government ministers and officials worldwide. Their tactic involves sending phishing emails disguised as invitations to join WhatsApp groups related to supporting Ukraine. These emails contain malicious QR codes that, when clicked, could grant the hackers access to the victim's WhatsApp account, potentially allowing them to steal sensitive data.

Apple and Google have removed apps associated with Huione Group, a Cambodian company accused of operating Huione Guarantee, a massive cybercrime market on Telegram. Huione Guarantee, which facilitated an estimated $24 billion in illicit transactions, acted as an escrow service for various criminal activities, including money laundering, selling stolen data, and enabling pig butchering scams.

Our app, Malloc for iOS and Android, has advanced security features to detect the presence of spyware and other malicious apps on phones, alert users, block trackers and insecure HTTP traffic, and provide a VPN to protect users against scams and other threats.

To learn more about these developments and other news, read the article below.

Phishing texts trick Apple iMessage users into disabling protection

Cybercriminals are using phishing texts to bypass Apple iMessage's built-in protection, convincing users to disable it by replying to messages from unknown senders. These smishing attacks exploit common user behaviors, such as responding to texts with "Y," which re-enables links that had been automatically disabled for safety. Users who engage with these messages unknowingly expose themselves to potential identity theft, making them attractive targets for further attacks. To avoid falling victim, users are advised to verify the legitimacy of any suspicious texts directly with the purported sender rather than responding.

Source: Bleeping Computer

Russian hackers target WhatsApp accounts of ministers worldwide

Russian state-linked hackers, associated with the FSB, have employed a new tactic to target the WhatsApp accounts of government ministers and officials globally. This operation, conducted by a group named Star Blizzard, involves sending phishing emails that mimic communications from US officials, encouraging recipients to click on a QR code that provides the attackers access to their WhatsApp accounts, compromising their messages and data. Microsoft noted that this strategy is part of a broader campaign to undermine trust in politics and facilitate unauthorized data access, alerting users in affected sectors to remain vigilant against such spear phishing attempts. Despite the campaign's apparent winding down, its implications underline the persistent threat posed by cybercriminals leveraging social engineering tactics like "quishing".

Source: The Guardian

Apple And Google Take Down Crypto Apps From Alleged $24 Billion Cyberscam Market Owner

Apple and Google have removed crypto apps developed by Huione Group, a Cambodia-based company accused of operating a $24 billion cyber fraud marketplace on Telegram. The platform, known as Huione Guarantee, is reportedly the largest illicit online marketplace ever, surpassing even notorious drug markets like Silk Road. It offers services for money laundering, stolen personal data, and tools for online fraud, including a scheme termed pig butchering, where victims are scammed into fake crypto investments. Following scrutiny and reports from Elliptic and Chainalysis, Google has already taken down the apps, while Apple has removed the crypto exchange, although some apps remain on its store. The market's vast network enables transnational organized crime, raising concerns over the legitimacy of Huione Group's business activities.

Source: Forbes

Someone Likely Used a Sophisticated Phone-Spying Device at the 2024 DNC

During the 2024 Democratic National Convention, it is believed that a sophisticated phone-surveillance device, specifically a cell-site simulator, may have been deployed to spy on mobile devices. A report from the Electronic Frontier Foundation (EFF) indicated that evidence collected by researchers, including significant data anomalies in wireless signals, suggested suspicious activity consistent with the operation of such surveillance tools. These tools can intercept and analyze personal data from phones, raising concerns about potential motives for surveillance amid widespread protests against the Biden administration's policies. The investigation highlights privacy and security implications, emphasizing the need for accountability regarding the use of surveillance technology.

Source: Gizmodo

A major data broker hack may have leaked precise location info for millions

Gravy Analytics, a significant location data broker, recently revealed a data breach that potentially compromised precise location data for millions of individuals. The breach, linked to unauthorized access to their AWS cloud storage, may include sensitive information from popular apps like Candy Crush, dating platforms, and more. Security expert Baptiste Robert noted that a sample dataset provided on a Russian forum exposed over 30 million locations, including sensitive sites like the White House and military bases. Gravy Analytics is currently investigating the scope of the breach and whether personal data was involved, following scrutiny from the FTC, which aimed to limit the company's handling of sensitive location information.

Source: The Verge

This widely-used instant loan app leaks nearly 30 million files of user data

A significant data leak involving the Indian loan company FatakPay has exposed nearly 30 million files containing sensitive information due to a misconfigured Amazon AWS S3 bucket. The compromised data includes users' names, addresses, IDs, loan agreements, and personal identification documents like Aadhar and PAN numbers. Although FatakPay has since secured the exposed database, the incident highlights ongoing vulnerabilities in data security, particularly regarding the mismanagement of cloud resources by organizations. This breach serves as a reminder of the risks of identity theft, phishing, and social engineering that can arise from such careless data handling practices.

Source: Tech Radar

GDPR Complaints Filed Against TikTok, Xiaomi, Over Data Transfers

A European privacy advocacy group, noyb, has filed six GDPR complaints against major Chinese tech companies like TikTok and Xiaomi, alleging unauthorized transfers of personal data from Europe to China. The complaints highlight that these companies confirm data transfers in their privacy policies, undermining compliance with EU laws, particularly as Chinese law permits extensive government access to personal data, rendering potential protections ineffective. The complaints call for immediate action from European data protection authorities to suspend data transfers, enforce compliance, and impose significant fines, which could lead to substantial penalties for the companies involved. This marks a critical development in the EU's approach to data privacy, particularly as Chinese apps gain prominence in global markets.

Source: Cyber insider

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

A free VPN app called Big Mama is allowing users to sell access to their home internet connections, raising significant security concerns. While kids are exploiting this VPN to cheat in the popular VR game Gorilla Tag, cybercriminals are using it as a residential proxy, facilitating cyberattacks and potentially putting users at risk of being unwittingly involved in malicious activities. Cybersecurity researchers have noted the app’s link to at least one cyberattack and its emergence as a favored tool among criminal forums. Although marketed as a free and convenient service, users are cautioned that utilizing such VPN services comes with considerable privacy and security risks, especially when traffic rerouting is involved.

Source: Wired

Dead Google Apps domains can be compromised by new owners

Many startups utilize Google Workspace for their operations, but a report by Dylan Ayrey from Truffle Security Co. highlights a significant vulnerability: if a startup fails and its domain is sold without properly closing its associated Google accounts, new owners can easily access sensitive information from accounts tied to previous employees. This is particularly concerning given that approximately 90% of startups fail, potentially leaving countless vulnerable Google-auth-connected domains. Google acknowledged the issue but deemed it a "Won't Fix (Intended Behavior)" problem, suggesting businesses need to follow best practices to mitigate such risks. Ayrey pointed out that while Google's "sub" identifier is intended as a safeguard, its effectiveness is questionable, as his accesses successfully exploited the system across multiple services. He proposed updates to Google's identity verification methods to better prevent these kinds of breaches.

Source: areTechnica

‘Surveillance pricing’ means higher costs for consumers, preliminary FTC report says

A preliminary FTC report reveals that businesses utilize surveillance pricing to charge consumers higher prices based on detailed consumer data including geolocation, demographics, and online behaviors. This practice allows companies to algorithmically adjust pricing, potentially leading to individualized rates for products, as illustrated by a case where a new parent sees inflated baby product prices. The report, which draws on insights from six companies, is currently in the "staff perspective" stage and has faced objections from incoming FTC leadership regarding its early release. Outgoing Chair Lina Khan emphasized the importance of investigating how private data influences pricing, advocating for consumer awareness and input on the issue. Some firms contest the report's implications, asserting they do not engage in individual pricing strategies.

Source: The Record

How Barcelona became an unlikely hub for spyware startups

Barcelona has emerged as an unlikely hub for spyware startups, attracting companies like Palm Beach Networks and Paradigm Shift amid growing concerns about the implications for privacy and security in Europe. This shift follows restrictions in Israel regarding the export of surveillance technology, prompting a relocation of industry talent to the Spanish city, which offers appealing conditions such as favorable tax benefits and a vibrant lifestyle. Industry experts warn that establishing such businesses in Barcelona could exacerbate the spyware crisis in Europe, raising alarms over potential abuses of power and threats to human rights. Government scrutiny is urged to ensure compliance with national and EU laws, given the historical issues surrounding the use of spyware by European governments.

Source: Tech Crunch