Weekly Cybersecurity News

This has been another important week in cybersecurity. A data breach at mSpy exposed millions sensitive personal information of millions of its customers. In another important development, German Probe Finds Data Brokers Exposed 3.6 Billion Location Points of people in Germany. And do you know that African countries are among the most targeted by malware? To know more, read the article below.

Data?breach?exposes millions of mSpy spyware customers:

A data breach at mSpy, a phone surveillance app, exposed millions of customer support tickets dating back to 2014, revealing sensitive personal information. The breach disclosed that mSpy users included U.S. military personnel, a federal judge, and government officials. The Ukrainian company behind mSpy, Brainstack, has not publicly acknowledged the breach. This incident highlights the risks and ethical concerns of using spyware for covert surveillance.

Source: TechCrunch

Android Users Targeted by “Konfety” Fraud Operation on Google Play:

HUMAN's Satori Threat Intelligence and Research Team disrupted a mobile ad fraud campaign named Konfety, which used "evil twin" apps, malicious versions of legitimate apps, on Google Play. These apps exploited the CaramelAds SDK to render ads and sideload code, generating up to 10 billion ad requests daily. Despite Google's measures like Google Play Protect, the malicious apps continued spreading via third-party sources. Konfety's techniques included manipulating UserAgent strings, opening malicious URLs, and avoiding detection through dynamic code loading. Users are advised to enable Google Play Protect and avoid downloading apps from non-official sources.

Source: Cyber Insider

'BadPack' APK Files Make Android Malware Hard to Detect:

A new threat called "BadPack" has emerged, involving maliciously altered APK files that make it difficult for security analysts to detect Android malware. These files manipulate header information, preventing reverse-engineering tools from analyzing their contents effectively. BadPack has enabled Android banking Trojans like TeaBot and Cerberus to evade detection and infect devices. Palo Alto Networks' Unit 42 identified nearly 9,200 BadPack samples in the past year. To mitigate this threat, continuous development of innovative detection tools is essential, and users should avoid apps asking for unusual permissions and refrain from downloading from third-party sources.

Source: DarkReading

Google makes it easier for users to switch on advanced account protection:

Google has eased the process for users to enable its Advanced Protection Program (APP), which provides strong multifactor authentication (MFA). Previously requiring two physical security keys, users can now use two passkeys or a combination of one passkey and one physical key. Passkeys, which are part of the FIDO Alliance standards, offer a secure option by being stored locally on devices and requiring biometric verification. This change addresses accessibility concerns and makes the highest level of account protection more practical for users worldwide. However, users still need two devices to avoid being locked out of their accounts.

Source: Ars Technica

Hackers found abusing URL protection tools to hide phishing links:

Hackers have recently been found exploiting URL protection tools to deliver phishing links, targeting hundreds of companies. These tools rewrite email links to scan them for security, but in this campaign, starting likely in mid-May 2024, the rewritten links redirect recipients to phishing sites. Researchers from Barracuda suspect a business email compromise (BEC) attack enabled the hackers to bypass these tools. They recommend a multilayered defense strategy using machine learning and emphasize the importance of employee education to spot and report phishing attempts.

Source: TechRadar

The NSA is Warning You to Restart your Phone Every Week: Here's Why:

The National Security Agency (NSA) advises rebooting mobile devices weekly to remove potential malicious code. Regularly turning off and restarting phones can help stop malware from executing and clear temporary files. No specific new threat prompted this advice; it's part of good digital hygiene. Other NSA mobile security best practices include keeping software up to date, installing apps only from official stores, avoiding public Wi-Fi, not clicking suspicious links, and using strong device locks. These measures, along with regular reboots, enhance security and potentially improve device performance.

Source: How-To-Geek

German Probe Finds Data Brokers Exposed 3.6 Billion Location Points:

An investigation by German media outlets revealed that data brokers exposed 3.6 billion location points of people in Germany, posing serious privacy and security risks. The dataset, linked to the US-based Datastream Group, was found on Datarade's online marketplace. It contained mobile advertising IDs that allowed tracking of detailed movement profiles, including visits to sensitive locations like military bases. The ease of accessing such data raises significant privacy concerns and underscores the need for stricter regulatory reforms. German officials are urging for better protection and regulation to address these serious privacy breaches.

Source: Cyber Insider

African countries among the most targeted by malware, report:

A report revealed that seven African countries are among the top 20 globally most targeted by malware as of June 2024. Ethiopia ranks second worldwide with a high Normalized Risk Index, followed by Zimbabwe (third), Angola (sixth), and Kenya (ninth). The prevalent malware types in Africa include Phorpiex, Allcome Clipper, Expiro, Qbot, and FakeUpdates, impacting sectors like government, finance, utilities, and education. The report emphasizes the need for African organizations to adopt advanced cybersecurity measures and foster a culture of cyber resilience to mitigate these evolving threats.

Source: Africa Business Community

WhatsApp e-Challan scam: How Vietnamese hackers are using ‘Maorrisbot’ to target Indians:

Vietnamese hackers are using the Maorrisbot malware in a WhatsApp e-Challan scam targeting Android users in India. The scam involves sending fake traffic violation messages impersonating authorities, leading recipients to malware-infected links. Once installed, Maorrisbot intercepts sensitive messages, enabling scammers to access accounts and make unauthorized purchases. To stay safe, users are advised to use reputable security software, limit app permissions, download from trusted sources, watch for suspicious activity, update devices regularly, and monitor sensitive account alerts.

Source: FirstPost