SAN MATEO, CA, February 12, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- MoqHao Android malware executes automatically upon download
- Malicious LastPass imposter found on Apple’s App Store
- AI-generated images to be labeled on Meta ahead of US presidential election
- Chinese hackers found to have been embedded in critical US infrastructure for last 5 years
- Deepfake Joe Biden robocalls urging voters to stay home linked to Texas companies
- Malware-as-a-Service is currently threat number one for organizations
- Permitted fake video of Joe Biden on Facebook puts Manipulated Media policy into question
- New Windows stealer malware spreading via fraudulent Facebook job ads
- US sanctions Iranian officials for cyberattack on Pennsylvania water facility
- 2023 saw a dramatic uptick in romance scams
- More cybersecurity news
MoqHao Android malware executes automatically upon download
A new variant of the MoqHao Android malware has been discovered to have the ability to execute automatically without any need for user interaction. McAfee Labs states, “Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution. While the app is installed, their malicious activity starts automatically.” The malware is connected to a Chinese threat group called Roaming Mantis, a primarily financially motivated cluster. The malware is spread through smishing attacks and “is run automatically upon installation and prompts the victim to grant it risky permissions without launching the app.” MoqHao harvests contacts, metadata, SMS messages, and photos and can also engage/disengage wifi. Read more.
Malicious LastPass imposter found on Apple’s App Store
LastPass is warning users that a phony version of its app was briefly available for download on Apple’s App Store. The app looks similar to the real thing but is called “LassPass” and lists its publisher as “Parvati Patel.” It is believed that this has been set up to scam users out of their sensitive data and, due to the developer also having an app that appears to be legitimate on the marketplace, it’s possible that they have been hacked and their account used to peddle malware. While the app has been removed from the store, those who downloaded it are urged to remove it, change their real LastPass password, and then change all passwords saved within it. Read more.
AI-generated images to be labeled on Meta ahead of US presidential election
Images created with AI and posted to Facebook, Threads, and Instagram will carry an AI label that will be applied “in the coming months,” according to the company’s president of global affairs, Nick Clegg. While his policy description currently only addresses how it will be applied to images, he says that Meta is “working with industry partners on common technical standards for identifying AI content, including video and audio.” Users who post AI-generated content will also be required to disclose it, with Clegg saying they “may apply penalties if they fail to do so.” Meta’s prioritization of disclosing whether content is real or not comes after its Oversight Board suggested that its manipulated content policy should encompass misleading content that has not been created with AI in response to a fake video of Joe Biden performing a lewd act that was allowed to remain in circulation on the platform. Read more.
Chinese hackers found to have been embedded in critical US infrastructure for last 5 years
CISA, the FBI, and the NSA have issued a joint advisory indicating that Volt Typhoon, a prolific Chinese state-sponsored threat actor group, had been hiding in critical infrastructure networks for at least the last five years. According to the advisory, “Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions.” Volt Typhoon excels at hiding, using LOTL techniques and valid accounts to avoid detection while they methodically expand their access to targeted networks over long periods. Read more.
Deepfake Joe Biden robocalls urging voters to stay home linked to Texas companies
According to the New Hampshire Attorney General, the fake robocalls sent to New Hampshire residents leading up to their primary vote have been linked to a pair of Texas-based companies. The two companies, Lingo Telecom and Life Corporation, are believed to have made between 5,000 and 25,000 calls that delivered a phony recording of President Joe Biden urging people not to vote. The owner of Life Corporation, Walter Monk, has not yet been charged, although a criminal investigation that may result in federal charges is underway. Monk has been cited for engaging in similar illegal activities, including sending “prerecorded and unsolicited advertisements to residential lines.” Lingo has operated under nearly a dozen other names and is also a repeat offender, having made illegal robocalls for years. Cease and desist orders have been issued to both companies. Read more.
Malware-as-a-Service is currently threat number one for organizations
In the second half of 2023, Malware-as-a-Service posed the biggest threat to organizations’ cybersecurity, according to Darktrace’s 2023 End of the Year Threat Report. Researchers at Darktrace note that the cross-functional adaptation of many strains of malware and their ability to be interoperable with several existing tools make them capable of stealing various types of data from targeted systems. Many strains can harvest data without exfiltration, making them hard to detect. The report also showed an increase in Ransomware-as-a-Service attacks and the usage of generative AI tools to create more convincing phishing campaigns. Darktrace’s findings can be summed up with a statement from the company’s Director of Threat Research: “Against this backdrop, the breadth, scope, and complexity of threats facing organizations has grown significantly.” Read more.
Permitted fake video of Joe Biden on Facebook puts Manipulated Media policy into question
A fake video circulating on Facebook that depicts President Joe Biden inappropriately touching his adult granddaughter has resulted in calls from Meta’s Oversight Board to change the company’s rules surrounding its approach to deepfakes and manipulated content. The video has been in circulation since May of 2023. Because it doesn’t use AI or depict the President saying something he did not, both violations of Meta’s current rules, it can remain on the site and continue to be shared. The Oversight Board says that “Meta’s Manipulated Media policy is […] too narrow, lacking in persuasive justification, incoherent and confusing to users, and fails to clearly specify the harms it is seeking to prevent.” As the 2024 election approaches, the Board is urging Meta to modify their policies as quickly as possible to curb what is expected to be a flood of maliciously created fake content. Read more.
New Windows stealer malware spreading via fraudulent Facebook job ads
Fake job advertisements on Facebook lure employment seekers into installing a new Windows-based malware called Ov3r_Stealer. A statement from Trustwave SpiderLabs says that Ov3r_Stealer is “designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors.” The malware, hidden in a malicious PDF file, can nab IP address-based location, passwords, cookies, credit card information, crypto wallets, Microsoft Office documents, and more. The campaign’s main objective is unclear, although it is believed that the threat actors involved are stealing information to offer it for sale on dark web forums. Read more.
US sanctions Iranian officials for cyberattack on Pennsylvania water facility
Six Iranian government officials have been sanctioned by the US government for their role in a November 2023 hack on a Pennsylvania water utility, according to a statement made by the US Treasury Department. The Treasury Department stated that the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEG), hiding behind the name “Cyber Av3ngers,” set its sites on logic controllers provided by an Israeli company called Unitronics. One such device was present at the water utility in question. The hack resulted in a message that read, “Every equipment made in Israel is Cyber Av3ngers legal target” and is part of an ongoing skirmish between Iranian and Israeli hackers. No danger to the facility or residents who depend on it for drinking water occurred due to the attack. Read more.
2023 saw a dramatic uptick in romance scams
Research from Lloyds Bank indicates that the number of people victimized by romance scams in 2023 showed a 23% increase over 2022. The average amount lost by individuals to romance scams was $8,847, a decrease from 2022’s average of $10,505 but a large enough sum to illustrate how lucrative such deceptions can be. Using fake profiles on dating apps, websites, and social media platforms, romance scammers prey upon victims looking for an intimate connection but end up tricking them into handing over login credentials, banking information, money, or how to engage in other kinds of theft. People between the ages of 55 and 64 were the most likely to be duped by scammers, with the number of cases in this age range increasing by a whopping 49% since 2022. Victims between the ages of 65 and 74 lost the most money, with individuals seeing an average of $16,742 per person going to fraudsters. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles brought to you by NetworkTigers
