SAN MATEO, CA, January 1, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
Xamalicious Android malware installed 330k times
A new Android malware called Xamalicious has infected nearly 340,000 devices, according to a report from McAfee. The backdoor was found in 14 infected apps on the Google Play store that range from horoscope apps and calorie calculators to games and Minecraft editors. Twelve additional apps carrying the malware were found on third-party marketplaces. Once installed, Xamalicious “requests access to the Accessibility Service, enabling it to perform privileged actions like navigation gestures, hide on-screen elements, and grant additional permissions to itself.” After being embedded, the malware can siphon a wide range of data from the infected device. Read more.
EasyPark parking app discloses breach that may have exposed millions of users
EasyPark, a widely used company that develops apps that function as parking space locators, EV charging station locators, and booking managers, has disclosed that it suffered a data breach. Discovered on December 10, 2023, the breach exposed user names, phone numbers, addresses, email addresses, and more information that can be used to launch phishing attacks. The finer details of the breach have yet to be disclosed, and no threat actors have taken credit for an attack against the company. Serving more than 20 countries and millions of customers, EasyPark suffered a 2021 breach that exposed the data of 21 million users. Read more.
Operation Triangulation spyware hacks iPhones using previously unknown hardware feature
Security firm Kaspersky discovered an iPhone spyware campaign described as the “most sophisticated” it has ever seen. Operation Triangulation exploits four zero-day flaws, chaining them together to gain access to Apple devices running iOS 16.2 and older to steal sensitive data. Starting with a malicious iMessage attachment, the attack bypasses “hardware-based security protection for sensitive regions of the kernel memory by leveraging memory-mapped I/O (MMIO) registers, a feature that was never known or documented until now.” The exploit has been patched in recent updates and brings the number of zero-day bugs fixed by Apple in 2023 to 20. Read more.
Foreign threat actors ramping up efforts to influence US 2024 elections
Cybersecurity researchers warn that foreign threat actors are already intensifying their strategies to influence and disrupt upcoming US national elections. Doppelgänger, a Russian operation that has created inauthentic news platforms and social media accounts to establish an audience before the elections, operates three sites designed to divide opinion and create doubt about American military capabilities and election security. It is just one such Coordinated Inauthentic Behavior (CIB) network that employs thousands of fake social media accounts purported to belong to US citizens. While the CIBs studied thus far have yielded little organic traffic, experts expect even the mere existence of such campaigns to result in “perception hacking,” which can lead citizens to assume that such operations are widespread and result in unfair elections. Read more.
New MS Drainer malware has stolen $56 million in crypto over 9 months
Research from Scam Sniffer has revealed a crypto-stealing campaign involving a new “crypto drainer” called MS Drainer. Spread through phishing pages on Google and X; the drainer is behind the theft of $56 million in cryptocurrency over the last nine months. Scam Sniffer reports that it has observed some 10,000 phishing sites employing drainers since March and that 60% of phishing ads on X lead victims to malicious software designed to steal from their crypto wallets. MS Drainer is available for sale on the dark web. Read more.
New zero-day in Barracuda ESG appliances under active exploitation
Barracuda’s Email Security Gateway (ESG) appliances are under attack from Chinese hackers, according to a company statement. The exploited flaw, tracked as CVE-2023-7102, is a zero-day bug allowing threat actors to create backdoors on a “limited number” of Barracuda’s devices. The threat actors appear to be UNC4841, who are responsible for previous exploits of Barracuda products. To exploit the weakness, threat actors are deploying Microsoft Excel email attachments designed to inject targeted systems with SEASPY and SALTWATER malware variants. Customers are encouraged to download the most recent update to Barracuda’s ESG appliances, as it fixes this flaw. Read more.
Source code for Grand Theft Auto 5 leaked online a year after Rockstar hack
Hot on the heels of Rockstar’s official Grand Theft Auto 6 unveiling, the source code for the series’ 5th installment was leaked online on Christmas Eve. Hacked by Lapsus$ in 2022, Rockstar’s network was compromised, resulting in a great deal of proprietary data being stolen. The leak of GTA 5’s source code has been posted on Telegram by a hacker called “Phil,” who has released the data along with a tribute to Arion Kurtaj, the teen Lapsus$ hacker recently sentenced to an indefinite hospital stay for his involvement in the gang. According to security research group VX-Underground, the code was released sooner than planned to “combat scamming in the GTA V modding scene,” where “many people were allegedly scammed by people claiming to have the GTA V source code.” Read more.
2023 saw $2 billion in crypto stolen by cybercriminals
A report from web3 security firm De.Fi indicates that hackers made off with a stunning $2 billion worth of crypto in 2023 via dozens of hacks and thefts. According to the firm, the thefts highlight “the persistent vulnerabilities and challenges within the DeFi ecosystem.” While $2 billion is no small sum, De.Fi also reports that, for the first time since 2020, the amount stolen in crypto hacks is on a downward trend, with thieves stealing $3.8 billion in 2022. 2024 is expected to see crypto in the crosshairs again, especially regarding North Korea’s Lazarus hacking gang, which netted $1.7 billion in crypto in 2022 to finance the country’s economy. Read more.
British members of LAPSUS$ sentenced for hacking crimes
Two British teens, members of the LAPSUS$ hacker gang, have been sentenced for their roles in the group’s actions, which involved high-profile attacks on BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Revolut, Rockstar Games, Samsung, Ubisoft, Uber, and Vodafone. Arion Kurtaj, 18, was deemed unfit to stand trial and has been sentenced to an indefinite hospital stay as a result of his insistence that he wants to get hacking again “as soon as possible.” The other teen, who is 17, was sentenced to an 18-month Youth Rehabilitation Order that includes intensive supervision and surveillance. Read more.
Game developer Ubisoft investigating possible new breach
Images of Ubisoft’s internal software and developer tools have surfaced on the internet, leading the game developer to investigate whether or not it has been breached. According to a tweet from VX-Underground, an unknown hacker claims to have breached the company on December 20 and maintained access for 48 hours until they were seemingly detected. Their goal was, allegedly, to steal around 900GB of data. VX-Underground says the threat actor claimed they “gained access to the Ubisoft SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel, sharing screenshots of their access to some of these services.” Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles brought to you by NetworkTigers
