Supply chain attacks through malicious apps are on a spree. The notorious Joker malware has made a comeback in one such incident, affecting more than 500,000 Huawei users. The malware was distributed via apps pretending to be virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.
Meanwhile, a widely popular app store for Android platform, APKPure has been infected with an adware that could download Triada trojan on users’ phones. The attackers managed to inject the adware by compromising the 3.17.18 version of the app store. In other news, federal authorities urge organizations to apply security patches immediately as the attacks leveraging vulnerable Fortinet VPN continue to remain a threat.
Top Breaches Reported in the Last 24 Hours
Supply chain attack
APKPure, one of the largest app stores, has fallen victim to a supply chain attack. Threat actors managed to launch the attack by compromising client version 3.17.18 to deliver malware dubbed Triada. The malware capabilities include hijacking financial SMS transactions and allowing threat actors to download and install payloads without user permission.
New details about the Facebook data leak
According to a new report, users in Egypt are the most affected victims of the latest Facebook data leak incident. The private details of around 45 million Egyptians have been leaked following the incident. Overall, a total of 553 million Facebook users from 106 countries have been affected by the incident.
Top Malware Reported in the Last 24 Hours
Return of Joker malware
More than 500,000 Huawei users have been infected with Joker malware that was distributed via apps in AppGallery. A total of ten apps that prompt users to subscribe to premium services contained malicious code for connecting to C2 servers to receive configurations and additional components. The list of malicious applications included virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.
Top Vulnerabilities Reported in the Last 24 Hours
Alert issued for Fortinet vulnerability
The National Cyber Security Center (NCSC) has issued an alert about widespread espionage operations that are actively scanning for unpatched vulnerabilities in Fortinet VPNs. The flaw is tracked as CVE-2018-13379 and can enable attackers to remotely access usernames and passwords, and launch malicious activities on the network. Earlier, the CISA and FBI had issued similar alerts about the attacks leveraging Fortinet vulnerability.
Zero-day vulnerabilities explored
Several zero-day vulnerabilities have been identified in Zoom, Apple, Safari, Microsoft, Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu in the Pwn2Own hacking contest. The vulnerabilities range from authentication bypass, local privilege escalation to stack overflow.