Share Blog Post
What phone do you use? Nevermind. Major keyboard apps from Samsung, OPPO, Vivo, Xiaomi, and other manufacturers were found to be affected by critical security flaws, endangering up to a billion users' data. Despite Google's data points about advertisers, distinguishing legitimate affiliates from malicious actors remains challenging. A malicious ad campaign—impersonating top brands—was discovered targeting Meta users via Google search. Another experiment of digital adversaries came to light after a research group stumbled across an info-stealer strain built using the Electron framework.
Threat actors’ innovation continues as they identified a new loophole in GitHub and GitLab’s unpublished comments, enabling undetectable and long-lasting phishing attacks. Attackers leverage the auto-generated URLs for phishing, as they appear legitimate to onlookers.
Top Malware Reported in the Last 24 Hours
Electron-based info-stealer found
Experts at ASEC unearthed a malicious info-stealer developed with Electron, a framework for JavaScript-based applications such as Discord and Microsoft VSCode. The malware, distributed via Nullsoft Scriptable Install System installer format, exhibited two distinct cases of malicious behavior. In Case #1, the malware utilized node.js scripts packaged inside the Electron application to execute malicious actions. Case #2 involved the malware strain masquerading as a TeamViewer-related file, which uploaded collected user information to a file-sharing service.
Meet Samurai Stealer malware
A new strain of malware, dubbed Samurai Stealer, has emerged to display sophisticated capabilities aimed at infiltrating systems and extracting sensitive data while evading traditional antivirus defenses. This trojan, believed to be highly advanced, employs complex algorithms to pilfer valuable information, posing a significant threat to targeted industries. Attackers leverage spear-phishing and social engineering tactics to ensnare victims.
Top Vulnerabilities Reported in the Last 24 Hours
Location-tracking app bug exposed millions
Eric Daigle, a student at the University of British Columbia, disclosed vulnerabilities in the popular location-tracking app iSharing, allowing access to users' precise location data and personal information. The bugs, affecting over 35 million users, enabled unauthorized access to location data and exposed users' names, profile photos, email addresses, and phone numbers. Daigle's findings prompted iSharing to address the issue, acknowledging the oversight.
Billions at risk due to keyboard apps’ flaws
Researchers uncovered sensitive security bugs in popular keyboard apps from tech giants Samsung, OPPO, Vivo, and Xiaomi, among others. These could enable attackers to intercept and decipher users' keystrokes, potentially exposing sensitive personal and financial information. The vulnerabilities affect up to one billion users worldwide, highlighting significant concerns regarding data security. The Citizen Lab urged affected companies to address the issues promptly, with some acknowledging the problem and committing to releasing updates.
Top Scams Reported in the Last 24 Hours
Meta users targeted using cloaking techniques
A notorious cyber group targeted Meta users via Google search, exploiting cloaking techniques to impersonate top brands and evade detection. Scammers abuse click-tracking services to redirect users to fraudulent sites, complicating detection efforts. Cloaking enables two different experiences for users and scanners, allowing scammers to hide their malicious schemes.
Attackers generate phishing links via GitHub and GitLab
Unpublished GitHub and GitLab comments become hotbeds for cybercriminals to deploy phishing links and leave them as it is. This security issue allowed anyone to upload malware, such as the Redline Stealer Trojan, to repositories without the owners' knowledge. Even if discovered, owners can't remove the uploaded files. The method involves leaving unpublished comments with malware files, ensuring the links remain active.
Tags
Posted on: April 24, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
