Spyware Vendors Exploit 0-Days On Android and iOS Devices

andreasc
-
0
Spyware Vendors Exploit 0-Days On Android and iOS Devices
[ad_1]
Spyware Vendors Exploit 0-Days

The Threat Analysis Group (TAG) of Google unveiled recently that commercial spyware vendors targeted Android and iOS devices using zero-day vulnerabilities patched last year.

In November 2022, the first campaign was discovered by security analysts targeting iOS and Android users. While in that campaign, it was identified that the attackers used separate exploit chains to hack both platforms.

As far as targeting was concerned, both campaigns had a very distinct and limited target audience base. They exploited the time gap between the release and deployment of a fix to targeted devices.

Governments that couldn’t develop these capabilities in-house are armed with these hacking tools. Depending on the national or international laws in place, it may be legal for surveillance technologies to be used.

EHA

Governments often target the following entities through the use of these surveillance tools and technologies:-

  • Dissidents
  • Journalists
  • Human rights workers
  • Opposition party politicians

Campaign #1 & #2

A TAG analysis of bit(.)ly links sent over text messages to users in the following countries in November 2022 identified exploit chains with 0-day exploits affecting Android and iOS platforms:-

  • Italy
  • Malaysia
  • Kazakhstan

All the victims are redirected to the malicious pages containing the exploits for Android or iOS, which happens when users click on the links. After that, certainly, they were redirected to genuine websites.

The genuine websites where the threat actors redirect the users are:-

  • BRT, is an Italian-based shipment and logistics company. 

or 

  • A popular Malaysian news website.

Here below, we have mentioned all the vulnerabilities that the threat actors exploit during these two campaigns:- 

  • CVE-2022-42856: It’s a WebKit remote code execution exploiting a type confusion issue within the JIT compiler (0-day at the time of exploitation).
  • Also exploited the PAC bypass technique, which was fixed in March 2022.
  • CVE-2021-30900: A sandbox escape and privilege escalation bug in AGXAccelerator, fixed by Apple in 15.1.
  • CVE-2022-3723: A confusion vulnerability in Chrome was fixed in October 2022 in version 107.0.5304.87.
  • CVE-2022-4135: It’s a Chrome GPU sandbox bypass only affecting Android (0-day at time of exploitation), fixed in November 2022.
  • CVE-2022-38181: It’s a privilege escalation bug fixed by ARM in August 2022.
  • CVE-2022-4262: A confusion vulnerability in Chrome was fixed in December 2022 (0-day at exploitation time).
  • CVE-2022-3038: It’s a sandbox escape in Chrome fixed in August 2022, in version 105
  • CVE-2022-22706: A vulnerability in Mali GPU Kernel Driver fixed by ARM in January 2022.
  • CVE-2023-0266: It’s a race condition vulnerability in the Linux kernel sound subsystem (0-day at exploitation time).

A C++-based spyware suite for Android was successfully deployed at the end of the exploit chain. It contained libraries developed to decrypt and extract data from various browsers and chat applications.

Amnesty International’s Security Lab shared information about discovering these exploit chains due to its findings.

Related IOCs

Here below, we have mentioned all the related IOCs:-

  • https://cdn.cutlink[.]site/p/uu6ekt – landing page
  • https://api.cutlink[.]site/api/s/N0NBL8/ – Android exploit chain
  • https://api.cutlink[.]site/api/s/3PU970/ – iOS exploit chain
  • https://imjustarandomsite.3utilities[.]com – exploit the delivery server
  • www.sufficeconfigure[.]com – a landing page and exploit delivery
  • www.anglesyen[.]org – malware C2
  • The following Android system properties might indicate signs of exploitation
  • sys.brand.note
  • sys.brand.notes
  • sys.brand.doc
  • The following directory on the phone might indicate signs of infection

Protection for Users

Google has already reported all these vulnerabilities to the vendors to protect the users. 

If Google doesn’t recognize the quick response and patching of these vulnerabilities by the following companies that need to address them will be remiss:-

  • Chrome team
  • Pixel team
  • Android team
  • Apple team

Patching is one of the most important things that need to be accomplished. However, these exploit chains would not be able to impact a user who had a fully updated device.

As a result of such campaigns, it is important to remember that the commercial spyware market continues to flourish.

0-day vulnerabilities are accessible to even small surveillance vendors. The Internet is at high risk when vendors stockpile and use 0-day vulnerabilities in secret since they pose a serious security risk for users.

Are You a Pentester? – Try Free Automated API Penetration Testing

Also Read:

Iranian APT42 Deploys Custom Android Spyware to Spy on Targets of Interest

24-Year-Old Australian Hacker Arrested For Creating and Selling Spyware

Google Chrome 0-Day Vulnerability Exploited in The Wild To Deploy Spyware

ISPs Helped Hackers to Infect Smartphones with Hermit Spyware

A New zero-click iMessage Exploit Used to Install NSO Group Spyware on iPhones


[ad_2]
Source link

Foldable phone market grow 50% in 2023

andreasc
-
0
Foldable phone market grow 50% in 2023
[ad_1]

Despite a rough maiden voyage, the foldable market has been expanding a lot over the past four years. With Samsung leading the pack, it’s inching closer to the mainstream. Well, according to IDC, the foldable phone market might grow an impressive 50% in 2023.

With the condition of the global economy, the smartphone market has been struggling over the past couple of years. While this is true, the foldable market has been going pretty strong. That’s surprising, as these flexible devices are still on the higher end of the consumer smartphone price bracket. We’ve yet to see a clamshell foldable launching under $999 or a notebook foldable launching under $1,500.

However, the foldable phone market is flourishing. We can chalk this up to the fact that foldable phones are getting more durable, more people are seeing the utility of foldable phones, and the fact that more companies are bringing their foldable phones to the market.

The foldable phone market could grow 50% in 2023

So, the smartphone market is expected to shrink by about 1.1% this year. However, the foldable smartphone market could see a sharp increase. Last year, there were about 1,205,800,000 smartphone shipments, and 14.2 million (1.2%) of them were foldables. While that’s a small amount, relatively speaking, the market is still on the rise.

The report states that, by the end of 2023, there could be about 21.4 million foldable phones shipped. That’s about a 50.5% increase, and we can expect that to be led by Samsung. The Korean giant owns the mass majority of the foldable smartphone market.

IDC is also looking toward the future. The firm predicts that the foldable market will continue to increase over the following years. If correct, then the foldable smartphone market could ship 48 million units in 2027. Based on the prediction, the market could make up 3.5% of the total smartphone market.

Obviously, you’ll want to take this with a grain of salt (or an entire salt mine). This is four years down the road. With the state of the global economy, we’re taking things day by day. By the time 2027 rolls around- if we haven’t been enslaved by rogue AI- things could be completely different. In any case, it’s nice to see that the foldable smartphone market is growing.


[ad_2]
Source link

Bally Sports North reportedly lost half of its subscribers, Before declaring Bankruptcy

andreasc
-
0
Bally Sports North reportedly lost half of its subscribers, Before declaring Bankruptcy
[ad_1]

In a surprise to absolutely no one, it appears that Bally Sports North has lost more than half of its subscribers, in a ten-year span. According to a report from S&P Global Market Intelligence, Bally Sports North had 2.9 million subscribers in 2013, and now that’s down to just 1.2 million subscribers.

Now, let’s put this in perspective, this is just one of the many RSNs that Bally Sports operates. And this decline likely started when Fox still owned it. Let’s also remember that Bally Sports North only airs three teams: Minnesota Twins, Minnesota Wild and the Minnesota Timberwolves. They are available in Minnesota, North Dakota and South Dakota. Fairly small markets, all things considered.

It’s likely that the reason for this drop is due to cord-cutting. Not just users going to YouTube TV or Hulu + Live TV, but instead cutting out cable altogether. And just sticking with Netflix, Hulu and maybe Paramount+.

On top of that Bally Sports removed its networks from most streaming services. Like YouTube TV and Hulu + Live TV. It had been removed from Fubo, but they recently made a move to bring Bally Sports back.

Making Bally Sports Bankruptcy no surprise

Earlier this month, Bally Sports’ parent-company, Diamond Sports Group, filed for bankruptcy. Which is what many of us expected, after hearing that they weren’t making money and also took on a lot of debt after buying the Fox Sports RSNs from Disney when they bought Fox.

Of course, removing the Bally Sports channels from most streaming services for almost two years before launching Bally Sports+ definitely did not help. But as of right now, Bally Sports is planning to continue broadcasting the games they have the rights to. They did drop the rights to five MLB teams earlier this month. Which those teams will be aired on MLB.TV for free.

The Bankruptcy is likely to take years to fully work through. But as of right now, it’s not looking good for RSNs.


[ad_2]
Source link

Google Podcasts reaches 500 million downloads and seems to be here to stay

andreasc
-
0
Google Podcasts reaches 500 million downloads and seems to be here to stay
[ad_1]
In recent years, there’s been a lot of talk about plans to incorporate podcasts into established streaming services like Spotify, YouTube Music and Apple Music. In some territories and platforms, this is already a reality. But still: alternatives exist.

Google Podcasts has been around since 2018 and has gone through relatively few iterations since then. The plan with this Google-made app is simple: quick search and delivery for podcasts of all topics and lengths.

And despite the fact that YouTube Music will be launching its own Podcasts section in the US, Google Podcasts is still doing pretty well. Recently, the app reached half a billion downloads on the Play Store, which is a testament to its core-audience and popularity.

Now, that being said, YouTube Music itself has long since surpassed the billion downloads. However, we must keep in mind that it offers music, which anyone can get into. Podcasts though? Sure, the medium is more popular than ever, but it is still not for everyone.

This is probably part of the reason why Google won’t be scraping the Podcasts app, even after it launches the podcasts section in YouTube Music. The company has outright admitted that the two apps cater to very different core audiences.

As 9to5 Google very aptly points out in its report, Google Podcasts is interesting, because it is an odd case of a standalone version of a component, that can be found on the general Google Search app. But is it at all shocking that people are looking for convenience? After all, less clutter means an easier time getting to the content you are looking for, and that is always a win. 

But what does all of this mean for you? It means that if you are looking to start your journey through the wonderful world of podcasts, the Podcasts app by Google is a great choice, precisely because it is clean and easy to use. And for the time being, it’s here to stay.


[ad_2]
Source link

Latitude Financial data breach affects 14 million

andreasc
-
0
Latitude Financial data breach affects 14 million
[ad_1]

Australian financial services company, Latitude Financial, has suffered a large-scale data break that exposed the personal information for more than 14 million customers.

The breach was initially discovered on March 16, but was originally thought to have affected a fraction of the customers actually impacted by the cyber attack.

How did the Latitude Financial data breach happen?

The data breach was initially reported by Latitude Financial on March 16, after unusual activity was detected on the company’s systems. The company said that the activity appeared to be a “sophisticated and malicious” attack originating from a vendor used by Latitude Financial.

During the breach of its network, the malicious actor was able to steal employee login credentials which they then used to steal personal customer information from two service providers.

Initial reports by Latitude Financial stated that the malicious actor had stolen the information of 328,000 customers, with the majority of these records being customer’s driver’s licenses.

In an update on the attack on March 20, Latitude Financial confirmed that copies of passports, passport numbers and Medicare numbers were all stolen in the breach. 

It was later discovered, however, that the data breach was more extensive than Latitude Financial believed it to be. On March 22, Latitude Financial reported that the network breach had led to a “large-scale information theft affecting customers (past and present) and applicants across Australia and New Zealand”. The company stressed that no further data had been stolen from its systems since March 16, but noted that the scale of the breach was far larger than previously believed. 

On March 27, Latitude Financial revealed that more than 14 million customers were affected in the breach.

The company posted in a statement about the breach that the data stolen included:

  • 7.9 million Australian and New Zealand driver license numbers.
  • Approximately 53,000 passport numbers.
  • 100 monthly financial statements.
  • 6.1 million records dating back to at least 2005.
  • The records stolen also included customer names, dates of birth, addresses and telephone numbers.

Latitude Financial said that it would be directly contacting all those affected by the breach. It also said it would reimburse all customers who chose to replace ID documents that were stolen in the attack.

The cyber attack was reported to and is being investigated by the Australian Federal Police (AFP), which has extended the taskforce originally formed to help victims of the Optus and Medibank data breaches to include those affected by the Latitude Financial cyber attack. The company also engaged help of Australian Cyber Security Centre and other relevant Government agencies as well as external cyber security experts.

Class action lawsuit launched against Latitude Financial

The financial services company may also face a class action lawsuit related to the breach. On March 27, two Australian law firms, Gordon Legal and Hayden Stephens and Associates, announced that they would be launching an investigation into potential legal action against Latitude Financial.

In a joint statement, the two law firms said that they would be investigating Latitude Financials’ cyber security protections and protocols, including whether the company took appropriate steps to protect and secure its customers’ data in addition to the circumstances surrounding the breach itself.  

A full timeline of the attack

  • March 16 – suspicious activity is detected on Latitude Financials’ systems. Latitude Financial states that 328,000 records were stolen during the breach, including driver’s license numbers.
  • March 20 – Latitude Financial confirms copies of passports or passport numbers and Medicare numbers were stolen in the breach.
  • March 22 – Latitude Financial shares that the breach was far larger than originally reported.
  • March 27 – It is revealed that 14 million people were affected by the breach.
  • March 27 – Gordon Legal and Hayden Stephens and Associates announces that they will be investigating potential legal action relating to the data breach. 

[ad_2]
Source link

Android 14 feature to prevent your PIN from ending up in the wrong hands

andreasc
-
0
Android 14 feature to prevent your PIN from ending up in the wrong hands
[ad_1]

Google has just rolled out the second beta for Android 13 QPR3, slated to release in June. While the update might not bring a slew of new features and enhancements, it will focus on fixing bugs and improving stability. However, some features will still enhance the overall user experience. According to XDA Developers, Android 13 QPR3 Beta 2 comes with a feature dubbed enhanced PIN privacy. Most of these features will also be making their way to devices from other OEMs with the next major release, Android 14.

Preventing your PIN from ending in the hands of people with nefarious intentions

The report suggests the new “enhanced PIN privacy” feature is present under Settings > Security & privacy > Device lock. The toggle will disable animations when you enter the PIN. With this modification, the Android lock won’t show any obvious visual clues for the keypad inputs, thwarting shoulder surfers from taking a peek into your PIN.

Shoulder surfing is among the most common social engineering attacks to gain access to a person’s phone. As per a Wall Street Journal report, shoulders surfers are capable of gaining full access to a person’s Google or Apple account just by observing their phone’s PIN. This is particularly easy to pull off on people who tend to enter their PINs in public places. With the upcoming feature, Google aims to increase the difficulty of their attempts to get hold of a person’s PIN and Google Account.

More lock screen improvements coming to Android 14

Android 14 will not only introduce enhanced PIN privacy but also bring along a new lock screen-related enhancement called “auto-confirm correct PIN.” This feature will enable you to bypass tapping the “Enter” button to unlock the device.

Unlike the new enhanced PIN security feature found in Android 13 QPR3 Beta 2, this feature is yet to make its way to the users. The feature is believed to debut in the next Android 14 preview release, which is expected to be rolled out in April as Android 14 Beta 1.

Besides, Android 14 is also expected to introduce some handy features, such as Flash notifications. The feature is said to replace a notification LED light. If you choose the ‘Screen flash notifications,’ your phone’s screen will flash briefly in your selected color. There are 12 colors that you can choose from. While LED flash notifications aren’t new, screen flash notifications could make for a more engaging user experience. Fused with more granular settings, such as allowing different colors for different apps, it can be a pretty useful feature.


[ad_2]
Source link

7 Google Calendar hacks you should try

andreasc
-
0
7 Google Calendar hacks you should try
[ad_1]

Google Calendar is one of the most popular Google apps today, with over 500 million users globally. It’s simple to use and versatile, with a wide range of features and add-ons that make it an essential tool for anyone who needs to manage their working hours effectively.

Some of the convenient options include CRM syncing, setting working hours, world clock, Gmail integration, and a color-coded view. . But even if you’re already familiar with all the basics, there are plenty of hidden Google Calendar tips and tricks that can make your life much easier.

What is Google Calendar?

Google Calendar is a web-based application. It became available on April 13, 2006, and is currently in its third generation. Google account users can access the calendar on web browsers, such as Chrome, Safari, Opera, Firefox, and Brave. You can also access it through a mobile app for Android and iOS.

The Google Calendar app enables its users to create and edit events. Events can be either single or recurring, with options for specifying a date, time, and duration—perfect for time management. This app supports multiple schedules, and users can share information with others in the Google workspace, including new calendars and events.

7 Google Calendar Tips and Tricks for 2022

Here are seven of our favorite Google calendar hacks for 2022:

1. Make a video link for a meeting

One of the most convenient features of this calendar is Google Meet​. It’s a conferencing facility that allows you to video call with one or more other Google account users.

It works on the same principle as having Zoom meetings but with the added advantage of integration with other Google apps. This can be a great way to save time and money, and it’s perfect for those times when you need to discuss something face-to-face but can’t meet in person.

To join a scheduled video call, click “My Calendars” from within the Google workspace and select the meeting you want to join. Click the video call button in the top right corner, and you’ll be connected instantly.

If you’re not yet familiar with video calling, it’s worth taking a few minutes to test it before your next meeting. You may find that it’s even more accommodating than a traditional meeting in person.

With Google Meet, you can schedule a call with your business partner for crucial meetings. If you want an appointment with your accountant to discuss personal loans, you can use this feature.

2. Include a second time zone

If you often have to work with people in other time zones, Google Calendar’s world clock feature is an excellent tool for helping you keep track of what time it is where. You can easily include another time zone in your calendar, showing you the time in that time zone next to the time in your local time zone.

To add another time zone, open up Google Calendar and click on the “Settings” link at the top right of the page. Then select the “Time Zones” tab and click the “Add Time Zone” button. From there, you can choose the time zone you want to include.

The time zone option offers a great way to stay organized and avoid confusion about the time for your meeting attendees.

3. Set up notifications

One of our best Google Calendar tips to maintain an organized system and keep on top of your schedule is to set up notifications for important events. The calendar can send you prior notice of upcoming events by email in your Gmail, SMS or text message, or even pop-up warnings on your Android or Apple iPhone screen.

To set up notifications, open up Google Calendar, click the drop-down menu, click on the gear icon at the top of the page, then choose “Settings.” Select the “Notifications” tab and give all the necessary permissions for the type of events for which you wish to be notified. You can also specify how often you wish to receive them and whether you want to receive them for individual events or all events on your daily agenda.

Setting up event notifications can help ensure you never miss an important event again, even if you’re offline.

4. Use shortcuts on the keyboard

If you want to save time when using Google Calendar, keyboard shortcuts can be the key to your efficiency. Several keyboard shortcuts can help you create events and navigate your existing event details quickly and easily.

Here are a few of our favorites:

  • C – create new calendar events
  • N – create a new task
  • O – open an event or task
  • E – edit an event or task
  • / – search for an event or task

These shortcuts can significantly speed up your workflow and save time when managing your calendar. Google’s functionality also means you can integrate these settings with Slack, as well as Google Docs and Google Drive to streamline your work processes.

Remember to enable keyboard shortcuts by selecting them in “Settings” under the gear icon at the top of the Calendar page.

5. Create events that are private

One of the features making Google Calendar particularly convenient is that it’s public. That means anyone can view your calendar and see your scheduled events.

Of course, there may be times when you want to keep an event private. For example, you may plan a surprise party for a friend. In that case, you can permit access only to specific people.

In the Google Calendar settings, you can create private events that are not visible to the public. Select “Event” from the “Create” drop-down menu to create a private event. Then select the “Private Event” option and enter the details in the event settings.

6. Insert a Location

Location gps image 8934839348834

When creating an event, you can include the location where it will take place. That gives you a quick and easy way to let the participants know where to go and what to expect.

To include a location, open up the Google Calendar app and click on the “New Event” button. Then enter the details of your event, including the location. You can enter the address manually or use the handy Google Maps integration to find the address.

7. Choose Different Calendar View Options

One of the great things about Google Calendar is that you can view your calendar in various ways. This allows you to tailor the calendar to fit your needs and make it easy to keep your to-do list organized.

Here are a few of the different view options available in Google Calendar.

  • Month view: Shows all of the events for the month in a calendar format.
  • Agenda view: Shows the day’s events in a list format.
  • Day view: Shows all of the events for the day in a calendar format.
  • Week view: A workweek view showing the week’s events in a calendar format.
  • Year view: Shows the year’s events in a calendar format.

Each of these views has its own advantages and can be helpful in different situations. For example, if you want to glance at your upcoming schedule quickly, the month view is an excellent option to see the date range. A day view is helpful if you want to see all the details of your upcoming events.

Your different views will be easy to access under “My Calendars.”

Organize Your Life With the Reliable Google Calendar App

Our tips and tricks for Google Calendar show that this app is versatile and reliable in helping you organize your life. With its many view options, you can tailor it to fit your needs and make it easy to stay in control of your schedule, whether your events are private or visible to the public.

You can also provide your attendees with an easy location reference, so you never need to send out separate notifications again. Overall, Google Calendar is an excellent tool to help you stay on top of your schedule.


[ad_2]
Source link

Spotify is revamping user profiles to fit in with social media

andreasc
-
0
Spotify is revamping user profiles to fit in with social media
[ad_1]

Spotify is one of the most popular streaming platforms around. Sure, offering both a free and premium plan helps boost that stat, but the continuous improvement over the app’s features shouldn’t be ignored at all.

In a somewhat major move, Spotify recently had its feeds redesigned. The update hasn’t reached everyone yet, but from what we’ve seen and what users have reported online, it is pretty obvious that this change is inspired by TikTok.

And this entire “taking a page out of social media platforms’ book” thing seems to be turning into a trend with Spotify, as a user on Twitter noticed that their profile section has been revamped too. And would you look at that? It looks like a social media profile now.

One has to wonder though, what could Spotify possibly do to make user profiles on a streaming platform more interesting? After all, users are already utilizing the service to stalk each other, so it was seemingly pretty alright to begin with. The new profiles seem to have a card-esque design, which brings out the user’s avatar as a focus. New user-related details such as the currently active subscription plan and a general location have been added next to what was already there.

Additionally, a new feature seems to be present, which allows users to set a “vibe”, which equates to a status on numerous other platforms, including popular texting solutions such as WhatsApp.

Another fresh addition is a circular progress bar, which fills up as users like songs. This is an indication of how much Spotify has understood their taste in music. What purpose said indicator may serve beyond that, however, we still don’t know.

As of now, a limited number of users online seem to have access to their redesigned user profiles. Spotify hasn’t shared any specific release dates or plans for future features related to the redesign, so make sure to periodically check your profile for an update.


[ad_2]
Source link

Microsoft Rolls Out Security Copilot For Swift Incident Response – Latest Hacking News

andreasc
-
0
Microsoft Rolls Out Security Copilot For Swift Incident Response – Latest Hacking News
[ad_1]

The Redmond-based tech giant goes a step ahead in the AI race by utilizing AI’s power for cybersecurity. Specifically, Microsoft now rolls out “Security Copilot” to help the cybersecurity community with fast incidence response.

Microsoft Security Copilot For Incident Response

As more and more firms keep jumping on the AI bandwagon, Microsoft has made it to the news for an innovative announcement.

According to its recent post, Microsoft has now rolled out a robust AI tool – the “Security Copilot” for swift incident response.

Copilot is a dedicated AI tool from Microsoft that leverages OpenAI’s contemporary GPT-4 technology. The tech giant recently rolled out Copilot for its Office 365 tools to facilitate users in creating documents, spreadsheets, presentations, and more.

And now, Microsoft is extending its tool’s capabilities to help the cybersecurity community. The Security Copilot AI will facilitate defenders for fast response to threats and security incidents.

According to Vasu Jakkal, Corporate Vice President, Microsoft Security, Security Copilot is the first such AI initiative for cybersecurity defenders.

Describing its role, Microsoft’s post reads,

Security Copilot will simplify complexity and amplify the capabilities of security teams by summarizing and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity.
It will also help security teams catch what others miss by correlating and summarizing data on attacks, prioritizing incidents and recommending the best course of action to swiftly remediate diverse threats, in time

In a separate blog post, Vasu Jakkal also elaborated on Security Copilot’s specific features, which include,

  • Enabling security teams to devise prompt responses by summarizing events for accelerated investigation.
  • Ensuring thorough threat detection, including those which often stay under the radar, by utilizing Microsoft’s threat intelligence.
  • Enhancing human defenders’ productivity by enabling them to perform more tasks in less time.

Besides performance, Security Copilot will also continue to improve its functionalities by learning the latest attack patterns, tactics, threats, and procedures. The tool also leverages Microsoft’s threat analysis footprint to ensure the utmost defensive responses.

Security Copilot is now available in private preview, inviting users to subscribe for updates. Microsoft hasn’t precisely shared any timelines for its public rollout yet.

Let us know your thoughts in the comments.


[ad_2]
Source link

The Latest Malware Targeting Linux Servers

andreasc
-
0
The Latest Malware Targeting Linux Servers
[ad_1]

The malware may be linked to another state-sponsored APT group called Earth Berberoka (or GamblingPuppet), which mainly targets gambling websites in China.

ExaTrack, a France-based cybersecurity firm, has discovered a “novel” malware, which they have named Mélofée. According to the researchers, this malware is specifically targeting Linux servers and is believed to be operated by an unidentified Chinese state-backed APT group.

The researchers have linked this malware to the notorious Winnti group with high confidence. “We linked with high confidence this malware to Chinese state-sponsored APT groups, in particular the notorious Winnti group,” researchers said in a blog post.

According to THN’s report, the malware has also been linked to another state-sponsored APT group called Earth Berberoka (or GamblingPuppet), which mainly targets gambling websites in China and has been active since 2020. The group uses multi-platform malware such as Pupy RAT and HelloBot.

The malware’s capabilities include a kernel-mode rootkit, which is based on an open-source project called Reptile. The rootkit has limited features, as it mainly installs a hook designed to keep itself hidden.

The implant and the rootkit are both designed to be deployed via shell commands, which later download the installer and a custom binary package extracted from a remote server. This binary package extracts the rootkit and a server implant module, which is currently under active development.

The malware is capable of establishing a connection to a remote server and receiving commands to carry out different operations, launch a shell, create sockets, and execute arbitrary commands.

The researchers discovered three samples of the malware, all of which shared a common code base, but had consistent development in specific domains, such as communication protocol evolution and packet format.

Two samples the company examined included a version number identified as 20220111, 20220308, whereas the last sample was dated somewhere between April and May 2022

The Mélofée implant family is another tool in the arsenal of Chinese state-sponsored attackers, which show constant innovation and development.

Exatrack
  1. Chinese Hackers Hit Group-IB Cybersecurity Firm
  2. Backdoor into FortiOS: Chinese Hackers Utilize 0-Day
  3. Google Suspends Chinese Shopping App Over Malware
  4. Chinese hackers use FoundCore RAT to spy on Vietnam
  5. Chinese Sharp Panda gang drops SoulSearcher malware

[ad_2]
Source link
1...1,3471,3481,349...1,471Page 1,348 of 1,471