Security News

Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31. "In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley revealed today.

Google is buying pre-eminent threat intel firm Mandiant for $5.4bn, the two companies announced this morning. "Cyber security is a mission, and we believe it's one of the most important of our generation. Google Cloud shares our mission-driven culture to bring security to every organization," said Kevin Mandia, CEO of Mandiant in a canned statement.

Google says Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military organizations, as well as individuals, in sweeping phishing campaigns and DDoS attacks. The Computer Emergency Response Team of Ukraine and Facebook previously warned of other phishing campaigns against Ukrainian officials and military personnel, also attributed Ghostwriter hackers.

Google is officially buying cybersecurity company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to happen later this year, adding to the latter's growing portfolio of security offerings such as BeyondCorp Enterprise, VirusTotal, and Chronicle.

The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. Where SharkBot stands apart is in its ability to carry out the unauthorized transactions via Automatic Transfer Systems, which stands in contrast to TeaBot, which requires a live operator to interact with the infected devices to conduct the malicious activities.

An Android banking trojan designed to steal credentials and SMS messages has been observed sneaking past Google Play Store protections to target users of more than 400 banking and financial apps from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming plus the abuse of Accessibility Services for remote interaction and key-logging," Cleafy researchers said in a report. Also known by the name Anatsa, TeaBot first emerged in May 2021, camouflaging its malicious functions by posing as seemingly innocuous PDF document and QR code scanner apps that are distributed via the official Google Play Store instead of third-party apps stores or via fraudulent websites.

SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities. SharkBot was discovered in Google Play by researchers at the NCC Group, who today published a detailed technical analysis of the malware.

Roskomnadzor, Russia's telecommunications watchdog, asked Google to stop advertising campaigns spreading misinformation about Russia's invasion of Ukraine on YouTube videos. "Roskomnadzor sent a letter to Google LLC with a demand to immediately stop disseminating false information of a political nature about the special operation of the Russian Armed Forces in Ukraine on the territory of Russia," the internet watchdog explained.

The TeaBot banking trojan - also known as "Anatsa" - has been spotted on the Google Play store, researchers from Cleafy have discovered. Hank Schless, senior manager of security solutions at Lookout, explained via email that attackers "Usually stick to utility apps like QR code scanners, flashlights, photo filters, or PDF scanners because these are apps that people download out of necessity and likely won't put as much time into looking at reviews that might impact their decision to download.".

The TeaBot banking trojan was spotted once again in Google Play Store where it posed as a QR code app and spread to more than 10,000 devices. The trojanized apps include the promised functionality, so user reviews on the Play Store are positive.