Security News

Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. APT-C-23 is known to utilize both Windows and Android components, and has previously targeted victims in the Middle East with apps in order to compromise Android smartphones.

Human rights organization Amnesty International has identified new macOS and Linux-targeting variants of the infamous FinFisher-made spyware family FinSpy. While diving deeper into the use of FinSpy by a hacking group dubbed NilePhish, which is believed to be state sponsored, Amnesty International discovered previously unknown samples targeting Linux and macOS, along with an infrastructure to distribute the Windows variant of the spyware disguised as an Adobe Flash Player installer.

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. According to the human rights organization Amnesty International, the newly discovered campaign is not linked to 'NilePhish,' a hacking group known for attacking Egyptian NGOs in a series of attacks, involving an older version of FinSpy, phishing technique, and malicious Flash Player downloads.

Researchers have discovered a new Android spyware campaign pushing a "Pro" version of the TikTok app that is exploiting fears among its young and gullible users that the popular social media app is on the cusp of being banned in the United States. The rogue app called TikTok Pro is being promoted by threat actors using a variant of a campaign already making the rounds, which urges users via SMS and WhatsApp messages to download the latest version of TikTok from a specific web address, said Zscaler senior security researcher Shivang Desai, in a report published Tuesday.

Google has deleted six apps from its Google Play marketplace that were infecting users with the Joker malware. As of Wednesday, Google confirmed with Threatpost that all infected applications have been removed from Google Play, but researchers said that they are still installed on the devices of their users, and urged users to immediately delete the apps.

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via Xcode developer projects, researchers noted; the cybercriminals behind the campaign are injecting the malware into them, according to Trend Micro.

Since COVID-19 cast its pall in March, the Agent Tesla remote-access trojan has exploited the pandemic and added a raft of functionality that has helped it dominate the enterprise threat scene. Though Agent Tesla first made a splash six years ago, it hasn't lost any momentum - in fact, it is featured in more attacks in the first half of 2020 compared to the infamous TrickBot or Emotet malware, according to SentinelOne's SentinelLabs.

DEF CON In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology. Technical details have been withheld from the public to give gadget makers time to implement and roll out Qualcomm's fixes, which will take time.

A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. Finally, the sixth item is the Linux XOR DDoS botnet, which is the largest known Linux botnet, first coming to notice in 2015.

Hebeisen walks listeners through what these new tools are and how they were used in a seven-year long surveillanceware campaign against the Uyghur ethnic minority group. The campaign really started to take shape in our view of all of this in late 2019, when we were looking into the SilkBean family in particular, when we started looking deep into the infrastructure involved in SilkBean, we found many connections to the other malware families involved in this and this whole web of interconnections started to unravel.