May 02 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that doesn’t know whether it’s more fed up with cybercrime or hearing about #partygate 😩
Today’s hottest cyber security stories:
Did you hear about Google’s recent security update? Apparently, their new and improved app review processes were so good that they managed to block a whopping 1.43 million bad apps from being published on the Play Store in 2022. Those aren’t rookie numbers.
Although the fact that they blocked that many does illustrate the scale and relentlessness (no red squiggly line means relentlessness apparently is a word 👍).
And that’s not all, folks. Google also banned 173,000 bad accounts and stopped over $2 billion in fraudulent and abusive transactions. Looks like those cybercriminals will have to find a new way to make a quick buck.
Fair play to the tech giant because you know these impressive results didn’t just fall in Google’s lap. They’ve been putting the work in, baby.
Specifically, they added some identity verification methods like phone numbers and email addresses to the mix, and it really paid off. They were able to cut down on accounts used to publish apps that go against their policies. You go, Google!
And if you thought that was impressive, wait until you hear this. Google prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years. That’s like Superman-level stuff right there.
Google said: “In 2022, the App Security Improvements program helped developers fix ~500K security weaknesses affecting ~300K apps with a combined install base of approximately 250B instals.”
Of course, there’s always that one (or in this case 38!) bad apple trying to spoil the bunch (bunch of apples? 🤔).
Despite Google’s best efforts, those slippery cybercriminals are still finding ways to sneak in and publish their malicious and adware apps.
Just ask McAfee’s Mobile Research Team, who recently discovered 38 games pretending to be Minecraft and managed to fool 35 million users worldwide. Damn, son.
But yeah, overall, a positive story. Always good to see the big players (Google, Microsoft, etc.) leading the way when it comes to fighting cybercrime. We’ll take this as a win.
Today we have the pleasure of presenting you with another fun, new cybersecurity (cybercrime, technically) term which is ‘malverposting’. Don’t you just love cybersecurity? We certainly enjoy covering it!
If you’re wondering what malverposting is (how can you not be?!), let me break it down for you. It’s basically when these cyber crooks use social media platforms like Facebook and Twitter to spread their malicious software far and wide.
And how do they do it, you may ask? By paying for ads to “boost” their posts and get them in front of as many unsuspecting victims as possible. Genius, right? Evil genius.
So, now that we’ve defined the term, the question becomes who or what malevolent menace is malverposting these malicious malware-infused malverposts? Tell us you didn’t love that sentence 😂
Well, in this case, we have ourselves a venomous Vietnamese threat actor on the loose! This sneaky devil has been causing chaos with a malverposting campaign that has infected over half a million devices worldwide in the last three months alone.
And what’s their weapon of choice, you ask? None other than good ol’ information stealers like the now infamous S1deload Stealer SYS01stealer. Catchy names, huh?
Anway, according to Guardio Labs, these attacks start with the bad actors creating new business profiles and taking over popular accounts to serve up ads that offer free adult-rated photo album downloads.
Don’t click with you d*ck, fellas!
But, surprise, surprise, when you click on those enticing links, you end up downloading executable files that infect your device with stealer malware. Targeting men on the internet’s penchant for scantily-clad women is a tried and tested method and one we’re seeing more and more in cybercrime.
The scary thing is that this vicious cycle of hijacked accounts and sponsored posts just keeps on growing, creating an ever-expanding army of Facebook bots that push even more malicious ads.
And to make matters worse, the Vietnamese villain has been passing off their dodgy business profiles as photographer accounts to avoid getting caught by Facebook. Crafty, huh?
So, if you’re in Australia, Canada, India, the U.K., or the U.S., you might want to keep an eye out for any suspicious-looking photo album downloads.
Remember guys, don’t click with your dick 😉
Apparently, some servers running software sold by Salesforce are leaking sensitive data managed by government agencies, banks, and other organisations.
According to a post published by KrebsOnSecurity, at least five separate sites run by the state of Vermont were leaking sensitive data to anyone who cared to look.
Even the state’s Pandemic Unemployment Assistance program was affected. They exposed applicants’:
And there’s more! Huntington Bank, based in Columbus, Ohio, was also affected. Apparently, they recently acquired TCF Bank, which used Salesforce Community to process commercial loans.
And you know what that means? Data fields galore! More names, addresses, Social Security numbers, titles, federal IDs, IP addresses, average monthly payrolls, and loan amounts.
Get your sh*t together, Salesforce!
So long and thanks for reading all the phish!