Trojan steals Facebook info, LastPass suffers another breach and Cuba ransomware warning
Android trojan steals Facebook credentials of over 300,000 users, LastPass experiences another breach and Cuba ransomware alert. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Android trojan infected 300,000 devices to steal Facebook details
An Android trojan called Schoolyard Bully has been masquerading as legit reading and education apps, attempting to steal users’ Facebook credentials. According to a new report, the trojan has infected at least 300,000 devices across 71 countries, with 37 apps associated with the campaign deployed via third-party app stores. Schoolyard Bully steals Facebook info by launching a legitimate Facebook login page in the app via WebView and using malicious JavaScript to derive the user’s inputs. Its goal is to spoof Facebook account ID, credentials (email and password), device RAM, device API, and device name.
2. LastPass suffers another security breach, exposing some customers’ information
Renowned password management provider LastPass revealed it faced a second security incident following a previous breach in August 2022. The digital break-in resulted in adversaries accessing some of its customer information. The company announced this after detecting unusual activity within a third-party cloud storage service, which both LastPass and its affiliate—GoTo—currently share. LastPass said it’s working to identify what data was accessed and has alerted law enforcement of the latest happening.
Hacked for the Holidays Toolkit
Kick off your organization's holiday celebrations with our free Hacked for the Holidays security awareness toolkit. The resources found in this toolkit cover topicabout:blanks like gift cards and charity scams to help keep your employees cyber-safe this season.
3. Over 100 organizations hit by Cuba ransomware: CISA, FBI
The FBI and CISA have issued a joint alert warning companies about the Cuba ransomware. Active since 2019, the ransomware has been used in attacks targeting firms in the healthcare, financial, IT, manufacturing and government sectors. Threat actors typically use it to compromise target networks through phishing, stolen credentials, and known software vulnerabilities, attempting to elevate privileges. The latest joint advisory revealed the Cuba ransomware gang has extorted $60 million from over 100 organizations and continues to expand its footprint.
4. Cybersecurity researchers take down DDoS botnet by accident
Security researchers at Akamai have accidentally crashed a cryptomining botnet utilized for DDoS attacks. Named KmsdBot, the botnet targets Linux and Windows devices with varying architectures and infects new systems using weak login credentials via SSH connections. Compromised systems were being used to launch distributed denial-of-service attacks and mine for cryptocurrency. However, the botnet didn’t have the capabilities to evade detection, which led to its demise after researchers unintentionally disabled its existing versions.
5. Hyundai app bugs allowed hackers to remotely unlock and start cars
Security researchers have found vulnerabilities in the mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis. Hackers exploiting these vulnerabilities can start, stop, lock and unlock people’s vehicles remotely. Additionally, they found that cars with the SiriusXM “smart vehicle” platform could be controlled through forged HTTP requests that enable hackers to derive vehicle information. Researchers verified if they could use such access to attack a car by trying to unlock a Hyundai vehicle. And in a moment, the car unlocked.
See Infosec IQ in action