Cyber Bites

Earlier today, a so-called “clicker” malware designed to facilitate ad fraud has been found on 16 mobile apps in the Google Play store, according to McAfee. Once notified by the security vendor, Google has removed the offending apps, which are estimated to have garnered as many as 20 million downloads. Having been detected as Android/Clicker, the malware was inserted into legitimate-looking utility apps such as flashlights, QR readers, cameras, unit converters and task managers. “Once...

It was reported earlier today, the U.S. cybersecurity and intelligence agencies published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said. The alert was published Friday by the Federal Bureau of Investigation...

Today, Europol celebrated the capture of a “high-value target” this week after the arrest in Tenerife of a suspected prolific fraudster, said to have conned scores of investors. It appears that the 50-year-old Croatian man is believed to have run a large-scale investment fraud operation which managed to extract at least €5m ($4.9m) from victims. Thus far, 70 German investors have been identified, Europol claimed. In addition to his arrest, 37 property searches were carried...

Earlier today. a ransomware group which unusually targets Russian organizations has upped its efforts this year, demanding larger ransoms from its victims and developing new malware for Linux, according to Group-IB. Yesterday, the security vendor released what it claimed was the first comprehensive report on the group known as “OldGremlin,” which was first spotted in 2020. “That year, the gang carried out dozens of campaigns, with emails purporting to be from micro-finance companies, a metals and...

Earlier today, experts have uncovered 88,000 malicious open source packages so far this year, a triple-digit increase on the same figure in 2019 and indicative of a fast-growing corporate attack surface. Sonatype’s eighth annual State of the Software Supply Chain report, which was compiled from public and proprietary data analysis, has revealed the figures including 131 billion Maven Central downloads and thousands of open source projects. Notably, it details the growing risk to corporate systems from both...

Earlier today, prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers, according to a new report. According to Group-IB’s study, Deadbolt ransomware: nothing but NASty, is based on its analysis of a sample of the malware, which first appeared at the start of the year. In addition, an ongoing campaign, has targeted NAS devices from Taiwanese vendor QNAP belonging to SMBs, schools, individual home users...

Earlier today, Interpol released details of a new operation designed to target notorious West African criminal gang Black Axe, which led to 75 arrests. It's been reported that operation Jackal saw the policing organization coordinate forces in 14 countries across four continents, in a bid to put pressure on one of the world’s most prolific financial crime syndicates. As a result, one “action week” at the end of September led to dozens of arrests and...

Today it has been reported that a local government authority in London was forced to spend over £12m ($11.7m) in a single financial year to help it recover from a devastating ransomware attack, according to a local report. It appears that the October 2020 attack, traced to the Pysa/Mespinoza variant, resulted in sensitive data of local residents and council staff being published on the group’s leak site several months later. As a result, around two years after...

A recent analysis shows that Magniber ransomware has been targeting home users by masquerading as software updates. Reports have shown a ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims. In previous news, Magniber was primarily spread through MSI and EXE files, but in September 2022 HP Wolf Security began seeing campaigns distributing the ransomware in JavaScript files....

Yesterday, after 32 years, Microsoft has begun to kill off the Microsoft Office brand, with plans to rebrand its Office.com and Office cloud-based apps to Microsoft 365 in the near future. It all began in 1990 when Microsoft was first released, bundling its popular Word, Excel, and PowerPoint applications under a one-time purchase productivity suite. Later versions introduced additional programs, such as Outlook, Access, and OneNote. Back in 2017, Microsoft started offering Office applications under...