A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active … [Read more...] about Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users
Users
Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields … [Read more...] about Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud
WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The feature, which will go live to all of its two billion users in the coming weeks, is expected to only … [Read more...] about WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud
How scammers swindle credentials out of Luno users
Since the advent of cryptocurrency, scammers of every stripe have sought to get rich from stealing virtual coins. With cybercriminals duping both buyers of mining equipment and cryptoinvestors, we spotlight a scam targeting users of the Luno cryptoexchange. About Luno The Luno cryptocurrency exchange has been in existence since 2013, and today it serves more than 5 million … [Read more...] about How scammers swindle credentials out of Luno users
Ban attacks on Instagram users
If you run a popular blog and promote your business through Instagram, an account ban simply isn’t in the plan. For responsible users, the idea of being banned for, say, displaying suicidal content or trying to impersonate someone else might seem like a bad dream or a cruel joke, but it’s quite real for victims of the new wave of so-called ban attacks. Here’s how these attacks … [Read more...] about Ban attacks on Instagram users
Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan
A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro … [Read more...] about Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan
Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein … [Read more...] about Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers
Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading … [Read more...] about Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers
Instagram Launches ‘Security Checkup’ to Help Users Recover Hacked Accounts
Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as … [Read more...] about Instagram Launches ‘Security Checkup’ to Help Users Recover Hacked Accounts
Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords
Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable … [Read more...] about Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords