FOCUS MODE
EXTRACT IOC
0Trash

Malloc Privacy Weekly

iocOne
Malloc Privacy Weekly
This week’s edition of Malloc Privacy Weekly highlights significant cybersecurity threats including the misuse of free VPN apps owned by Chinese companies, a new phishing-as-a-service platform called Lucid, and various malware threats targeting Android devices. The report emphasizes the need for users to be aware of privacy risks and consider enhanced protective measures when using technology. Affected: VPN apps, Android devices, personal data, mobile security, users worldwide

Keypoints :

  • Investigation reveals top free VPN apps linked to Chinese companies, compromising user data and national security.
  • New phishing-as-a-service platform, Lucid, targets worldwide users using iMessage and RCS with customized phishing messages.
  • Thousands of counterfeit Android devices found preloaded with Triada malware, affecting mainly Russian users.
  • New Android spyware complicates uninstallation by requiring a password, posing risks to user privacy.
  • TsarBot malware mimics over 750 finance apps to steal credentials through overlay and phishing techniques.
  • Privacy risks from a GPS tracking app for iOS due to a database leak exposing user information.
  • Rise in weaponized PDF attacks now accounts for 22% of malicious email attachments.
  • Google introduces E2EE for Gmail but it lacks true end-to-end protections.
  • Apple updates older OS versions to address active vulnerabilities.
  • Sweden’s Tax Authority faces lawsuit over selling citizens’ data to advertisers.
  • Swiss surveillance ordinance proposed revisions face criticism from privacy tech firms.
  • European Commission proposes enhancing Europol’s capabilities while targeting end-to-end encryption.

MITRE Techniques :

  • Phishing (T1566): Utilizing a phishing-as-a-service platform (Lucid) to send tailored phishing messages via secure messaging apps.
  • Malware Installation (T1203): Deployment of Triada malware on counterfeit Android devices at activation.
  • Credential Dumping (T1003): TsarBot malware employs phishing techniques to steal sensitive user credentials by mimicking trusted applications.
  • Data Breach (T1071): Privacy leaks from a misconfigured database expose users’ GPS and personal data.
  • Exploitation of Vulnerability (T1203): Attackers exploit weaknesses in PDF formats to deliver malicious payloads via email.

Indicator of Compromise :

  • [IP Address]
  • [Domain] qihoo360.com
  • [Domain] turbovpn.com
  • [Domain] vpnproxymaster.com
  • [Domain] thundervpn.com

Full Story: https://blog.mallocprivacy.com/malloc-privacy-weekly-df77e8036b87?source=rss——cybersecurity-5

Views: 0

Tags: PHISHING, SOCIAL ENGINEERING, SPAM, CREDENTIAL, SMS, LEARN, EXPLOIT, ZERO-DAY