AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/28/2022

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices

Nearly 500 malicious apps lurking on the Google Play Store have successfully installed Dark Herring malware — a cash-stealer intended to add sneaky charges onto mobile carrier bills — on more than 100 million Android devices across the globe. That’s quite a school of fish. Dark Herring malware was discovered by a research team with Zimperium, who estimate the amount the campaign has been able to steal totals in the hundreds of millions, in increments of $15 a month per victim. Google has since removed all 470 malicious applications from the Play Store, and the firm said the scam services are down, but any user with one of the apps already installed could still be actively victimized down the road. The apps are still available in third-party app stores too.


North Korean Hackers Using Windows Update Service to Infect PCs with Malware

The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North Korea-based nation-state hacking group that’s been active since at least 2009. Last year, the threat actor was linked to an elaborate social engineering campaign targeting security researchers.


Big Mother is watching: What parents REALLY think about tracking their kids

Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy (protections good, invasions bad), but we rarely see a faithful, factual accounting for the biggest data privacy conundrum facing billions of people every single day: Should parents invade the data privacy of their children and digitally track their activity in order to provide them with a little more safety? On Data Privacy Day this year, we decided to investigate the issue ourselves, and we found that, for the majority of parents we asked, the answer was a simple “Yes.” But there’s some nuance here, as parents revealed that their invasions of data privacy against their children typically happened when their children began to face new threats, whether online or in the real world.


Use of AI to fight insurance fraud hits all-time high

Insurers’ use of predictive analytics to fight fraud has reached an all-time high, according to an insurance fraud technology study by the Coalition Against Insurance Fraud and SAS. The study reveals that 80% of insurers use predictive modeling to detect fraud, up from 55% in 2018. In a category new to the 2021 survey, the study also underscores the importance of identity verification software, cited by 40% of survey respondents. Identity analytics is quickly becoming must-have technology for insurers amid an alarming spike in malicious phishing scams, up 600% since the pandemic’s onset.


Facebook Messenger calls and chats are now encrypted, but not by default

After delaying it many times, Meta (formerly known as Facebook) has rolled out options feature of encrypted calls and chats on Messenger to everyone. It’s not like WhatsApp though wherein all the chats and calls are encrypted by default. Messenger chats and calls are still not encrypted by default. However, the company has now added the option in Messenger settings to enable end-to-end encrypted chats and calls. Meta has discussed switching on end-to-end encryption by default, but it is feared that it won’t come before 2023. For now, you can opt-in to the secure chats via two methods: the original 2016 Secret Conversations method or by swiping up to enter ‘vanish mode’ in which messages automatically disappear when the window is closed, much like Snapchat.


TrickBot Malware Delivered as Invoices

During the covid pandemic, many users have been getting invoices sent via email to process for payment. Some of these are business to business, business to individuals, or vice versa. With the supply chain delays, receiving a notification that a delivery attempt was missed can lead to frustration and entice the recipient to open the invoice link to further investigate. Threat actors have taken advantage of this and, with a recent TrickBot campaign analyzed by the Cofense Phishing Defense Center (PDC), they are imitating delivery services such as U.S. Postal Service.

Related Posts