AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/24/2022

Android app downloaded 100,000 times from Google Play Store contained password-stealing malware, say security researchers

Google has removed an app with over 1000,000 downloads from its Play Store after security researchers warned that the app was able to harvest the Facebook credentials of smartphone users. Researchers at French mobile security firm Pradeo said the app embeds Android trojan malware known as “Facestealer” because it dupes victims into typing in their Facebook credentials to a web page that transmits the credentials to the attacker’s server, which happens to be a domain that was registered in Russia. If a user adds their credentials, the makers of the Android app then have full access to victims’ Facebook accounts, including any linked payment information, such as credit card details, as well as users’ conversations and searches, according to Pradeo. 


‘Secrets Sprawl’ Haunts Software Supply Chain Security

A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of valuable corporate secrets — API keys, usernames and passwords, and security certificates — publicly exposed in corporate repositories. The compromise of leaked secrets has been at the center of multiple supply-chain security compromises but, according to new data from GitGuardian, secrets sprawl exists everywhere and is growing at alarming rates. In a new report documenting its work looking for leaked corporate secrets, GitGuardian found that a typical company with 400 developers would discover about 1,050 unique secrets leaking throughout its repositories and commits. Even worse, at current security-to-developer staffing levels, the company argues “there’s simply no way to manage the explosion of digital authentication credentials left exposed in modern code.”


Apple’s digital ID is finally here, and so are the privacy concerns

Apple just took another step on its one device quest. The tech giant announced Wednesday that, starting immediately, iPhone owners in Arizona will be able to add their government-issued IDs or driver’s licenses to their Apple Wallets and use the digital copies in lieu of a physical one with TSA officials at Phoenix Sky Harbor International Airport. Arizona is just the first state of many that Apple said it has queued up for its digital IDs — a promise that brings with it its own set of potential privacy concerns. “We’re thrilled to bring the first driver’s license and state ID in Wallet to Arizona today, and provide Arizonans with an easy, secure, and private way to present their ID when traveling, through just a tap of their iPhone or Apple Watch,” Jennifer Bailey, Apple’s vice president of Apple Pay and Apple Wallet, is quoted as saying in the press release. “We look forward to working with many more states and the TSA to bring IDs in Wallet to users across the US.”


Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the “highly constrained” compromise. “On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer’ Okta account [from a new location],” Okta’s Chief Security Officer, David Bradbury, said in a statement. “This factor was a password.”


FBI adds Russian cybercrime market owner to most wanted list

A Russian national has been indicted by the US DOJ and added to the FBI’s Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information. The indictment claims that Dekhtyarchuk launched the marketplace in May 2017 and began promoting it on Russian hacking forums starting with  April 2018. “Dekhtyarchuk began advertising the sale of compromised account data in Russian-language hacker forums in April 2018 and opened Marketplace A in May 2018. Dekhtyarchuk immediately began advertising Marketplace A and the products it sold in May 2018,” reads the DOJ indictment.

Related Posts