Week 28th Aug - 1st Sep 2023 (Week 35)

:tada: Welcome to this edition of ‘This Week in Cybersecurity’ where we delve into a common subject that affects us all: cybersecurity and privacy in the digital age. :tada:

:mag_right: This week’s edition explores a range of cybersecurity news, including a malware attack on Rust developers, the evolution of Android banking malware, tech giants unauthorised data transfer, and open-source malware modification. Join passbolt for the latest trends and developments in the digital realm. :closed_lock_with_key:

1. Hackers modify open source ‘SapphireStealer’ malware, leading to multiple variants

Hackers are modifying the open source code of SapphireStealer, a popular strain of malware, adding tools and functions that make it easier to steal data. Researchers at Cisco Talos say the malware is typically used to steal sensitive information, including corporate credentials, which are then resold to other threat actors for malicious espionage or ransomware operations. The researchers noted that the release of malware source code enables hackers to quickly adopt and develop new variants, leading to more information-stealing malware.

Date: Sep 1, 2023
Source: The Record
Author: Jonathan Greig
Tag: Malware, Cyber Risk/Cyber Threats

2. LogicMonitor customers hit by hackers, because of default passwords

Some customers of network security company LogicMonitor have suffered security breaches due to the use of default passwords. LogicMonitor has confirmed the security incident, blaming it on weak default passwords being assigned to customers until recently. While the company has taken steps to address the issue, a source stated that the company lost more than 400 systems due to ransomware attacks that exploited the weak default passwords. These incidents are a reminder to always use strong and unique passwords, and better yet, a password manager.

Date: Aug 31, 2023
Source: Tech Crunch
Author: Lorenzo Franceschi-Bicchierai
Tag: Password Security, Vulnerability

3. Your Fitbit is useless - unless you consent to unlawful data sharing

Privacy advocacy group Nyob has filed three complaints against Fitbit in Austria, the Netherlands, and Italy for forcing users to consent to unlawful data transfers outside the EU without the ability to withdraw their consent. Fitibit, which was acquired by Google in 2021, violates the privacy and security of highly personal data by requiring EU users to consent to data transfers to the USA and other countries with different data protections laws. Nyob states that Fitbit’s policy does not comply with the GDPR regulations, as it does not provide users with mandatory information or the right to withdraw consent for data transfer. Non-compliance with GDPR regulations can result in hefty fines.

Date: Aug 31, 2023
Source: NYOB
Author: nyob
Tag: Data Privacy, Data Protection

4. A fake Signal app was planted on Google Play by China-linked hackers

Researchers claim that a fake version of the private messaging app Signal has found its way onto Google Play and it appears to be linked to a Chinese spy operation called GREF. The fake app, called Signal Plus Messenger which works in the same way as the legitimate version, is used to spy on the real apps communications. It automatically connects a compromised device to the attacker’s Signal account, without the user noticing. This is the first documented case of “autolinking” spying. The same hacking group also created a malicious Telegram app that was used to target Uyghurs. The Google Play store has since removed the app, but Samsung and others have yet to take action.

Date: Aug 30, 2023
Source: Forbes
Author: Thomas Brewster
Tag: Spyware, Cyber Risk/Cyber Threats

5.New Android MMRat malware uses Protobuf protocol to steal your data

Trend Micro has discovered a new Android banking malware, MMRat, which utilises an unusual communication method, protobuf data serialisation, to effectively steal data from compromised devices. The malware is targeting users in Southeast Asia and is being distributed via websites that are disguised as official app stores. Once installed, MMRat abuses Android’s Accessibility Service feature, which gives it more permissions and allows it to perform a wide range of malicious acts on the infected devices, including back transfers. It collects data, exfiltrates the user’s contact list, performs keylogging, captures screen content, and records camera data. Android users are advised to be cautious when downloading apps.

Date: Aug 29, 2023
Source: Bleeping Computer
Author: Bill Toulas
Tag: Malware, Data breach

6. 10 million likely impacted by data breach at French unemployment agency

The French governmental unemployment agency, Pole Emploi, suffered a data breach affecting around 10 million people who had registered before February 2022. Pole Emploi has warned jobseekers to remain vigilant against fraudulent offers. They stressed that the cyberattack was on one of their service providers and not their system. Compromised data included names and social security numbers, but other personal information such as emails, phone numbers, passwords, and financial details were not affected. Cybersecurity firm Emsisoft attributed the attack to the May 2023 MOVEit hack, but later evidence proved otherwise.

Date: Aug 28, 2023
Source: Security Week
Author: Ionut Arghire
Tag: Data breach, Cyber Risk/Cyber Threats

7. Signs of malware attack targeting rust developers found on Crates.io

The Crates.io Rust package registry has been targeted by a malware attack aimed at developers. The attackers created fake packages with names similar to the popular packages with the goal of compromising developers who download them. Security firm, Phylum, noted that although the attack was detected early, the attackers still managed to add code to the compromised code and send it to the Telegram channel. The Rust Foundation and Github immediately removed the package and took action against the attacker. The motive was to steal sensitive information, highlighting the increasing risks especially for developers with access to SSH keys, production infrastructure and corporate IP.

Date: Aug 28, 2023
Source: Security Week
Author: Eduard Kovacs
Tag: Malware, Cyber Risk/Cyber Threats


Well, that’s the end of ‘This Week in Cybersecurity’ news roundup. Stay informed on the latest developments. Protect yourself from ever-evolving cyber threats by adopting proactive security measures and remaining vigilant when downloading any apps. :closed_lock_with_key:

:newspaper: Share news articles you come across in the ‘In the News’ category of the community forum to earn a community badge :name_badge:.

Every week we ask the community to choose the most interesting article(s) of the week to be featured in our monthly “This Month in Cybersecurity” video. :video_camera:

:white_check_mark: Vote below for the article(s) you’d like to see featured:

  • :one: SapphireStealer malware
  • :two: LogicMonitor hacked due to default passwords
  • :three: Fitbit data transferring
  • :four: Fake Signal app
  • :five: Android MMRat banking malware
  • :six: French unemployment agency data breach
  • :seven: Crates.io Rust malware attack
0 voters