Tag Archive for: Laced

Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware

/in


A United States Immigration and Customs Enforcement database WIRED obtained through a Freedom of Information Act request shows that the agency has been leaning on a certain type of administrative subpoena to collect data from elementary schools, abortion clinics, and other vulnerable populations. And new details about a recent supply chain attack against the VoIP software 3CX indicate that attackers—likely hackers working for the North Korean government—were targeting cryptocurrency companies in the broad assault.

We also looked at this week’s move by Italy’s data regulator, Garante per la Protezione dei Dati Personali, to temporarily stop OpenAI from incorporating Italians’ personal information into training data. In response, the company has currently stopped people in Italy from accessing its generative AI platform, ChatGPT. Meanwhile, we explored the dangerous missing security defense in the US agriculture sector and the nation’s food supply chain, and we went deep on the saga of a small US gadget blog that found troubling flaws in foreign security cameras and took on the Chinese surveillance industry to get them fixed.

In virtual private network news, the open source VPN Amnezia has been allowing users in Russia to stay one step ahead of the Kremlin’s inveterate censorship and digital control. And the Tor Project collaborated with the open source VPN maker Mullvad to create a new privacy-focused browser that incorporates the VPN of your choosing.

Plus, there’s more. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The Chinese ecommerce giant Pinduoduo has more than 750 million customers a month and sells a vast array of products and groceries. But cybersecurity researchers who analyzed the company’s Android app found that it is laced with invasive malware that exploits Android vulnerabilities to take control of users’ devices—gaining access to data from other apps, changing system settings, and monitoring people’s digital activity in a number of ways. 

Current and former Pinduoduo employees told CNN that the company has a specific initiative to discover…

Source…

LinkedIn Job Offers May Actually Be Laced With Malware

/in


Illustration for article titled A New Phishing Campaign Sends Malware-Laced Job Offers Through LinkedIn

Photo: Carl Court (Getty Images)

With unemployment at formidable levels and the economy doing weird, covid-related reversals, I think we can all agree that the job hunt is a pretty hard slog right now. Amidst all that, you know what workers really don’t need? A LinkedIn inbox full of malware. Yeah, they don’t need that at all.

Nevertheless, that is apparently what some may be getting, thanks to one group of cyber-assholes.

Security firm eSentire recently published a report detailing how hackers connected to a group dubbed “Golden Chickens” (I’m not sure who came up with that one) have been waging a malicious campaign that preys on job-seekers’ desire for the perfect position.

These campaigns involve tricking unsuspecting business professionals into clicking on job offers that are titled the same thing as their current position. A message, slid into a victim’s DMs, baits them with an “offer” that is really rigged with a spring-loaded .zip file. Inside that .zip is a fileless malware called “more_eggs” that can help hijack a targeted device. Researchers break down how the attack works:

…If the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.

G/O Media may get a commission

Whoever they are, the “Chickens” probably aren’t conducting these attacks themselves. Instead, they are pedaling what would be classified Malware-as-a-service (MaaS)—which means that other cybercriminals purchase the malware from them in order to conduct their own hacking campaigns. The report notes that it is unclear who exactly is behind the recent campaign.

A backdoor trojan like “more_eggs” is basically a program that allows other, more destructive kinds of malware to be loaded into the system of a device or computer. Once a criminal has used the trojan to gain a toehold into a victim’s system, they can then deploy other stuff like ransomware, banking malware, or credential…

Source…