August 04, 2023
340
0Cybersecurity News Digest [June 2023]
The middle of summer has arrived. It means that there is still half of the summer to implement all the plans you’ve come up with.
In order to help you not be distracted from your plans, but stay up to date at the same time, we have prepared for you our monthly news digest of events that have occurred in the world of cybersecurity.
So grab a cocktail on ice and catch up on what’s happening!
The previous news digest is here.
Cybersecurity news digest
#1 A new version of the Mario game with a hidden crypto miner is being distributed on the net
Experts from the company Cyble found that the attackers created a modified installer of Super Mario 3: Mario Forever, which is presented as a self-extracting executable archive and distributed through unknown channels.
The archive contains three executable files, one of which installs the game itself (super-mario-forever-v702e.exe), and the other two (java.exe and atom.exe) are quietly installed in the AppData directory during the installation of the game.
As soon as malicious executable files get to the disk, the installer launches them to launch the XMR (Monero) miner and the SupremeBot mining client.
SupremeBot (atom.exe) creates its own copy and places it in a hidden folder in the installation directory of the game. Next, it creates a scheduled task to execute this copy, which runs every 15 minutes for an indefinite period, hiding under the name of a legitimate process.
The styler is also able to create screenshots of the victim’s desktop and use webcams connected to the system. All stolen data is stored locally before being sent to the attackers’ server.
The researchers recommend that anyone who has recently downloaded Super Mario 3: Mario Forever check their computer for installed malware and remove it if any is found.
#2 The US government buys Americans’ personal data in huge volumes
At the end of June 2023, it became known that a declassified report for the first time confirmed that US federal agencies secretly acquire a huge amount of commercial information about Americans.
A declassified report by the Office of the Director of National Intelligence (ODNI) clearly confirms that the US government has access to all kinds of information — connected car data, web browsing data, and smartphone data.
The ODNI report, prepared in January 2022 and published in June 2023 at the request of Democratic Senator Ron Wyden, states that the data acquired by the US government only provides intelligence value. But the data collection also raise significant issues related to privacy and civil liberties.
The US secretly acquires a huge amount of commercial information about Americans.
According to the information, the declassified report is the first public disclosure that the US authorities use commercially available information obtained from internet-connected devices and provided by data brokers for purchase.
ODNI claims that if the US government can buy data, then America’s opponents and hostile countries can do it. Of course, theoretically, your elected officials can also use this information against citizens and avoid legal limits on information-gathering methods such as search warrants or wiretapping.
#3 WhatsApp has new privacy features
The popular WhatsApp messenger has new privacy-related features. This is reported on the official website of the service.
Representatives of the messenger said that two new functions called “Mute for unknown numbers” and “Privacy check” became available to users.
Disabling the sound for unknown numbers will give users more control over incoming calls and increase the level of privacy, allowing you to automatically filter spam, as well as calls from scammers and strangers, experts said. For such calls, according to the developers of the service, the sound will be turned off, but on the “Calls” tab it will be possible to check whether there are important ones among them.
The new option “Privacy Check” will allow you to get acquainted with all the methods of protection in WhatsApp. It allows you to study all the privacy settings step by step and choose the appropriate level of protection, according to WhatsApp. To use the function, you need to click “Start checkup” in the privacy settings.
Earlier, WhatsApp announced the launch of channels. According to the representatives of the service, the channels will be located separately from chats and communities in the new “Relevant” tab. Channel administrators will be able to post messages, photos, videos, polls, and stickers there, and subscribers will be able to view them.
Is WhatsApp a secure and private messenger? Learn more here.
#4 Experts have discovered a virus infecting Windows, Linux, and macOS
Researchers have discovered a malicious program called JokerSpy, which can infect three systems at once — macOS, Windows, and Linux. With its help, attackers can gain full control over someone else’s computer.
The virus is written in Python. In addition, it uses the open source tool SwiftBelt, designed to test network security.
Once on someone’s device, JokerSpy gets access to confidential data and can independently download other malicious files that allow the hacker to track all user actions.
Rresearchers at the cybersecurity firm Elastic also found a virus-related binary file in the system of a “well-known Japanese cryptocurrency exchange.” Analysts believe that the theft of funds from crypto wallets was the main goal of the creators of the software.
Experts have determined that the virus was developed specifically for macOS. But they found additional elements in it that indicate possible versions for Windows and Linux. However, so far they have not established exactly how JokerSpy gets into computers.
#5 Official Microsoft servers have become victims of DDoS attacks from users
At the beginning of June, several serious failures were recorded in the Microsoft Office suite, including email in Outlook and a file-sharing application on OneDrive, as well as a cloud computing platform.
Microsoft initially remained silent on this issue, although a group of hacktivists claimed responsibility for distributed denial of service (DdoS) attacks that led to the disruption of services. Later the company confirmed that DDoS attacks were the cause of the failures.
At the same time, Microsoft did not go into details and did not disclose either how many people had been affected or whether it was a global issue.
The company’s press secretary confirmed that a group calling itself Anonymous Sudan was behind the attacks. The group claimed responsibility for the attacks via social media channels. Microsoft at first designated the hackers as “Storm-1359,” which is a term it assigns to groups that have not yet been identified.
The company’s statement indicated that attackers used leased cloud infrastructure and virtual private networks to attack Microsoft servers from so-called botnets located around the world.
Because Microsoft noted that there is no evidence that any customer data was compromised as a result of hacker attacks.
Read more about the danger of DDoS attacks here.
#6 The new version of GravityRAT steals backup copies of data from WhatsApp messenger
Researchers have discovered an updated version of the Android remote access trojan GravityRAT. Since the summer of 2022, the malware has been masquerading as BingeChat and Chatico messengers, trying to steal data from users’ devices.
The GravityRAT Trojan has been active since at least 2015 but first started targeting Android users in 2020. Its operators, the SpaceCobra grouping, usually use GravityRAT as spyware in narrowly targeted campaigns.
One of the notable new updates in GravityRAT is the functionality for stealing WhatsApp backup files. Backups are created to help users transfer message history, media files, and data to new devices, and may contain sensitive data, including messages, videos, photos, documents, and more, in unencrypted form.
Currently, the Trojan is being distributed under the name BingeChat, posing as a messaging application with end-to-end encryption, a simple interface, and rich functionality.
Analysts write that BingeChat is a Trojan version of OMEMO IM, a legitimate open-source messenger for Android. Moreover, during the study of this campaign, it turned out that SpaceCobra uses OMEMO IM as the basis for another fake application — Chatico, which was distributed to victims in the summer of 2022, through an already disabled site chatico.co.uk.
When installed on a device, BingeChat requests dangerous permissions, including access to contacts, location, phone, SMS, storage, call logs, camera, and microphone. Alas, as the researchers note, these are standard permissions for messengers, so they are unlikely to arouse suspicion in the victim.
Before the user registers with BingeChat, the application transmits call logs, contact lists, SMS messages, device location and basic information about the device to the attackers’ control server.
#7 Musicians sued Twitter for copyright infringement
Music companies have sued Twitter for damages of more than $250 million in connection with alleged copyright violations. Labels representing the interests of several thousand artists require the company to pay for the fact that the music of these artists is used in users’ tweets, The Wall Street Journal reports.
Groups of music companies representing artists (which include Beyonce and Taylor Swift) have sued Twitter for alleged copyright infringement. According to representatives of the companies, the social network benefits from music for which it did not pay for.
The National Association of Music Publishers (NMPA) is demanding more than $250 million in damages from the social network for hundreds of thousands of alleged violations that the organization has identified concerning 1,700 songs.
The company owned by Elon Musk is one of the few social networks that do not have a license agreement regulating the use of music in the service. Facebook, Instagram, Snapchat, and TikTok pay artists for the fact that users of social networks use their music in their publications.
