#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Whatsapp | Breaking Cybersecurity News | The Hacker News

PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

Mar 13, 2024 Financial Fraud / Mobile Security
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app's icon from the home screen of the victim's device, IBM said in a technical report published today. "Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background," security researcher Nir Somech  said . PixPirate, which was  first documented  by Cleafy in February 2023, is known for its abuse of Android's accessibility services to covertly perform unauthorized fund transfers using the PIX instant payment platform when a targeted banking app is opened. The constantly mutating malware is also capable of stealing victims' online banking credentials and credit card information, as well as capturing keystrokes and intercepting SMS mes
Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

Feb 05, 2024 Cyber Espionage / Cyber Extortion
The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called  VajraSpy . Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between April 2021 and March 2023. "VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code," security researcher Lukáš Štefanko  said . "It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera." As many as 148 devices in Pakistan and India are estimated to have been compromised in the wild. The malicious apps distributed via Google Play and elsewhere primarily masqueraded
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Dec 01, 2023 Privacy / Data Protection
Meta-owned WhatsApp has launched a new  Secret Code  feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been  described  as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature called  Chat Lock  that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics. By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted. "You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added. The development comes weeks after WhatsApp 
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

Nov 21, 2023 Android Security / Cryptocurrency
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. "Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such as banks, government services, and utilities," Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai  said  in a Monday analysis. The ultimate goal of the operation is to capture banking details, payment card information, account credentials, and other personal data. The attack chains involve sharing malicious APK files via social media messages sent on WhatsApp and Telegram by falsely presenting them as banking apps and inducing a sense of urgency by claiming that the targets' bank accounts will be blocked unless they update their permanent a
WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

Nov 08, 2023 Privacy / Data Security
Meta-owned WhatsApp is officially rolling out a  new privacy feature  in its messaging service called "Protect IP Address in Calls" that masks users' IP addresses to other parties by relaying the calls through its servers. "Calls are end-to-end encrypted, so even if a call is relayed through WhatsApp servers, WhatsApp cannot listen to your calls," the company said in a statement shared with The Hacker News. The core idea is to make it harder for bad actors in the call to infer a user's location by securely relaying the connection through WhatsApp servers. However, a tradeoff to enabling the privacy option is a slight dip in call quality. Viewed in that light, it's akin to Apple's  iCloud Private Relay , which adds an anonymity layer by  routing users' Safari browsing sessions  through two secure internet relays. It's worth noting that the "Protect IP Address in Calls" feature has been under development since at least late Augu
CanesSpy Spyware Discovered in Modified WhatsApp Versions

CanesSpy Spyware Discovered in Modified WhatsApp Versions

Nov 03, 2023 Spyware / Mobile Security
Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed  CanesSpy . These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such modded software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts of two million users. "The trojanized client manifest contains suspicious components (a service and a broadcast receiver) that cannot be found in the original WhatsApp client," Kaspersky security researcher Dmitry Kalinin  said . Specifically, the new additions are designed to activate the spyware module when the phone is switched on or starts charging. It subsequently proceeds to establish contact with a command-and-control (C2) server, followed by sending information about the compromised device, such as the IMEI, phone number, mobile country code, and mobile network code. CanesSpy also transmits det
Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Aug 15, 2023 Mobile Security / Financial Risk
Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called  Gigabud RAT . "One of Gigabud RAT's unique features is that it doesn't execute any malicious actions until the user is authorized into the malicious application by a fraudster, [...] which makes it harder to detect," Group-IB researchers Pavel Naumov and Artem Grischenko  said . "Instead of using HTML overlay attacks, Gigabud RAT gathers sensitive information primarily through screen recording." Gigabud RAT was  first documented  by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data. It's known to be active in the wild since at least July 2022. The Singapore-based company said it also identified a second variant of the malware minus the RAT capabilities. Dubbed Gigabud.Loan, it comes under the guise of a loan application that
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Jun 30, 2023 Privacy / Tech
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were  first reported  by BBC Persian. Some of the other improvements include streamlined steps to simplify the setup process as well as the introduction of shareable links to "share functioning/valid proxy addresses to their contacts for easy and automatic installation." Support for  proxy servers  was officially launched by the messaging service  earlier this January , thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp. The company has also made available a  reference implementation  for setting up a proxy server with ports 80, 443, or 5222 available and a domain name that points to the server's IP address.
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files

Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files

Jun 15, 2023 Mobile Security / Privacy
An updated version of an Android remote access trojan dubbed  GravityRAT  has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko  said  in a new report published today. "The malicious apps also provide legitimate chat functionality based on the open-source  OMEMO  Instant Messenger app." GravityRAT is the name given to a  cross-platform malware  that's capable of targeting Windows, Android, and macOS devices. The Slovak cybersecurity firm is tracking the activity under the name SpaceCobra. The threat actor is suspected to be based in Pakistan, with recent attacks involving GravityRAT targeting military personnel in India and among the Pakistan Air Force by camouflaging it as cloud storage and entertainment apps, as  disclosed  by Meta
E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

May 22, 2023 Data Protection / Privacy
Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed data within six months. Additionally, Meta has been given five months to suspend any future transfer of Facebook users' data to the U.S. Instagram and WhatsApp, which are also owned by the company, are not subject to the order. "The EDPB found that Meta IE's infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous," Andrea Jelinek, EDPB Chair,  said  in a statement. "Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizati
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

Apr 13, 2023 Mobile Security / Privacy
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement. Called  Device Verification , the security measure is designed to help prevent account takeover (ATO) attacks by blocking the threat actor's connection and allowing targets of the malware infection to use the app without any interruption. In other words, the goal is to deter attackers' use of malware to steal WhatsApp authentication keys and hijack victim accounts, and subsequently impersonate them to distribute spam and phishing links to other contacts. This, in turn, is achieved by introducing a security-token th
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Mar 17, 2023 Cryptocurrency / Mobile Security
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware . "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of clipper malware on the Google Play Store dates back to 2019, the development marks the first time Android-based clipper malware has been built into instant messaging apps. "Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware," the Slovak cybersecurity firm added. The attack chain begins with unsuspecting users clicking on fraudulent ads on Google search results that lead to hundreds of sketchy YouTube channels, which then direct them
WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

Jan 20, 2023 Data Protection / Privacy
The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information. At the heart of the ruling is an update to the messaging platform's Terms of Service that was imposed in the days leading to the enforcement of the General Data Protection Regulation ( GDPR ) in May 2018, requiring that users agree to the revised terms in order to continue using the service or risk losing access. The complaint, filed by privacy non-profit NOYB, alleged that WhatsApp breached the regulation by compelling its users to "consent to the processing of their personal data for service improvement and security" by "making the accessibility of its services conditional on users accepting the updated Terms of Service." "WhatsApp Ireland is not entitled to rely on the contract legal basis for the delivery of service improvement and security," th
WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

Jan 06, 2023 Online Safety / Privacy
Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company  said . Proxies act as an intermediary between end users and the service provider by routing requests originating from a client to the server and forwarding the response back to the device. Users can  access the option  by navigating to Settings > Storage and Data > Proxy > Use Proxy and entering a trusted proxy server address. WhatsApp, which is used by more than two billion users across the world, has also made available a  reference implementation  that can be used to set up a proxy server to help others connect to the service. The company emphasized that
Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Dec 27, 2022 Data Security / Privacy
Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising. The proposed settlement, first  reported  by Reuters last week, is the latest penalty paid by the company in the wake of a  number  of  privacy   mishaps   through the years . It still requires the approval of a federal judge in the San Francisco division of the U.S. District Court. It's worth noting that Facebook previously sought to  dismiss the lawsuit  in September 2019,  claiming  users have no legitimate privacy interest in any information they make available to their friends on social media. The  data harvesting scandal , which  came  to  light  in March 2018, involved a
Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

Nov 29, 2022
Ireland's Data Protection Commission (DPC) has  levied fines  of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated dataset of Facebook personal data that had been made available on the internet." This included the  personal information  associated with 533 million users of the social media platform, such as their phone numbers, dates of birth, locations, email addresses, gender, marital status, account creation date, and other profile details. Meta acknowledged that the information was "old data" that was obtained by malicious actors by taking advantage of a technique called "phone number enumeration" to  scrape users' public profiles . This entailed misusing a t
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

Nov 17, 2022
A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over  42,000 imposter domains , with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking, travel, and energy," researchers Emily Dennison and Alana Witten  said . "Promised financial or physical incentives are used to trick victims into further spreading the campaign via WhatsApp." Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. These sites prompt the visitors to complete a survey to claim cash prizes, in exchange for which the
Cybersecurity Resources