Saturday, June 03, 2023

Hackers use flaw in popular file transfer tool to steal data, researchers say

Story by By Zeba Siddiqui • Yesterday 

 A computer keyboard lit by a displayed cyber code is seen in this illustration picture
© Thomson Reuters


SAN FRANCISCO (Reuters) - Hackers have stolen data from the systems of a number of users of the popular file transfer tool MOVEit Transfer, U.S. security researchers said on Thursday, one day after the maker of the software disclosed that a security flaw had been discovered.

Software maker Progress Software Corp, after disclosing the vulnerability on Wednesday, said it could lead to potential unauthorized access into users' systems.

The managed file transfer software made by the Burlington, Massachusetts-based company allows organizations to transfer files and data between business partners and customers.

It was not immediately clear which or how many organizations use the software or were impacted by potential breaches. Chief Information Officer Ian Pitt declined to share those details, but said Progress Software had made fixes available since it discovered the vulnerability late on May 28.

The software's eponymous cloud-based service had also been impacted by this, he told Reuters.

"As of now we see no exploit of the cloud platform," he said.

Cybersecurity firm Rapid7 Inc and Mandiant Consulting - owned by Alphabet Inc's Google - said they had found a number of cases in which the flaw had been exploited to steal data.

"Mass exploitation and broad data theft has occurred over the past few days," Charles Carmakal, chief technology officer of Mandiant Consulting, said in a statement.

Such "zero-day," or previously unknown, vulnerabilities in managed file transfer solutions have led to data theft, leaks, extortion and victim-shaming in the past, Mandiant said.

"Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data," Carmakal said.

Rapid7 said it had noticed an uptick in cases of compromise linked to the flaw since it was disclosed.

Progress Software has outlined steps users at risk can take to mitigate the impact of the security vulnerability.

Pitt did not have a comment on who might have been trying to steal data by exploiting the flaw.

"We have no evidence of it being used to spread malware," he said.

MOVEit Transfer was used by a relatively "small" number of customers compared to those of the company's other software products that number more than 20, he said.

"We have forensics partners on board and we are working with them to make sure that we have an ever-evolving grasp of the situation."

(Reporting by Zeba Siddiqui in San Francisco; Editing by Christopher Cushing)


This Play Store malware was downloaded over 420 million times

Story by MobileSyrup • Thursday, June 1,2023

New Android spyware has been discovered in the Play Store that has been downloaded over 420 million times.

The spyware, dubbed SpinOK by cybersecurity researchers Doctor Web (via Bleeping Computer), collects data from your device and sends it to remote servers. It also displays ads and manipulates your clipboard.

As shared by Doctor Web, SpinOK is a malicious SDK (software development kit) that developers can use to add mini-games, tasks and prizes to their apps. These features are meant to “spark user interest,” and keep them on the app while collecting information from the back door.

The malicious SDK’s spying and information collection capabilities include:

Sending information about your device, such as its model, OS version, screen size, battery level, etc., to remote servers.

Using your gyroscope and magnetometer sensors to detect if you are using a real device or a virtual one.

 This is done to evade security analysis and detection.

Displaying ads on your screen.

Sccaning your device for files and directories and sending their names and locations to the remote server.

Stealing specific files from your device if instructed by the server.

Copying or replacing the contents of your clipboard with malicious data.

Doctor Web has identified 101 apps on the Play Store that contain the SpinOK module. These apps have been downloaded more than 420 million times in total, posing a huge security risk for Android users worldwide.

The most popular apps among them are:

Noizz: video editor with music – At least 100 million downloads
Zapya – File Transfer, Share – At least 100 million downloads
VFly: video editor&video maker – At least 50 million downloads
MVBit – MV video status maker – At least 50 million downloads
Biugo – video maker&video editor – At least 50 million downloads
Crazy Drop – At least 10 million downloads
Cashzine – Earn money reward – At least 10 million downloads
Fizzo Novel – Reading Offline – At least 10 million downloads
CashEM: Get Rewards – At least 5 million downloads
Tick: watch to earn – At least 5 million downloads

A full list of infected apps can be found here.

Bleeping Computer suggests that Google has removed most of these apps from the Play Store, except for Zapya, which has been updated to remove the SpinOK module. However, if you have already installed any of these apps on your device, you should take action immediately.

You should uninstall the app from your device, even if it has been removed from the Play Store, followed by running an antivirus scan on your device to make sure there are no traces of malware left.

Source: Doctor Web Via: Bleeping Computer by cybersecurity researchers Doctor Web (via Bleeping Computer), collects data from your device and sends it to remote servers. It also displays ads and manipulates your clipboard.

Source: Doctor Web Via: Bleeping Computer

No comments: