The Blacksite Weekly Intelligence Report:

Week of October 24th, 2022

Thousands of Mobile Apps Leak Twitter API Keys

Cybersecurity firm CloudSEK uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public. Developers are given special authentication keys, or tokens, that allow their mobile apps to interact with the Twitter API. When a user associates their Twitter account with this mobile app, the keys also will enable the app to act on behalf of the user, such as logging them in via Twitter, creating tweets, sending DMs, etc. When the keys are embedded in the API, they can be used to create a Twitter army of verified (trustworthy) accounts.

More information:

Indonesia Enforces New Internet Regulations Blocking Certain Corporations 

Indonesia blocks access to internet service providers who had not registered on the country’s new licensing platform by July 27th, 2022. Some of the service providers include Yahoo, Steam, and PayPal. The blocks appear to result from a coordinated action between Kominfo and all major ISPs (internet service providers) However, some smaller ones still stray from the new regulations. The new law passed despite voices of concern expressed by freedom of speech advocates in Indonesia, who worried it would be used as a tool of censorship and to restrict freedom of the press.

More information:

Australian Hacker Charged with Providing Spyware to Criminal Entities 

A 24-year-old Australian national has been charged for his alleged role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, 24, is said to have created the remote access trojan (RAT) when he was 15. He has been slapped with six counts of committing a computer offense by developing and supplying the malware, in addition to profiting off its illegal sale. The surveillanceware is estimated to have netted the operator anywhere between $300,000 and $400,000.

More information:

Network of over 10,000 Investment Scam Websites Targets European Citizens 

Researchers have uncovered a network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. The goal of the operation is to trick users into an opportunity for high-return investments and convince them to deposit a minimum amount of 250 EUR ($255) to sign up for the fake services. The UK, Belgium, Germany, the Netherlands, Portugal, Poland, Norway, Sweden, and the Czech Republic are the countries targeted in this scheme. The scam is revealed when the victim tries to withdraw money from the platform but not before asking for a final payment.

More information:

Facebook Ads Pushes Adware through Millions of Installs on Google Play 

Adware apps are being promoted aggressively on Facebook as system cleaners and optimizers for Android devices. Users are convinced to trust the adware apps because they see a Play Store link on Facebook, leaving little margin for doubt. Most affected users are based in South Korea, Japan, and Brazil, but adware has unfortunately reached users worldwide. To evade deletion, the apps hide on the victim’s device by constantly changing icons and names, masquerading as Settings or the Play Store itself. To the user it may look like the ads are pushed by the legitimate app they installed.

More information:

Ransomware Payments Decline as Less Victims Decide to Pay

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value. In Q2 2022, the average ransom payment was $228,125 (up by 8% from Q1 ‘22) However, the median ransom value was $36,360, a steep fall of 51% compared to the previous quarter. This continues a downward trend since Q4 2021, which represented a peak in ransom payments both average ($332,168) and median ($117,116).

More information:

North Korean State Actors Use Chrome Extension to Gain Access and Steal Emails

A North Korean-backed threat group is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail. The extension, dubbed SHARPEXT, supports three Chromium-based web browsers (Chrome, Edge, and Whale) and can steal mail from Gmail and AOL accounts. The attack remains undetected by the victim’s email provider, thus making detection very challenging if not impossible. This latest campaign aligns with previous Kimsuky attacks as it also deploys the extension “in targeted attacks on foreign policy, nuclear and other individuals of strategic interest”.

More information:

How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats

The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Additionally, Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family-owned to that of the size of a fortune 500.

More information:

Please contact us and we’ll be glad to assist you.

Become invisible, become secure.