Authentication and Download - Cyber Security Informer

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. In this case, the loan app evaded detection on Google Play, by loading a WebView to redirect users to an external website from where they could download the app hosted on an Amazon EC2 server.

Passwords

Passwords Password Management Phishing Authentication

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor.

Phishing

Phishing Malware Passwords Password Management

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. You may also wish to download Google Authenticator to another mobile device that you control.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. As of this writing, DeepSeek is the third most-downloaded “free” app on the Apple store, and #1 on Google Play.

Risk

Risk Artificial Intelligence Mobile Encryption

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming.

Authentication

Authentication Passwords Mobile Phishing

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

FEBRUARY 4, 2025

The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability. XR500, the issue was fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Click Downloads. Click Download.

Firmware

Firmware Authentication Hacking Information Security

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. The lure that convinces people to download these apps varies. This does not make multifactor authentication useless.

Phishing

Phishing Passwords Mobile Authentication

Threat actor impersonates Google via fake ad for Authenticator

Malwarebytes

JULY 30, 2024

Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself. This was the case here with this ad for Authenticator: The truth is Larry Marr has nothing to do with Google, and is likely a fake account.

Authentication

Authentication Computers and Electronics Social Engineering Malware

Using Fake Reviews to Find Dangerous Extensions

Krebs on Security

MAY 29, 2021

Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data. 45 malicious extensions that collectively had close to 100,000 downloads. -25 Image: chrome-stats.com. “It’s great!

Accountability

Accountability Authentication Scams Software

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. Hunt also verified the authenticity of the information included in the stolen archive. Hunt will add the information of the impacted users to HIBP very soon.

Internet

Internet Internet Data breaches Authentication

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. “Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominerXMRig.”

Phishing

Phishing Scams Malware Authentication

Silent Ransom Group targeting law firms, the FBI warns

Security Affairs

MAY 24, 2025

Indicators of SRG activity include unauthorized downloads of tools like Zoho Assist or AnyDesk, external WinSCP/Rclone connections, ransom emails or calls from unnamed groups, and phishing emails about subscriptions urging recipients to call a number to cancel charges. ” concludes the report.

Social Engineering

Social Engineering Antivirus Phishing Engineering

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

JANUARY 14, 2025

.” Bob Hopkins at Immersive Labs called attention to the CVE-2025-21311 , a 9.8 “critical” bug in Windows NTLMv1 (NT LAN Manager version 1), an older Microsoft authentication protocol that is still used by many organizations. Unpatched.ai “It may be the first of many in 2025.”

Artificial Intelligence

Artificial Intelligence Social Engineering Encryption Internet

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware

Malware Adware Education Phishing

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal ). Also, unless you really know what you’re doing, please don’t download and install pirated software.

Cybercrime

Cybercrime Passwords Authentication Malware

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Keep threats off your devices by downloading Malwarebytes today. Here’s how it works.

Accountability

Accountability Authentication Malware Banking

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victims device. .

Antivirus

Antivirus Ransomware Social Engineering Engineering

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

CISA warns of RESURGE malware exploiting Ivanti flaw

Security Affairs

MARCH 30, 2025

A local authenticated attacker can trigger the vulnerability to escalate privileges. CVE-2025-0283 could allow a local authenticated attacker to escalate privileges. Ivanti addressed a high-severity flaw, tracked as CVE-2025-0283 (CVSS score: 7.0), that allows a local authenticated attacker to escalate privileges.

Malware

Malware Authentication Encryption Cybersecurity

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Security Affairs

MAY 17, 2025

Always confirm authenticity before responding, and contact security officials or the FBI if uncertain. Avoid clicking links or downloading files from unverified sources. Avoid clicking links or downloading files from unverified sources. Enable and protect two-factor authentication and never share OTP codes.

Government

Government Social Engineering Authentication Accountability

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Keep threats off your devices by downloading Malwarebytes today.

Authentication

Authentication Phishing Password Management Scams

Crooks are targeting Docker API servers to deploy SRBMiner

Security Affairs

OCTOBER 23, 2024

“Afterwards, the attacker downloaded and deployed the SRBMiner cryptominer from GitHub, and started mining to their cryptocurrency wallet and public IP address.” The attacker downloads SRBMiner from GitHub, unzips it into a temporary directory, and deploys it in the /usr/sbin directory. continues the analysis. .

Cryptocurrency

Cryptocurrency Authentication Hacking Cybercrime

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Security Affairs

MAY 26, 2025

Below is the description of the flaws: CVE-2025-4427 (CVSS score: 5.3) An authentication bypass in Endpoint Manager Mobileallowingattackers to access protected resources without proper credentials. Ivanti confirmed that threat actors could chain the two vulnerabilities to achieve remote code execution without authentication.

Mobile

Mobile Telecommunications Authentication Internet

Hertz data breach caused by CL0P ransomware attack on vendor

Malwarebytes

APRIL 15, 2025

A screenshot of some of CL0P’s list of victims (other victims’ names obscured) This leak site is also where the stolen data is available for download. Malwarebytes Labs was unable to figure out how many people were affected, but the number of available archives for download is in the tenfolds.

Data breaches

Data breaches Ransomware Passwords B2B

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 18, 2025

The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0

Authentication

Authentication Ransomware Firewall Hacking

Outlaw cybergang attacking targets worldwide

SecureList

APRIL 29, 2025

Suspicious authorized key After the initial SSH compromise, the threat actor downloads the first-stage script, tddwrt7s. This artifact is responsible for downloading the dota. Chain of commands used by the attackers to download and decompress dota.tar.gz sh , using utilities like wget or curl.

Authentication

Authentication Passwords System Administration Cryptocurrency

TookPS: DeepSeek isn’t the only game in town

SecureList

APRIL 2, 2025

Subsequent telemetry analysis indicated that the TookPS downloader , a malware strain detailed in the article, was not limited to mimicking neural networks. We identified fraudulent websites mimic official sources for remote desktop and 3D modeling software, alongside pages offering these applications as free downloads. com as the C2.

Software

Software Malware Security Awareness Authentication

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

Enable multi-factor authentication where supported, at least for your most important services (email, banking, social, etc.) I personally use Microsoft Defender which is free, built into Windows and updates automatically via Windows Update.

Malware

Malware Passwords Password Management Antivirus

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. GreyNoise also observed an instance of an attack using wget to download a shell script for reverse shell access. CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware

Firmware Manufacturing IoT Healthcare

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches

Data breaches Cybercrime Authentication Technology

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

The Last Watchdog

JANUARY 30, 2025

The extension then silently authenticates the victim into a Chrome profile managed by the attackers Google Workspace. Once this authentication occurs, the attacker has full control over the newly managed profile in the victims browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Social Engineering

Social Engineering Engineering Authentication Accountability

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

Security Affairs

JANUARY 20, 2025

” The malicious packages discovered by the experts are posing as Solana tools and have 130+ downloads, using Nodemailer to steal keys via Gmail and automate wallet draining. “It is important to verify a packages authenticity by examining its download counts, publisher history, and any associated GitHub repository links.

Malware

Malware Authentication Hacking Accountability

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

This access enabled Bathula to download the victims’ personal information, including their private photographs and videos, the class action asserts, adding that he also used his access to systems both at home and at work to spy on the victims in real time. Watch where you download from. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Malwarebytes

APRIL 17, 2025

CVE-2025-31201 : An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple’s Pointer Authentication (PA) is a hardware security feature designed to detect and prevent tampering with critical pointers (like function addresses or return addresses) in memory.

Authentication

Authentication Software Mobile Media

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

Malwarebytes

JANUARY 30, 2025

The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field.

Artificial Intelligence

Artificial Intelligence Risk Marketing Authentication

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Interestingly, the malicious ad we found was for Google Authenticator, despite the obvious ads-goo[.]click There is also a distant feel of ‘software download via Google ads’ we have reported on previously (see Threat actor impersonates Google via fake ad for Authenticator ). click domain name. com/view/fjads sites[.]google[.]com/view/goitkm/google-ads

Advertising

Advertising Accountability Phishing Scams

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). For its part, Snowflake says it now requires all new customers to use multi-factor authentication. In a regulatory filing with the U.S.

Data breaches

Data breaches Passwords Authentication Accountability

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

“This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.” This led to a zero-click attack, requiring no user interaction, as the ad program automatically downloaded and rendered the malicious content. dll), allowing type confusion to occur.

Internet

Internet Internet Engineering Malware

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

Malwarebytes

OCTOBER 29, 2024

with improved authentication. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today. CVE-2024-44274 : a vulnerability in Accessibility that could allow an attacker with physical access to a locked device to view sensitive user information. This issue is fixed in iOS 17.7.1

Mobile

Mobile Software Authentication Risk

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Around the same time, users receive legitimate looking emails from what appears to be an authentic Google domain to add credibility to what the caller is claiming to have happened. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

These solutions empower organizations to manage, authenticate, and analyze privileged access, streamlining the granting of credentials with role-based access controls and automated workflows. With these scalable and reliable PAM solutions , organizations of all sizes can address their complex and ever-evolving cybersecurity challenges.

InfoSec

InfoSec Cyber Risk CISO Cybersecurity

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 5, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. GreyNoise also observed an instance of an attack using wget to download a shell script for reverse shell access. CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware

Firmware Manufacturing Authentication IoT

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Security Affairs

MAY 5, 2025

Sansec discovered that threat actors behind the attack breached the download servers of Tigren, Magesolution (MGS) and Meetanshi and injected backdoors in their software that allowed them to take over their customers’ e-stores. In older versions (2019), this required no authentication, but newer versions require a secret key.

eCommerce

eCommerce Hacking Authentication Software

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

OCTOBER 15, 2024

The document or LNK file starts a multi-stage infection chain with various JavaScript and.NET downloaders, which ends with the installation of the StealerBot espionage tool. All the documents use the remote template injection technique to download an RTF file that is stored on a remote server controlled by the attacker.

Malware

Malware Encryption Architecture Phishing

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Trending Sources

How to Lose a Fortune with Just One Bad Click

Experts Flag Security, Privacy Risks in DeepSeek AI App

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

Netgear urges users to upgrade two flaws impacting WiFi router models

Phishing evolves beyond email to become latest Android app threat

Threat actor impersonates Google via fake ad for Authenticator

Using Fake Reviews to Find Dangerous Extensions

Internet Archive was breached twice in a month

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Silent Ransom Group targeting law firms, the FBI warns

Microsoft: Happy 2025. Here’s 161 Security Updates

Warning over free online file converters that actually install malware

FBI Hacker Dropped Stolen Airbus Data on 9/11

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

CISA warns of RESURGE malware exploiting Ivanti flaw

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Crooks are targeting Docker API servers to deploy SRBMiner

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Hertz data breach caused by CL0P ransomware attack on vendor

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Outlaw cybergang attacking targets worldwide

TookPS: DeepSeek isn’t the only game in town

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

PTZOptics cameras zero-days actively exploited in the wild

Cisco states that the second data leak is linked to the one from October

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

North Korea-linked APT37 exploited IE zero-day in a recent attack

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

How AI was used in an advanced phishing campaign targeting Gmail users

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Stay Connected