 An Australian hacker has been charged with creating and later selling spyware to more than 14,000 people. The 24-year-old man's spyware could breach webcams and microphones. More: - The investigation began in 2017, while authorities believe that the hacker created the spyware in 2013.
- Before the spyware was shut down in 2019, the hacker sold it to more than 14,000 people in 128 countries.
- The hacker sold the spyware for $35 on internet forums and allegedly made close to $400,000. At least 14% of those buyers are believed to have been on the sex offender list.
- The investigation, which had been led by the FBI and carried out by multiple European law agencies, resulted in the arrest of 13 people and the seizure of over 400 devices. The hacker could face up to 20 years in prison if found guilty.
| |
 Several Facebook ad campaigns that are advertising Android malware apps have been tracked. The malware apps are being advertised as cleaning apps and device optimizers. More: - These apps have been downloaded over 7 million times.
- Threat actors have configured the adware apps so that they change their icons constantly, often to look like the Settings or Play Store app.
- Users have downloaded the 13 different apps at least since 2021, while the names of the apps are:
- Junk Cleaner, cn.junk.clean.plp, 1M+ downloads
- EasyCleaner, com.easy.clean.ipz, 100,000+ downloads
- Power Doctor, com.power.doctor.mnb, 500,000+ downloads
- Super Clean, com.super.clean.zaz, 500,000+ downloads
- Full Clean -Clean Cache, org.stemp.fll.clean, 1M+ downloads
- Fingertip Cleaner, com.fingertip.clean.cvb, 500,000+ downloads
- Quick Cleaner, org.qck.cle.oyo, 1M+ downloads
- Keep Clean, org.clean.sys.lunch, 1M+ downloads
- Windy Clean, in.phone.clean.www, 500,000+ downloads
- Carpet Clean, og.crp.cln.zda, 100,000+ downloads
- Cool Clean, syn.clean.cool.zbc, 500,000+ downloads
- Strong Clean, in.memory.sys.clean, 500,000+ downloads
- Meteor Clean, org.ssl.wind.clean, 100,000+ downloads
- These apps have been removed from the Google Play Store, but users who have downloaded them previously will have to delete the apps on their own. Performing a phone check-up is also recommended for those who have downloaded the adware apps.
| |
 A message from VANTA Vanta asked over 500 startups to honestly and anonymously answer questions about their security posture, their security roadmap, and how satisfied they are with their security in general. Vanta’s State of Startup Security shares how hundreds of each stage founders, CTO’s, and security professionals are going through security growing pains and get a better understanding of how others are prioritizing and proving security. In this exclusive report: - You’ll see the data breakdown – from demographics to security tools
- You’ll get a better understanding of how organizations are prioritizing and proving security
- You’ll find out which compliance standards startups are working towards achieving – and how they’re getting it done
Want to learn more? Download now
| |
 Microsoft has tied a Russian threat actor to the Raspberry Robin USB-based worm hacking campaign. The company claims that hacker group Evil Corp is potentially behind the cyberattack. More: - Microsoft stated that it has observed a campaign in which the FakeUpdates malware is being spread through the Rasperry USB bug.
- While the ransomware's code is written to make it more elusive, Microsoft researchers believe that the threat actor behind the campaign is potentially Evil Corp.
- What makes this case unique is that the threat vectors through which the attack is being carried out are similar to two other groups, DEV-0206, and DEV-0243, causing researchers to believe that the groups may be cooperating or one of them may be trying to cover their own attack.
| |
 Discord users are being cyberattacked by card-stealing malware. The attack is being tracked as "Lofylife." More: - The attack is written in Javascript and Python and is a variation of Volt Stealer.
- The malware is located in the Node Package Repository, where users may be tricked into downloading several files such as small-sm, pern-valids, lifeculer, and proc-title
- If installed, the malware can steal a user's IP address, login information, tokens, and even credit card information. Researchers have not yet tracked the threat actor behind the attack.
Zoom Out: - This is not the first time that hackers have targeted Discord users. In 2019, hackers created a trojan that acted as a data-stealing backdoor in Discord.
- Open-source libraries have been abused by hackers before, with library administrators creating security measures intended to stop them from breaching users.
| |
 Researchers have tracked a network of more than 11,000 websites that are promoting fake investment schemes. The websites entice people to invest sums starting at $255. More: - The threat actors target users with ads and use fake promotion videos from celebrities to convince visitors to invest.
- Visitors are first asked to add their contact numbers. Once they add their number, they are contacted by a fake call center agent who asks them for their credit card information.
- After users proceed with giving out this information, they are given a link to a fake dashboard that pretends to track the investment's performance. From that point, users cannot contact anyone and cannot withdraw their money, even after depositing the "cash out fee."
- This hacking campaign is targeting users in the U.K., Belgium, Germany, the Netherlands, Portugal, Poland, Norway, Sweden, and the Czech Republic.
| |
Quick Hits: - 2022 Capital Gains of $250K+? Unlock tax incentives and additional compounding potential. Learn How — Grab This No-Cost Investor Guide.*
- Meta and a number of U.S. hospitals have been sued for breaching privacy laws by collecting data to track patients with ads.
- A threat actor known as Kimsuky is believed to be behind a recent hacking campaign that is targeting email addresses. The spyware used is similar to threat vectors that groups backed by North Korea use.
- The House of Representatives has passed the Ransomware Bill. The legislation enforces reporting on cross-border breaches and will enable the U.S. to respond to cyberattacks in a better way.
- Security researchers have uncovered a new kind of phishing attack in which hackers force victims to make a decision and click on their screens by having a countdown clock pop up on their screens.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
| |
