A new hacking group called AtlasCross is targeting organizations with phishing lures impersonating the American Red Cross. The group uses macro-enabled Word documents to deliver backdoor malware to victims' devices.
The phishing emails typically contain a link to a malicious website or an attachment containing a macro-enabled Word document. If the victim opens the attachment and enables macros, the malware will be installed on their device.
The malware used by AtlasCross is called DangerAds and AtlasAgent. DangerAds is a system profiler and malware loader, while AtlasAgent is a backdoor that allows attackers to remotely control the victim's device.
Once the attackers have control of the victim's device, they can steal sensitive data, such as login credentials, financial information, and trade secrets. They can also use the device to launch further attacks against other organizations.
Bill Toulas, CEO of NSS Labs, aptly notes, "The AtlasCross phishing campaign is a reminder that even the most sophisticated organizations can be targeted by cybercriminals. It is important to be vigilant and take steps to protect yourself from these attacks."
How to protect your organization from AtlasCross phishing attacks:
Pinduoduo, a popular Chinese e-commerce app, has come under scrutiny from cybersecurity experts after multiple reports of malware surfaced. According to CNN, a recent analysis found that the app contained a 'sophisticated and complex' malware strain that allowed attackers to steal personal data and spy on users' activities.
In a report by Bloomberg, cybersecurity researchers noted that the malware was able to "hijack user accounts, steal payment information, and even take control of users' phones." The report also highlighted that the app had been downloaded over one billion times, making it a significant threat to users' security and privacy.
In response to these reports, Google Play has suspended the app from its platform. The South China Morning Post notes that this is not the first time that Pinduoduo has come under fire for suspected malware. In 2021, the app was accused of selling counterfeit goods and allowing the sale of illegal and fake products.
Brian Krebs, a cybersecurity expert, notes that the Pinduoduo case highlights the risks of using apps from untrusted sources. He emphasizes that "users should always be wary of downloading apps from unfamiliar sources, as they may contain malicious code that can compromise their security and privacy."
The Pinduoduo case also underscores the importance of regularly updating software and using trusted security solutions to protect against malware and other cyber threats. As the threat landscape continues to evolve, it is essential that individuals and organizations remain vigilant and proactive in protecting their digital assets.
The Pinduoduo incident serves as a sobering reminder of the dangers presented by unreliable apps and the significance of cybersecurity in the current digital era. Users must take the necessary precautions to protect themselves and their data as cyber threats continue to grow in sophistication and complexity. Individuals and organizations can reduce the dangers of cyber assaults and secure their online safety by remaining educated, upgrading software on a regular basis, and employing reputable security solutions.
The US Secret Service alleged that a Chinese hacking group stole tens of millions of dollars from US Covid-19 relief funds. The incident has increased the threat that the US and its citizens are facing from threat actors.
State-sponsored cyber criminal group APT41 scammed and stole $20 million that was used as a pandemic relief during Covid-19.
Experts say this is the first theft of APT41, it is known for cyber espionage and financial cyberattacks. But this time, it is confirmed that APT41 has targeted US government funds. The money consists of small business administration plans and unemployment insurance funds.
It also shows APT41's capability to defraud the US on a bigger scale, given the depth of details it has retrieved about American citizens.
"Fintech companies contracted by the federal government to process pandemic payouts rushed through processing applications in pursuit of higher fees, which contributed to the fraud that occurred, according to a report by the US House Select Subcommittee on the Coronavirus Crisis published on December 1. The key issue at hand is the state-sponsored group’s ability to scale future fraud attempts via automated technology and troves of taxpayer data China is believed to have obtained after security breaches at credit bureau Equifax and the US Office of Personnel Management, Hamilton said. OPM houses all federal employee data.ls it has retrieved about the American citizens," reports Bloomberg
APT41 believed behind the theft
It is not clear if agencies believe APT41 compromised government systems or citizens' personal accounts to get the Covid-19 relief funds, or if they hacked into already stolen information to engage in an identity scam.
Investigating agencies didn't disclose any more details about how the theft took place, saying “with respect to a potentially ongoing investigation, we have no further publicly available information.”
For individual US citizens, it may be hard to imagine themselves as victims of a states sponsored attack like China, however, the threat is rising.
“When you look at how many records they have, talk about massive fraud. If the Chinese-based hackers wanted to use that information for fraud, they would have a very easy time with that because they have it all," said Linn Freedman, cybersecurity partner of Robinson Cole LLP.
Currently, not much information is available to determine the security loopholes that resulted in fraudulent activity related to the relief funds, it is believed that the money theft is not an isolated incident.
Mike Hamilton, the chief information security officer at cybersecurity agency Critical Insight, believes that the cyberattack was a "beta test" of APT41's capabilities to defraud the American government and also that APT41 attacked the funds because it was easy to steal.
Bloomberg reports, "APT41 recently compromised at least six state government websites and exfiltrated personally identifiable information as part of a deliberate hacking campaign targeting states, according to a report published by cybersecurity firm Mandiant in March 2022."