Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Harvesting SDK. Show all posts
Katz
Atlantis AIO CaaS Credentials Theft CyberCrime cybercriminals Cybersecurity Data Breach Data Harvesting SDK data security Data Theft Flashpoint infostealers Katz

Cybercrime-as-a-Service Drives Surge in Data Breaches and Stolen Credentials

 

The era of lone cybercriminals operating in isolation is over. In 2025, organized cybercrime groups dominate the threat landscape, leveraging large-scale operations and sophisticated tools to breach global organizations. Recent intelligence from Flashpoint reveals a troubling surge in cyberattacks during just the first half of the year, showing how professionalized cybercrime has become — particularly through the use of Cybercrime-as-a-Service (CaaS) offerings. 

One of the most alarming findings is the 235% rise in data breaches globally, with the United States accounting for two-thirds of these incidents. These breaches exposed an astounding 9.45 billion records. However, this number is eclipsed by the dramatic 800% increase in stolen login credentials. In total, threat actors using information-stealing malware compromised more than 1.8 billion credentials in just six months. 

These tools — such as Katz Stealer or Atlantis AIO — are widely accessible to hackers for as little as $30, yet they offer devastating capabilities, harvesting sensitive data from commonly used browsers and applications. Flashpoint’s report emphasizes that unauthorized access, largely facilitated by infostealers, was the initial attack vector in nearly 78% of breach cases. 

These tools enable threat actors to infiltrate organizations and pivot across networks and supply chains with ease. Because of their low cost and high effectiveness, infostealers are now the top choice for initial access among cybercriminals. This rise in credential theft coincides with a 179% surge in ransomware attacks during the same period. 

According to Ian Gray, Vice President of Cyber Threat Intelligence Operations at Flashpoint, this dramatic escalation highlights the industrial scale at which cybercrime is now conducted. The report suggests that to counter this growing threat, organizations must adopt a dual strategy: monitor stolen credential datasets and set up alert systems tied to specific compromised domains.  

Furthermore, the report advocates for moving beyond traditional password-based authentication. Replacing passwords and basic two-factor authentication (2FA) with passkeys or other robust methods can help reduce risk. 

As cybercriminal operations grow increasingly professional, relying on outdated security measures only makes organizations more vulnerable. With CaaS tools making sophisticated attacks more accessible than ever, companies must act swiftly to enhance identity protection, tighten access controls, and build real-time breach detection into their infrastructure. 

The rapid evolution of cybercrime in 2025 is a stark reminder that prevention and preparedness are more critical than ever.
Read more »
Data Theft
Amazon class action lawsuits Data Breach Data Harvesting SDK Data Privacy Data Safety User Data data security Data Theft

Amazon Faces Lawsuit Over Alleged Secret Collection and Sale of User Location Data

 

A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software development kit (SDK) to extract sensitive geolocation information from mobile apps. According to the lawsuit, plaintiff Felix Kolotinsky of San Mateo claims 

Amazon embedded its SDK into numerous mobile applications, allowing the company to collect precise, timestamped location details. Users were reportedly unaware that their movements were being tracked and stored. Kolotinsky states that his own data was accessed through the widely used “Speedtest by Ookla” app. The lawsuit contends that Amazon’s data collection practices could reveal personal details such as users’ home addresses, workplaces, shopping habits, and frequented locations. 

It also raises concerns that this data might expose sensitive aspects of users’ lives, including religious practices, medical visits, and sexual orientation. Furthermore, the complaint alleges that Amazon leveraged this information to build detailed consumer profiles for targeted advertising, violating California’s privacy and computer access laws. This case is part of a broader legal pushback against tech companies and data brokers accused of misusing location tracking technologies. 

In a similar instance, the state of Texas recently filed a lawsuit against Allstate, alleging the insurance company monitored drivers’ locations via mobile SDKs and sold the data to other insurers. Another legal challenge in 2024 targeted Twilio, claiming its SDK unlawfully harvested private user data. Amazon has faced multiple privacy-related controversies in recent years. In 2020, it terminated several employees for leaking customer data, including email addresses and phone numbers, to third parties. 

More recently, in June 2023, Amazon agreed to a $31 million settlement over privacy violations tied to its Alexa voice assistant and Ring doorbell products. That lawsuit accused the company of storing children’s voice recordings indefinitely and using them to refine its artificial intelligence, breaching federal child privacy laws. 

Amazon has not yet issued a response to the latest allegations. The lawsuit, Kolotinsky v. Amazon.com Inc., seeks compensation for affected California residents and calls for an end to the company’s alleged unauthorized data collection practices.
Read more »
Google Play
Data Breach Data Harvesting SDK Data Theft Google Play

Android Apps With 45 Million Installs Used For Data Harvesting SDK

 

Recently, Mobile malware researchers warned about a set of applications available on the Google Play Store that are stealing the private data of users from over 45 million installs of the apps. 

The apps consume credentials of the users through a third-party SDK in which it gets access to the users' capture clipboard content (store very sensitive data, such as crypto wallet recovery seeds, passwords, or credit card numbers), email addresses, GPS data, phone numbers, and even the user’s modem router MAC address and network SSID. This sensitive data could lead to significant privacy risks, the researchers said. 

The famous and most downloaded app applications to be using this SDK to send sensitive data of users are enlisted below:

• Al-Moazin Lite – 10 million installations (phone number, IMEI, router SSID, router MAC address) 
• Speed Camera Radar – 10 million installations (phone number, IMEI, router SSID, router MAC address) 
• WiFi Mouse – 10 million installations (router MAC address) 
• Qibla Compass Ramadan 2022 – 5 million installations (GPS data, router SSID, router MAC address) • QR & Barcode Scanner – 5 million installations (phone number, email address, IMEI, GPS data, router SSID, router MAC address) 
• Handcent Next SMS-Text w/MSS – 1 million installations (email address, IMEI, router SSID, router MAC address) 
• Smart Kit 360 – 1 million installations (email address, IMEI, router SSID, router MAC address) 
• Simple weather & clock widget – 1 million installations (phone number, IMEI, router SSID, router MAC address) 
• Al Quran mp3 – 50 Reciters & Translation Audio – 1 million installations (GPS data, router SSID, router MAC address) 
• Audiosdroid Audio Studio DAW – 1 million installations (phone number, IMEI, GPS data, router SSID, router MAC address) 
• Full Quran MP3 – 50+ Languages & Translation Audio – 1 million installations (GPS data, router SSID, router MAC address) 

In the wake of the security incident, Google removed many applications from the Google Play store after discovering that they contain data harvesting software. Several Muslim prayer apps, a highway-speed-trap detection app, and a QR-code reading app, were installed more than 45 million times, as per the researchers. 
Read more »
Subscribe to: Posts (Atom)