SideCopy’s latest volley in their year-long attack on the Indian military has introduced a new trojan into the mix. The advanced persistent threat (APT) group’s remote access trojan is highly customized and could also be a preview of another attack as it’s thought it can be used to install additional malicious plugins. In other cybersecurity news, researchers have found 176 fake cryptomining Android apps that have been downloaded over 93,000 times – netting the malicious developers over $350,000.
A Swedish supermarket named Coop is one of thousands of victims following the ransomware attack on Kaseya. With their point-of-sale systems rendered inoperable, they were forced to close over 500 locations.. As the supermarket chain wasn’t the initial target, it is out of their control as to when and how the issue will be resolved. For now, Coop can just hope for some resolution that could allow them to re-open locations.
Officials for the UK branch of the Salvation Army have revealed a ransomware attack that targeted the charitable organization’s data center last month. While it is still unknown what information was stolen, the organization is recommending that employees and volunteers be vigilant for any unusual financial transactions or suspicious emails. Unfortunately, this attack has proven that no business or organization, even charitable ones, are excluded from targeted ransomware attacks.
Over the past year, the Indian military has been steadily under attack by the SideCopy advanced persistent threat (APT) group,who have now introduced a new trojan into the mix. The latest threats are highly customized remote access trojans that perform tasks like keylogging and sophisticated multi-factor authentication credential files., but can be used to install additional malicious plugins that can perform many other functions.
The official Formula 1 app was compromised by malicious actors over the weekend and was used to send out two unauthorized push notifications to all users. Officials for Formula 1 have confirmed that no information was compromised during the breach, and just the push notification system was affected. Even though it may seem innocuous to infiltrate a push notification system, attacks like this one can be used for more convincing phishing attacks or scare tactics to prompt recipients into entering sensitive information.
Researchers have tracked 176 fake cryptomining apps that have been purchased and downloaded over 93,000 times. Though very few of the apps were actually available on the Google Play app store, they were all easily installed on an Android device from third-party stores. The apps themselves went mostly undetected as they didn’t perform any malicious activities, or do much of anything at all. It is believed that the combined apps have netted the developers over $350,000, and with some still available on app stores, this number is likely to continue rising.