VM#001

Author

Alicja Pawlowska
September 08, 2024

Hi Everyone,

Thank you for signing up! This is my first newsletter 🥳

I’ll be sending these out every two weeks to get into the groove. Let me know what you think shoot me a DM or reply with your feedback.

Cybersecurity News

  • iOS 18: The new update introduces a built-in password manager with end-to-end encryption for managing credentials, app locking and hiding features, and improved privacy controls. Upcoming AI enhancements in iOS 18.1 will further strengthen security. Find out more.

  • Lazarus Group: "Contagious Interview" campaign involves threat actors posing as employers to lure software developers into installing malware during the interview process. The malware used can lead to various types of theft. Various groups of security researchers attribute this campaign to North Korean state-sponsored actors.

    This campaign was Initially reported in July 2023. Now the campaign employs Node.js to deploy malware. Victims receive job interview requests that lead to downloading a Node.js project containing BeaverTail malware, which then installs a Python backdoor called InvisibleFerret.

    The group uses platforms like LinkedIn and Upwork, often moving conversations to Telegram. They distribute fake video conferencing apps (e.g., FreeConference.com) and malicious Node.js projects during interviews. Fake npm packages also target cryptocurrency and gaming sectors.

    DEV#POPPER is also a part of the same campaign, which includes delivering a Python-based RAT called DevPopper targeting Web3 and crypto firms. Ongoing social engineering attacks have been observed against software developers. DevPopper IOCs.

  • In yesterday news, it was revealed that CovertCatch malware was reported as part of these schemes. It targets developers on LinkedIn as well by sending a ZIP file disguised as a Python coding challenge. Once executed, CovertCatch compromises macOS systems and downloads a second stage payload for persistence.

Espionage & Counterintelligence

  • Dutch Prime Minister: Bans wireless devices from meetings to prevent espionage. Find out more.

  • Clearview AI: Fined €30.5 million by the Dutch Data Protection Authority for illegal data collection and facial recognition practices. Find out more.

  • Chinese fugitive mayor Alice Guo arrested in Indonesia amid spy allegations. Find out more.

  • Colombia to investigate police purchase of Pegasus spyware. Find out more.

  • Suspected Russian 'spy whale' found dead off Norway, potentially shot. Find out more.

  • Cyber Espionage Threats in Finland: The Finnish authorities warn that unprotected network devices in households and businesses are increasingly targeted by non-democratic states like Russia and China for cyber espionage. Regular updates and secure configurations are essential to protect against these threats and safeguard sensitive information. Find out more. [finnish]

SOCMINT

  • Spacehey: A MySpace clone created by a German teen has reached one million users, mainly among teenagers.

  • Telegram Premium: The platform has reached 10 million subscribers. Moreover, Durov announced on Friday that it has removed the "People Nearby" feature, which allowed users to see and message others nearby. This feature has been replaced with "Business Nearby," which showcases legitimate, verified businesses. Additionally, the company has disabled new media uploads to Telegraph, its blogging tool. The X post.

    • On the other hand, Instagram is developing a "Friend Map" feature that allows users to track their friends' locations in real time. The feature, similar to Snapchat's Snap Map, is an internal prototype and not being tested externally. It is expected to copy Snapchat's core Stories functionality and Apple's "Find My" map feature.

Browser Plugin

  • FetchFox: An AI-driven web scraping tool for Chrome that collects data from complex HTML structures and bypasses anti-scraping measures.

Google Updates

  • Ask Photos: Google’s new Gemini-powered photo search tool allows you to search your phone’s gallery using detailed image queries. Just type what you want to find, and the AI selects the right photo for you—no more scrolling and manually checking.

  • Google Maps: A potential feature allowing anonymous reviews through an alternate profile is in development. Strings of code in the latest version of the Google app suggest this, with similar code also found in the Google Maps app.

CyberSec Free Event

Infostealers Webinar: September 12, 11 am CEST. Join here.