Introduction
Hello everyone ๐
Welcome to this week's edition of our security news review. I hope that you're doing good.
In this edition, we'll review articles that are about malware, vulnerabilities, and a data breach.
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
If you're looking for free stuff, you might be game! To complicate issues, it's an information-stealing malware. Oh my, what could go wrong? Just saying.
How can you get infected? Here is how:
the overall infection chain remains unchanged in that users searching popular cheating script engines like Solara and Electron on Google are served fake websites that embed links to booby-trapped ZIP archives on various GitHub repositories.
Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips
It's a sensitive issue. Google and Amnesty International are involved. That should tell you that the zero-day bug was used in targeted attacks. Still, this begs the question: Which Android devices are affected? Read the excerpt below ๐
Qualcomm listed 64 different chipsets affected by this vulnerability, including the companyโs flagship Snapdragon 8 (Gen 1) mobile platform, which is used in dozens of Android phones, including some made by Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE โ meaning millions of users around the world are potentially vulnerable.
31 Million Users Affected by Internet Archive Hack
Someone, please tell me, who hacks the Internet Archive? Like, it's an Internet Archive; they store stuff for historical purposes! Why go after them? I am short of words ๐.
There is no excerpt for you. Go read the article, then come back and finish the review.
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
Maintaining e-commerce stores will be a difficult task with cyber criminals on the horizon waiting to compromise your store. In this article, two cybercriminal groups targeted the same store and they were sharing information (via code comments) on how to share the profits!
There is no excerpt for this one. Have fun reading!
GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
Are you surprised? I am not. History books have shown us multiple times that threat actors use and are still using legitimate tools and services for malicious purposes.
In this case, here is what's going on:
Central to the attack chain is the abuse of GitHub infrastructure for staging the malicious payloads. One variation of the technique, first disclosed by OALABS Research in March 2024, involves threat actors opening a GitHub issue on well-known repositories and uploading to it a malicious payload, and then closing the issue without saving it.
In doing so, it has been found that the uploaded malware persists even though the issue is never saved, a vector that has become ripe for abuse as it allows attackers to upload any file of their choice and not leave any trace except for the link to the file itself.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.