Security news weekly round-up - 27th September 2024

Habdul Hazeez - Sep 27 - - Dev Community

Introduction

Welcome to our weekly review of top security news that are worthy of your time.

In this week's edition, the articles that we'll review are about the following:

  • Malware
  • Vulnerabilities

Let's begin.


Necro Trojan Infects Google Play Apps With Millions of Downloads

First, the malware was discovered in applications on the official Google Play Store. This begs the question: How did it sneak in? Well, for a starter, I don't know. But here is what I know: even the most secure systems or environments in the world can be breached by determined attackers.

It also drives home a lesson: just because it came from an official source, it does not mean it's safe. So, a lesson to me and you: always scan your phone using antimalware solutions.

The following excerpt details how the malware works:

The variant of Necro discovered by Kaspersky experts can download modules onto infected smartphones that display ads in invisible windows and click on them, download executable files, install third-party applications, and open arbitrary links in invisible WebView windows to execute JavaScript code

Infostealer malware bypasses Chrome’s new cookie-theft defenses

This is a tale of the hunter and the haunted. I apologize if that analogy is not befitting enough. Anyway, I believe you'll get the drill after reading the subsequent sentences.

Here is what happened: Google Chrome implemented a feature to protect against cookie theft and shortly after that, the malware authors behind known stealers like Lumma Stealer, updated their code to bypass the feature.

Now, you might say that's smart. To some certain extent, yes. But, not in a good way. Ok, that's enough of my little rant. And, no excerpt for you. Go read the article. Next! Let's proceed.

Hackers deploy AI-written malware in targeted attacks

The indicator that gave the researchers high confidence that the malware was AI-generated was the way the code was commented. I mean, who would write malware and leave extensive comments on how it works? I believe no one. Moreover, if you have generated code with AI, you'll certainly know what I am saying. Nonetheless, the hackers should have been smart enough to at least tell the AI: Generate the code and [REDACTED].

I refuse to complete the last sentence because I don't want to be a facilitator on how to use AI for bad stuff. Well, luckily they didn't remove the comments. If not, we might not be talking about them now. So refreshing! 😊

Like the previous article, there is no excerpt for this one. Have fun reading! Don't worry, it's a short read.

New Octo Android malware version impersonates NordVPN, Google Chrome

First, at the time of writing, the malware has not been spotted on Google Play; which is a good thing. Second, reading about the features of the malware makes me wonder: why put lots of effort into making something this dangerous? I mean it's a banking Trojan! Someone tell me why!

The campaign using the malware is currently active in the regions mentioned in the following excerpt:

Campaigns currently deploying Octo2 focus on Italy, Poland, Moldova, and Hungary. However, as the Octo Malware-as-a-Service (MaaS) platform has previously facilitated attacks worldwide, including in the U.S., Canada, Australia, and the Middle East, we will likely see Octo2 campaigns appear in other regions soon.

Hacker plants false memories in ChatGPT to steal user data in perpetuity

To say the least, it's scary. On the other hand, I am not surprised. Why? It's a system. And as history has taught us, systems, no matter how "secure" they're perceived to be, can be vulnerable.

Here is what's going on:

The researcher demonstrated how he could trick ChatGPT into believing a targeted user was 102 years old, lived in the Matrix, and insisted Earth was flat and the LLM would incorporate that information to steer all future conversations. These false memories could be planted by storing files in Google Drive or Microsoft OneDrive, uploading images, or browsing a site like Bing—all of which could be created by a malicious attacker.

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Good news: they patched it. Bad news: it's scary to know that we live in a fragile interconnected world where anything, with the appropriate effort, can be hacked.

Here is what happened:

The crux of the research is that the issues exploit the Kia dealership infrastructure ("kiaconnect.kdealer[.]com") used for vehicle activations to register for a fake account via an HTTP request and then generate access tokens.

The token is subsequently used in conjunction with another HTTP request to a dealer APIGW endpoint and the vehicle identification number (VIN) of a car to obtain the vehicle owner's name, phone number, and email address.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .