Details

The Hacker News

10 August 2023

August 08, 2023  The Hacker News published The operators associated with the QakBot (aka QBot) malware have set up 15 new command-and-control (C2) servers as of late June 2023.

The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed that 25% of its C2 servers are only active for a single day.

"QakBot has a history of taking an extended break each summer before returning sometime in September, with this year's spamming activities ceasing around 22 June 2023," the cybersecurity firm said.

"But are the QakBot operators actually on vacation when they aren't spamming, or is this 'break' a time for them to refine and update their infrastructure and tools?" Read More

Details

BleepingComputer

10 August 2023

August 08, 2023 BleepingComputer published Microsoft's Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS credential managers.

These tokens are used for integrating with various third-party services and APIs, such as Git, GitHub, and other coding platforms, so stealing them could have significant consequences for a compromised organization's data security, potentially leading to unauthorized system access, data breaches, etc.

The flaw was discovered by Cycode researchers, who reported it to Microsoft along with a working proof-of-concept (PoC) they developed. Yet, the tech giant decided against fixing the issue, as extensions are not expected to be sandboxed from the rest of the environment. Read More...

Details

BleepingComputer

10 August 2023

August 07, 2023 BleepingComputer published Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence.

The technique isn't entirely new, as Phylum reported in January 2023 that threat actors created malicious PyPI packages that used Cloudflare Tunnels to stealthy steal data or remotely access devices.

However, it appears that more threat actors have started to use this tactic, as GuidePoint's DFIR and GRIT teams reported last week, seeing an uptick in activity. Read More..

Details

BleepingComputer

10 August 2023

August 07, 2023 BleepingComputer published The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a phone's screen was off, running down a device's battery.

McAfee's Mobile Research Team discovered the malicious Android apps and reported them to Google as they violated Google Play Store's policies. Google subsequently removed the apps from Android's official store.

The applications were mainly media streaming apps and news aggregators, and the target audience was predominately Korean. However, the same deceptive tactics could very easily be applied to other app categories and more diverse user demographics. Read More..