Companies target sextortion victims, Google Play malware is hawked on dark marketplaces and zero-click spyware infects iPhones. Here are the latest threats and advisories for the week of April 14, 2023.
By John Weiler
Threat Advisories and Alerts
Predatory Companies Target Sextortion Victims
The U.S. Federal Bureau of Investigation (FBI) has issued a warning that for-profit companies are exploiting sextortion victims, charging them exorbitant fees for their services. The companies coerce victims into buying goods and services using threats, false claims and manipulation—taking advantage of their feelings of shame and desperation. Non-profit agencies and law enforcement provide sextortion victims support at no charge. How can victims identify predatory companies? Organizations involved in assistance scams may request victims to sign a contract, discourage them from contacting authorities and use high-pressure tactics to scare them into a sale.
Balada Malware Infects over One Million WordPress Sites
A malware called Balada injector has infected more than one million WordPress sites in a campaign that’s been running since 2017. No WordPress website is safe, as according to website security company Sucuri, “all known and recently discovered theme and plugin vulnerabilities” can be exploited. If a website is infected, the Balada malware can exfiltrate sensitive information and redirect visitors to scam sites. Users can protect their sites by regularly updating them, implementing two-factor authentication and using strong passwords.
Emerging Threats and Research
The Hidden Marketplace Selling Malware to Infect Google Play Apps
Sneaking malware into Google Play’s app store has become big business for cybercriminals. A recent article published by Kaspersky explains how the security company tracked activity on nine dark web forums between 2019 and 2023, discovering a thriving malware marketplace. Offerings include ways to crack into the Google Play store through developer accounts costing $60-$200 and malicious loaders that go for $2,000-$20,000. For cybercriminals on a budget, a binding service that hides malware in a legitimate application can be bought for $50-$100.
Zero-click Spyware Infects iPhones of Civil Servants and Key Workers
A sophisticated zero-click spyware was discovered targeting the iPhones of at least five people working in key public roles, consisting of journalists, NGO workers and political opposition figures. The spyware, which was created by the Israeli company QuaDream, leverages a security flaw in iCloud calendar that enables backdated invites to be automatically added to a users’ calendar without notification. Once the device is compromised, the spyware has a range of capabilities that can monitor its targets, including recording audio from the microphone or phone calls, tracking the device’s location and taking pictures with the camera.
Owner of KFC, Pizza Hut and Taco Bell Discloses Data Breach
Fast food giant Yum! Brands—the parent company of Taco Bell, KFC and Pizza Hut—is sending notification letters to data breach victims of its January 13 ransomware attack. The incident, which forced the company to shut down nearly 300 restaurants, is believed to affect Yum! Brands employees. Personal information that was stolen includes ID card numbers and names.
Samsung Employees Share Sensitive Data with ChatGPT
Samsung Electronics engineers have reportedly input sensitive information into ChatGPT, sparking fears that the data could be leaked. On two occasions, engineers were using the language learning model to address code issues, while on a third, an employee used the tool to compose the minutes for a meeting. These missteps, though alarming, should not be surprising. According to a report by data protection company Cyberhaven, many employees have input sensitive information into ChatGPT, such as client data, source code and regulated information. OpenAI, the creator of ChatGPT, has warned users not to share sensitive information with the tool.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.