Police Disrupts FluBot, One of the Fastest-Spreading Mobile Spyware To Date

Read also: Chinese hackers are exploiting a Windows MSDT zero-day, Costa Rica’s health service hit by a ransomware attack, and more.

SMS-based FluBot spyware disrupted in international law enforcement operation

An international law enforcement operation involving 11 countries has resulted in the disruption of FluBot, one of the fastest-spreading mobile malware to date.

First spotted in 2020, FluBot, aka Fedex Banker and Cabassous, is a piece of aggressive mobile malware targeting Android users, which spreads via SMS and is designed to steal sensitive data, such as passwords, online banking details and other information from infected devices.

According to Europol, the Dutch Police (Politie) disrupted the malware’s infrastructure in May and took control over it. The law enforcement authorities are working to identify the individuals behind the FluBot global campaign.

Chinese hackers caught exploiting a Windows MSDT zero-day

China-linked state-sponsored hackers have been observed exploiting a recently disclosed zero-day RCE vulnerability in a Windows tool in attacks targeting the international Tibetan community.

The zero-day flaw in question (CVE-2022–30190, aka “Follina”) is a remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT). By exploiting the issue a remote attacker can execute arbitrary code with the privileges of the calling application, and install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. CVE-2022–30190 affects all supported Windows client and server platforms.

According to Proofpoint, the TA413 APT group believed to be working on behalf of the Chinese government has exploited the said vulnerability in attacks involving a Microsoft Word document used to install malicious payloads on victim devices.

DoJ seizes domains used to sell stolen data, DDoS services

US authorities have seized three internet domains — weleakinfo[.]to and two related domain names, ipstress[.]in and ovh-booter[.]com — used by cybercriminals to sell stolen data or launch cyber-attacks on victims networks.

The WeLeakInfo website offered a subscription service where customers could access personal information such as names, email addresses, usernames, phone numbers, and passwords for online accounts obtained through data breaches. The other two sites, Iipstress and Ovh-booter, offered to conduct DDoS (Distributed Denial of Service) attacks, for hire.

The three domains were seized as part of an international law enforcement effort with the help of National Police Corps of the Netherlands and the Federal Police of Belgium.

Read more news here:
https://www.immuniweb.com/blog/police-disrupts-flubot-one-of-fastest-spreading-mobile-spyware-to-date.html
© 2022 ImmuniWeb