Cyber Security Headlines: Fake investment network, DawDropper Android malware, North Korea’s SharpTongue

Huge network of 11,000 fake investment sites targets Europe

The network promotes numerous fake investment schemes to users in Europe. They show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy to lure in a larger number of victims. According to researchers at Group-IB, the goal of the operation is to trick users into falling for an opportunity for high-return investments and convince them to deposit a minimum amount of 250 EUR ($255) to sign up for the fake services. More than 5,000 of the identified malicious domains are still active. Targeting numerous countries in Europe. 

(Bleeping Computer)

DawDropper Android apps serve up banking malware

Researchers at Trend Micro uncovered the malicious campaign that leveraged 17 seemingly harmless Android dropper apps on the Google Play Store, collectively tracked as DawDropper. They masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. The apps were spotted dropping four families of banking trojans, including Octo, Hydra, Ermac, and TeaBot, and have since been removed from the app marketplace.

(Security Affairs)

North Korea-linked SharpTongue spies on email accounts with a malicious browser extension

SharpTongue has been using a malicious extension called SHARPEXT on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. Cybersecurity firm Volexity tracked the threat actors but noted its operation overlaps with the one of the Kimsuky APT group. Unlike other extensions used by the Kimsuky APT group, SHARPEXT does not try to steal usernames and passwords, rather, it accesses the victim’s webmail account as they browse it.

(Security Affairs)

The long tail of the chip shortage

A report in Nikkei Asia describes how chip suppliers in Japan and China are admitting they will miss the elongated delivery times they have promised to customers worldwide due to bottlenecks in the supply chain that they themselves rely on. These include manufacturers of chemical cleaning machines, valves, tubes, pumps, gases, and containers made of special plastics — all of which are vital to the painstaking precision required in chip manufacturing. Industry experts warn that countries who believe they can onshore the entire chip-making process to no longer depend on external suppliers will find the task impossible due to the complexity of the process.

(Nikkei Asia)

Thanks to today’s episode sponsor, HYAS

Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected?

This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks.

 Don’t just react, take your security back with HYAS. Visit

Canadian donut chain offers coffee and donut to settle data privacy invasion claims

Tim Hortons, a Canadian cultural cornerstone in the coffee and donuts sector, is offering to settle multiple data privacy class-action lawsuits against it by offering something it knows it’s good for: a coffee and a donut. The action is based on the discovery that between May 2019 and August 2020, Tim Hortons’ mobile apps collected geolocation data from users without their knowledge or consent. Tim Hortons will also have to permanently delete any geolocation data its apps improperly collected, and must instruct third party providers who had access to the data to do the same. The offer still requires approval from the courts.

(The Register)

Anonymous did in fact breach Russian databases and leak ‘massive’ amounts of data

Following up on a story we brought you in April, investigations into the allegations that hacktivists from Anonymous hacked Russian databases have proven to be correct. Cybersecurity specialist Jeremiah Fowler performed a random sampling of 100 exposed Russian databases and discovered that 92 of them had indeed been compromised. According to CNBC, the data leaked online was in amounts so large it will take years to review. This is confirmed by Shmuel Gihon, a security researcher at Cyberint. One of the more immediate outcomes of the hacks, Fowler and Gihon agree, is that Russia’s cybersecurity defenses have been revealed as being far weaker than previously thought.

(Slashdot and CNBC)

Pegasus spyware? We’re only seeing ‘the tip of the iceberg’ 

During an open House Intelligence Committee hearing on Wednesday, US lawmakers heard testimony from Citizen Lab, Google’s Threat Analysis Group, and a direct victim of Pegasus spyware, who together are calling on Congress to weigh in on spyware, asking for sanctions and increased enforcement against so-called legit surveillanceware makers. Pegasus is the now-infamous malware that its developer, Israel’s NSO Group, claims is only sold to legitimate government agencies — not private companies or individuals. Committee chair, Representative Adam Schiff, made the tip-of-the-iceberg comment, as follows, “It is my belief that we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors.”

(The Register)

Last week in ransomware

A new ransomware do-it-yourself kit called Karmen made the rounds, making it easy for wannabe cybercriminals to launch ransomware attacks. Security researchers believe the recently discovered ransomware as a service (RaaS) offering was developed in part by a Russian-speaking ransomware author who goes by the alias DevBitox. Karmen can turn almost anyone into a cybercriminal in just a few clicks. Karmen is based on a well-known open source ransomware project called Hidden Tear. The customizable ransomware comes with a dashboard that allows cybercriminals to track the number of machines infected and the total revenue accrued, and provides automatic updates. Karmen even automates payment processing so users can concentrate on distributing the ransomware. All this for just $175. 

(Eric Vanderburg)