News

Forever 21 data breach and Android BadBazaar espionage

Dan Virgillito
September 5, 2023 by
Dan Virgillito

Forever 21 data breach impacts half a million individuals, Chinese APT group distributes BadBaazar spyware via trojanized Android messaging apps and the Classiscam scam-as-a-service operation. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

1. Forever 21 suffers data breach; over 500,000 individuals affected

The retailer has informed over 500,000 individuals that a Forever 21 cyberattack compromised their personal information between January and March 2023. The retailer identified the breach on March 20 and disclosed it to the Maine Attorney General. Impacted data includes names, bank accounts, Social Security numbers, birth dates and health plan information. Forever 21 later reported that it had secured the data and found no evidence of misuse, suggesting that the company communicated with the attackers.

Read more »

2. Chinese APT group using fake Signal and Telegram apps to distribute BadBaazar spyware

Cybersecurity firm ESET recently found that Chinese hacking group GREF uploaded trojanized versions of Signal and Telegram to Google Play and Samsung Galaxy Store. These compromised apps, named 'Signal Plus Messenger' and 'FlyGram,' contain BadBazaar spyware and targeted users in countries like the U.S., Poland and Ukraine. The spyware can steal sensitive information, including call logs and location data. Google has removed the malicious apps, but they remain available on Samsung's Galaxy Store. ESET recommends that Android users only download the official versions of messaging apps.

Read more »

3. Classiscam scam-as-a-service expands, now targeting 251 brands across 79 countries

Group-IB has reported that the Telegram-based Classiscam operation is causing greater financial damage and broadening its worldwide reach. The criminal platform, which enables fake ads and phishing sites to steal money and payment credentials, has grown to include 393 criminal gangs targeting users in 79 countries. Damages are estimated at $64.5 million, with targeted brands rising from 169 to 251. Classiscam has become more automated, using Telegram bots for rapid phishing site creation. Its main targets are European countries, with UK users losing the highest average amount per scam.

Read more »

4. Sourcegraph suffers data breach following accidental leakage of admin access token

Sourcegraph, a code search platform, reported a data breach due to an accidentally leaked admin access token. Discovered on August 30, the breach led to unauthorized admin dashboard access and a spike in API usage. Although the malicious user could have accessed some user emails and license keys, customer code and data were not compromised. Sourcegraph has since revoked the user's access and implemented additional security measures. The platform also clarified that that breach did not extend to customer code or data, which are stored in separate, isolated environments.

Read more »

5. Infamous Chisel mobile malware targeting Ukrainian military Android handsets

Five Eyes intelligence alliance disclosed details of "Infamous Chisel," a mobile malware targeting the Ukrainian military's Android devices. Attributed to Russian state-sponsored actor Sandworm, the malware enables unauthorized access and data theft. The Ukrainian Security Service (SBU) had previously detected unsuccessful attempts to compromise their networks. The malware is part of a larger cyber campaign by Russian forces against Ukraine, including another Kremlin-backed hacking group called Gamaredon, which is escalating attacks to harvest sensitive military data.

Read more »

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.