WhatsApp data leak, DraftKings accounts takeover and the evolution of Ducktail malware
WhatsApp data leak puts almost 500 million users at risk; cybercriminals drain DraftKings accounts of $300,000 and the new capabilities of Ducktail malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
1. WhatsApp data leak: nearly 500 million user records for sale
According to an ad posted on a popular hacking community forum, a threat actor claimed they were selling a 2022 database of 487 million WhatsApp mobile numbers. It allegedly contains over 32 million U.S. user records, nearly 10 million Russian phone numbers, and over 11 million UK citizens’ mobile numbers. Overall, the dataset includes WhatsApp user data from 84 countries. Cybernews, the source of this story, requested the threat actor to share a sample of data and, upon investigation, found that all numbers belonged to WhatsApp users.
2. DraftKings account takeovers frame sports-betting cybersecurity
The renowned online betting platform DraftKings recently suffered credential-stuffing attacks—cybercrooks have drained its user accounts of $300,000. The company investigated irregular activity when its users complained of being locked out of their accounts and having their money drained. Soon after, it released a statement confirming the breach. DraftKings believes the login information of the affected users was compromised on other sites and then used to breach their DraftKings accounts where they used the same login credentials.
3. Vietnam-based Ducktail cybercrime operation evolving, expanding
Ducktail, the malware specifically targeting Facebook business users, has been updated with new capabilities to evade detection. Threat actors behind the malware have been using EV (extended validation) certificates lately to sign the payload and have been observed changing these certificates mid-campaign. In another instance, Ducktail targeted victims with archive files through WhatsApp. When the target lacked sufficient permissions to add the adversaries’ email addresses to the relevant Facebook business account, the attackers collected enough details to impersonate the victim and spoof the account via hands-on techniques.
4. Android file manager apps infect thousands with Sharkbot malware
Bitdefender analysts recently discovered fresh trojan apps disguised as file managers on the Google Play Store. The apps have infected devices with the Sharkbot malware, a dangerous trojan that attempts to steal online banking information. The Sharkbot trojan displays fake login prompts over legitimate login forms in banking apps. When a user attempts to log in via the fake form, the credentials are stolen and transmitted to the adversary. One of the malicious apps carrying the malware has been downloaded 10,000 times.
5. Google alerts Gmail users about 5 key holiday season scams
Google has warned Gmail users about five major scams during the holiday season. The email provider advised users to be vigilant about giveaways and gift cards, charities, subscription renewals and crypto payment demands. Additionally, it tells users to watch for identity-based malicious emails, which may include elements specific to their identity or life. An example includes communications from local PTA (parent-teacher association) board members. Even though digital safeguards in Gmail offer good protection, you should always take steps like checking the sender’s email to stay safe.