At a glance.
- The possibility of double-extortion in the Kaseya ransomware attack.
- Nine malicious apps ejected from Google Play.
Is double-extortion a possibility in the Kaseya ransomware attack?
As details continue to unfold in the developing story of the ransomware attack on Kaseya’s VSA infrastructure management product, all signs indicate that the infamous REvil ransomware gang are behind the incident. Though the threat actors are currently negotiating ransom requests with the victims and have not (yet) threatened to release any exfiltrated personally identifiable information, this tactic remains a possibility, as REvil has been known to use this extortion method in the past. NPR reported in June that the Federal Bureau of Investigation confirmed REvil was at the helm of the recent attack on global meat-processing giant JBS, and that the hackers had exfiltrated data from JBS’s servers. While no stolen JBS data have yet been released, a REvil member who calls himself "UNKN" stated in an October interview that the gang would sell off sensitive data stolen from targets who refused to pay up. And as JBS agreed to pay REvil an $11 million ransom, there’s no telling what might have happened if JBS had refused to comply. (A general account of the incident is available from the CyberWire.)
Nine malicious apps found on Google Play.
Computing reports that Google has removed nine apps from the Google Play store that were found to be stealing users’ Facebook login credentials. Though the apps offered fully functioning, seemingly harmless services like photo-editing, astrology, and fitness, researchers at the antivirus firm Dr.Web discovered that they were actually Trojans in disguise. Upon download, the apps directed users to access their Facebook accounts in order to secure special in-app features and turn off ads, presenting users with a malicious page masquerading as a convincing Facebook login form. After the credentials were submitted, the Trojans also pilfered cookies from the current session. What’s more, with 58 million downloads between them, the apps were extremely popular. Ars Technica adds that, in addition to removing the apps, Google Play also banned the developers from submitting future apps (though the perpetrators could easily get around this by signing up for new developer accounts under false identities).