At a glance.
- Malware found in APKPure.
- Scraped Clubhouse data offered in hacking forum.
- White hats identify Zoom vulnerability.
APKPure app infected with malware.
Bleeping Computer reports that malware was detected in the APKPure app, a third-party Android alternative to Google’s Play Store. Malware analysts from Kaspersky and Dr.Web discovered code indicative of a variant of the Triada Trojan embedded in an ad in version 3.17.18 of APKPure. Kaspersky explained, "The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched. It then collects information about the user device and sends it to the C&C server." Once the Trojan is loaded, depending on the operator’s intentions, it can display malicious ads, sign the user up for paid subscriptions, or install other malicious software without the users' permission. Though it is unclear exactly how many users have been impacted, Kaspersky has found the malicious code on 9,380 devices so far. Founder of mobile security firm ThreatFabric Cengiz Han Sahin analyzed the origins of malware for The Record by Recorded Future. “The malicious payload is encrypted and stored inside the app’s code,” he explained. “The code used to decrypt and load the payload is launched from third-party SDK [Software Development Kit].” However, he was unable to determine whether the malicious code was introduced by the SDK maker or by an APKPure developer. Android users who have installed version 3.17.18 have been advised to update to the newly released 3.17.19, which will remove the malware from infected devices.
Welcome to the (scraping) club, Clubhouse.
As the CyberWire noted last week, social media giants Facebook and LinkedIn suffered recent data leaks (really scraping incidents), and now invitation-only audio social media app Clubhouse joins their ranks. CyberNews reports that an SQL database containing 1.3 million stolen user records was posted on an underground hacker forum. While no payment or legal info was included, the user IDs, Twitter and Instagram handles, and follower numbers were among the exposed data. Clubhouse, however, responded on Twitter by stating that reports of a breach are false, as the scraped user data are technically information available in public profiles: “Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.” According to PYMNTS, when asked during a townhall about reports of a breach, Clubhouse CEO Paul Davison stated, "This is misleading and false, it is a clickbait article, we were not hacked." Clubhouse does seem correct in this regard, but of course even scraped public data can be used for all manner of targeted social engineering attacks.
Zoom vulnerability caught by white-hat hackers.
A team in the Zero Day Initiative’s Pwn2Own white-hat bug-discovery contest have detected a zero-day vulnerability in leading video-conferencing platform Zoom. ZDNet explains that the team of cybersecurity researchers earned themselves a reward of $200,000 for their findings. The details of the vulnerability have not been released, as Zoom has not yet had time to patch the issue, but the researchers demonstrated how a three-bug attack chain could allow an attacker to initiate remote code execution attacks without any user interaction. Zoom thanked the team for their discovery and explained that while the issue affects Zoom Chat, it shouldn’t impact Zoom Meetings or Zoom Video Webinars. “The attack must also originate from an accepted external contact or be a part of the target's same organizational account," a Zoom spokesperson stated, adding that users are advised not to accept contact invites from unfamiliar individuals.