Malware found in APKPure. Scraped Clubhouse data offered in hacking forum. White hats identify Zoom vulnerability.

Malware found in Google Play alternative. Clubhouse data scraped. White hats find Zoom bug.

Summary

By the CyberWire staff

At a glance.

Malware found in APKPure.
Scraped Clubhouse data offered in hacking forum.
White hats identify Zoom vulnerability.

APKPure app infected with malware.

Bleeping Computer reports that malware was detected in the APKPure app, a third-party Android alternative to Google’s Play Store. Malware analysts from Kaspersky and Dr.Web discovered code indicative of a variant of the Triada Trojan embedded in an ad in version 3.17.18 of APKPure. Kaspersky explained, "The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched. It then collects information about the user device and sends it to the C&C server." Once the Trojan is loaded, depending on the operator’s intentions, it can display malicious ads, sign the user up for paid subscriptions, or install other malicious software without the users' permission. Though it is unclear exactly how many users have been impacted, Kaspersky has found the malicious code on 9,380 devices so far. Founder of mobile security firm ThreatFabric Cengiz Han Sahin analyzed the origins of malware for The Record by Recorded Future. “The malicious payload is encrypted and stored inside the app’s code,” he explained. “The code used to decrypt and load the payload is launched from third-party SDK [Software Development Kit].” However, he was unable to determine whether the malicious code was introduced by the SDK maker or by an APKPure developer. Android users who have installed version 3.17.18 have been advised to update to the newly released 3.17.19, which will remove the malware from infected devices.

Welcome to the (scraping) club, Clubhouse.

As the CyberWire noted last week, social media giants Facebook and LinkedIn suffered recent data leaks (really scraping incidents), and now invitation-only audio social media app Clubhouse joins their ranks. CyberNews reports that an SQL database containing 1.3 million stolen user records was posted on an underground hacker forum. While no payment or legal info was included, the user IDs, Twitter and Instagram handles, and follower numbers were among the exposed data. Clubhouse, however, responded on Twitter by stating that reports of a breach are false, as the scraped user data are technically information available in public profiles: “Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.” According to PYMNTS, when asked during a townhall about reports of a breach, Clubhouse CEO Paul Davison stated, "This is misleading and false, it is a clickbait article, we were not hacked." Clubhouse does seem correct in this regard, but of course even scraped public data can be used for all manner of targeted social engineering attacks.

Zoom vulnerability caught by white-hat hackers.

A team in the Zero Day Initiative’s Pwn2Own white-hat bug-discovery contest have detected a zero-day vulnerability in leading video-conferencing platform Zoom. ZDNet explains that the team of cybersecurity researchers earned themselves a reward of $200,000 for their findings. The details of the vulnerability have not been released, as Zoom has not yet had time to patch the issue, but the researchers demonstrated how a three-bug attack chain could allow an attacker to initiate remote code execution attacks without any user interaction. Zoom thanked the team for their discovery and explained that while the issue affects Zoom Chat, it shouldn’t impact Zoom Meetings or Zoom Video Webinars. “The attack must also originate from an accepted external contact or be a part of the target's same organizational account," a Zoom spokesperson stated, adding that users are advised not to accept contact invites from unfamiliar individuals.

Selected Reading

Critical Zoom vulnerability triggers remote code execution without user input (ZDNet) The researchers who discovered the bug have earned themselves $200,000.

Clubhouse Data Leak - 1.3M SQL Database Leaked Online (CyberNews) An SQL database containing 1.3 million Clubhouse user records has been leaked for free on a popular hacker forum.

Clubhouse denies data breach report, says only publicly viewable info scraped (mint) Paul Davison, said the claims were false during a town hall this past week, according to a report by The Verge.The data referred to was all public profile information, said Davison

Clubhouse CEO Denies Report Of Data Leak (PYMNTS) Clubhouse CEO Paul Davison said there was no user info leak, contrary to what had been previously reported.

Clubhouse CEO says user data was not leaked, contrary to reports (The Verge) The information was publicly available, according to the company

Personal data of 1.3m Clubhouse users leaked online after LinkedIn and Facebook also suffered data breaches (Business Insider) The leaked data of Clubhouse users includes names, social media profiles, and other details. It's the latest in a recent string of data breaches.

Data from 500M LinkedIn Users Posted for Sale Online (Threatpost) Like the Facebook incident earlier this week, the information — including user profile IDs, email addresses and other PII — was scraped from the social-media platform.

LinkedIn denies 500 million user data breach (The Record by Recorded Future) LinkedIn has formally denied a rumor that it suffered a devastating security breach that exposed the account details of more than 500 million of its registered users.

An update on report of scraped data (An update from LinkedIn) Members trust LinkedIn with their data, and we take action to protect that trust. We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies.

Access to Tata Communications servers sold after breach, hackers claim (OpIndia) As per two posts by hackers on a hackers' forum, they have gained access to Tata Communications servers and sold them. | OpIndia News

Paxful denies reports of customer data leak (Cointelegraph) “The employee data that the person claims to have was obtained illegally from a third party supplier that Paxful previously used," a spokesperson from Paxful said.

Upstox Tiptoes Around Data Breach Impacting 2.5 Mn Users, But Upgrades Security System (Inc42 Media) Upstox says it has upgraded its systems on the recommendations of a global cybersecurity firm after receiving claims of unauthorised access to its database

Upstox suffers hack, data of 25 lakh users for sale on dark web (MediaNama) Indian stockbroking app Upstox has suffered a data breach and KYC data of 25 million investors is listed for sale on the dark web.

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users (Inc42 Media) Network18-owned financial portal Moneycontrol has allegedly suffered a data breach affected 7 lakh users on the platform.

Region of Durham falls victim to cyber attack (Toronto Star) Statement says incident "did not impact the region's core IT systems."

Whistleblower Says Ubiquiti Lied About the Source and Extent of Its Data Breach To Protect Stocks ( (CPO Magazine) A security professional who participated in Ubiquiti’s last year’s data breach response blew the lid on an alleged coverup plot by the IoT devices manufacturer.

Covid results emails may breach GDPR (Computing) Messages from the Department of Health and Social Care contain personally identifiable information, warns Kuan Hon