At a glance.
- Phishing campaign releases RAT in targets’ devices.
- NSO Group’s new head says it’s committed to the lawful intercept market.
- Oversharing customer data? .
Phishing campaign releases RAT in targets’ devices.
Researchers at Bitdefender have uncovered a phishing campaign in which hackers are abusing OneNote documents to move the AsyncRat credential-stealing Trojan. The threat actors are sending emails with OneNote attachments that appear to be invoices from reputable Canadian gas retailer Ultramar but that are actually malicious files deploying AsyncRAT, a remote access tool that allows the attacker to infiltrate the victim’s device. As Hot for Security explains, AsyncRAT gives the threat actor control of infected machines via keystroke capturing, screen recording, and remote file execution. The hosting malware domains used in the operation appear to belong to a Catholic Church in Canada and a digital service provider in India, a typical tactic used by threat actors to avoid detection. The campaigns targeted residents of Canada, the US, the UK, and Hungary, with most of the malicious emails originating from US IP addresses. “It’s clear to see how cybercriminals leverage new attack vectors or less-detected means to compromise user devices,” said Adrian Miron, manager at Bitdefender’s Cyber Threat Intelligence Lab. “These campaigns are likely to proliferate in coming months, with cybercrooks testing out better or improved angles to compromise victims.”
NSO Group’s new head says it’s committed to the lawful intercept market.
Israeli tech firm NSO Group, producer of controversial surveillance software Pegasus, has been under fire in recent months for the spyware’s connection to illicit surveillance scandals across the globe. Yaron Shohat became NSO’s chief executive in 2022, and the Wall Street Journal sat down with him for his first media interview since taking the position. The US hit NSO with harsh sanctions last year, and while Shohat admits NSO has lost clients and employees, he says the company is stable and even taking on new customers. Shohat states, “NSO products are in high demand, and I really believe this kind of technology is necessary for any law-enforcement agency or intelligence agency.” There had been speculation that the firm might be shifting to other markets (like cyber defense), but Shohat says NSO is firmly committed to providing its customers with surveillance tools like Pegasus.
While NSO remains tight-lipped about exactly who those customers are, Shohat says clients are largely of members of the North Atlantic Treaty Organization and other allies of the U.S. and Israel, adding “all the customers or countries that the U.S. would sell weapons to, and all of them according to the regulation and the law.” He claims the company is attempting to crackdown on abuse of the spyware and has terminated ten clients as a result. Shohat says, “I will not tell you that we never had mistakes, but we act responsibly. We make sure that all of our customers understand what abuse means; understand what are the legitimate use cases for the tool.”
Customer data spill in the paint aisle?
The Office of the Privacy Commissioner of Canada (OPC) says Home Depot’s Canadian division has been sharing customer data from e-receipts with Facebook owner Meta without customer consent, Reuters reports. An investigation revealed that by participating in Meta's offline conversions program, the home improvement retail giant was handing over receipt data including encoded customer email addresses and in-store purchase details. As recommended by OPC, the big box store has ceased sharing the data with Meta in October 2022 and will not resume the program until the company implements measures to ensure customers can properly consent to having their data shared with Meta.