At a glance.
- Joker spyware infests Android devices.
- PFC discloses data breach.
- Massive data exposure reported in China.
Joker spyware aims to steal users’ Bread.
Researchers at internet security company ESET have detected twenty Google Play apps infected with spyware called Joker (a.k.a Bread) designed to intercept the target’s SMS messages, sign them up for subscriptions to premium services, and display unwanted ads. Active since 2017, Joker is nothing new, but the recent discoveries demonstrate the malware has not been stopped by Android’s security controls. New Trace lists the apps in question, which include QR code readers, wallpaper apps, and camera accessories.
US accounts receivable firm suffers health data breach.
Professional Finance Company (PFC), a leading accounts receivable management agency based in the US state of Colorado, has disclosed that a recent network security incident might have compromised the data of some of the healthcare providers it serves. PFC says they stopped a sophisticated ransomware attack in which an intruder infiltrated and disabled some of the company’s computer systems. The company disclosed that although there is no evidence that personal data were abused, it’s possible the attacker could have accessed individuals’ first and last name, address, accounts receivable payment info, and in some cases, date of birth, Social Security number, health insurance info, and medical treatment details. PFC subsequently wiped and restored the impacted systems, and has improved its network security.
James McQuiggan, security awareness advocate at KnowBe4, commented on the continuing use criminals make of social engineering to obtain initial access to organizations:
“Cybercriminals use social engineering or attack vulnerable systems to gain access to an organization and while some organizations can detect and stop the attack within a short amount of time, what is uncertain is how many people are impacted by this attack. One of the more disparaging difficulties with data breaches is the revelation of how long the cybercriminals were inside the organization’s network, going undetected. Part of the cybercriminal’s repertoire is silently working through an endpoint to the critical systems by using exploits and stolen credentials.
“Cybercriminals’ efforts are to make money, and they accomplish this by stealing personal data they can sell for money. Data breaches where they can steal names, social security numbers, and email addresses are a good source of revenue.
“The customers will want to monitor their financial accounts and be alert for unauthorized charges. Additionally, be watchful of any new and opened accounts without authorization.”
Massive potential data breach being investigated in China.
An unidentified hacker is claiming to have stolen the data of a billion Chinese residents in what experts say could be the largest data leak the country has ever seen, Bloomberg reports. According to an anonymous online forum post from a user calling himself ChinaDan, the hacker allegedly breached a Shanghai police database and is in possession of over 23TB of stolen data including names, addresses, birthplaces, national IDs, phone numbers, and criminal case details. The data have been posted for sale for ten bitcoin, or approximately $200,000. ZDNet reports that Changpeng Zhao, CEO of cryptocurrency exchange Binance, posted about the discovery of the breach on Twitter: “Our threat intelligence detected 1 billion resident records for sale on the dark web.” HackRead adds that the alleged hacker says the breach was the result of a database misconfiguration. Shanghai officials are working to determine the authenticity of these claims, but according to a report from the Wall Street Journal, the details of at least nine residents from the hacker’s sample dataset were verified as legitimate. Yahoo Finance notes that the potential breach was a popular topic over the weekend by concerned users on China’s Weibo and WeChat social media platforms, and the hashtag “data leak” was blocked by Weibo on Sunday.