Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.

Source: Piotr Adamowicz via Alamy Stock Photo

Before September 2024, policy of encrypted communications provider Telegram stated it would only share user data with law enforcement in instances of terrorism. That was until the company's Russian-born CEO Pavel Durov was arrested in France in late August and released on a $5 million bond.

By late September, Telegram had changed its tune — agreeing to give law enforcement user information, including phone numbers and IP addresses in cases of fraud and other cybercrimes. Telegram also committed to producing transparency reports on the data it released as a result of law enforcement requests. And according to Telegram's latest transparency report, the platform's cooperation with the cops has indeed exploded since September.

According to Telegram, the company only responded to 14 requests from the US government in the first nine months of 2024, affecting a total of 108 users, 404 Media was first to report. By the end of the year, Telegram reported it had met a total of 900 requests from the US, affecting 2,253 users.

The next report is expected from Telegram in April.

**Telegram's Data Sharing Policy Moves Cybercrime Needle?**

At the time of Durov's arrest last year, experts predicted the additional pressure on Telegram would have little effect on its thriving cybercrime operations. In the short term, arrests and fragmenting of certain cybercrime operations will likely produce some benefit for cyber defenders, but ultimately they will find other places to do their illegal business, according to Callie Guenther, senior manager of cyber-threat research for Critical Start.

Related:Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban

"This development is expected to prompt many cybercriminals to migrate to alternative platforms that prioritize privacy or employ decentralized infrastructures," she says. "Platforms such as Signal or Session, as well as services on the darknet, may become the next hubs for illicit activities, but this migration could also create a more fragmented ecosystem, complicating law enforcement efforts and requiring additional resources to monitor new avenues."

In the longer term, Telegram's policy shift represents a wider trend of increased government pressure on technology companies to cooperate with law enforcement activities, Guenther adds, pointing to Durov's arrest as a high-profile example.

"The trade-off between privacy and security remains contentious," Guenther says. "Over time, cybercriminals are likely to adapt to the new landscape, increasing the operational complexity for both investigators and cybersecurity professionals. Balancing these considerations will be essential to addressing the evolving dynamics of online threats without undermining broader privacy protections."

Related:Treasury Dept. Sanctions Chinese Tech Vendor for Complicity

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Sharing of Telegram User Data Surges After CEO Arrest

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

Source: Cyberstock via Alamy Stock Photo

NEWS BRIEF

Chinese messaging and gaming giant Tencent has been labeled a Chinese military business by the US Department of Defense (DoD).

The move comes on the heels of the US Department of Treasury sanctioning China-based cybersecurity company Integrity Technology Group for its role in computer-intrusion incidents against US critical infrastructure.

With the designation, Tencent cannot supply the US federal government with technology or services. It joins others like Huawei, and was added to the list known as "Section 1260" as part of a group that includes Contemporary Amperex Technology Company (CATL), China Overseas Shipping (COSCO), Changxin Memory Technologies, and Autel Robotics, a drone manufacturer.

The price of Tencent's shares in the US dropped nearly 10% on Jan. 7 after the announcement, accounting for billions in losses, but unlike a sanctioning, the designation does not mean that the firm can't still operate stateside, only that it can't do business with the federal government. A spokesperson for the company said that putting Tencent on the list was "a mistake" and that it is not a military company or supplier to the US federal government. The company also said that, in the long run, being added to the list will have "no impact" on the business and that it will work with the DoD to address the misunderstanding.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

Source: trekandshoot via Alamy Stock Photo

NEWS BRIEF

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the third-party breach that affected the US Treasury Department at the hands of Chinese threat actors was limited to just that agency.

"CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident," the CISA stated in a brief bulletin. "At this time, there is no indication that any other federal agencies have been impacted by this incident."

The department alerted lawmakers on Dec. 30 to the intrusion, noting that cyber threat actors were able to compromise systems and steal data from workstations.

The adversaries broke into the Treasury Department by exploiting a bug in BeyondTrust, a vendor that offers software-as-a-service (SaaS)-based cybersecurity, and gained access to a remote key that secured a cloud-based service providing technical support to Treasury Department Offices' (DO) end users. From there, they were able to override security and remotely access Treasury DO workstations.

As CISA continues to monitor the situation, it reports that it is "working aggressively to safeguard against any further impacts and will provide updates, as appropriate."

BeyondTrust meanwhile updated its statement on the incident yesterday, stating that its forensic investigation is nearly complete, all SaaS instances of BeyondTrust Remote Support have been fully patched, and no new victims have been identified other than those previously communicated.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

CISA: Third-Party Data Breach Limited to Treasury Dept.

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

Source: Primakov via Shutterstock

A malicious plug-in found on a Russian cybercrime forum turns WordPress sites into phishing pages by creating fake online payment processes that convincingly impersonate trusted checkout services. Masquerading as legitimate e-commerce apps such as Stripe, the malware proceeds to steal customer payment data.

Called PhishWP, the WordPress plug-in was designed by Russian cybercriminals to be particularly deceptive, researchers from SlashNext revealed in findings published this week. In addition to mimicking the legitimate payment process that people would be familiar with to complete online transactions, it also has a key feature that make payment processes on transactions appear secure by allowing users to create one-time passwords (OTPs) during the process, they said.

Instead of processing payments, however, the payment gateway steals credit card numbers, expiration dates, CVVs, billing addresses, and more when people enter their personal data, thinking they are using a legitimate payment gateway. As soon as victims of the plug-in press "enter," the data is sent to a Telegram account controlled by the cybercriminals. Threat actors can use the plug-in like any WordPress plug-in, by either installing it on a legitimate but compromised WordPress site or creating a fraudulent site and using it there.

Related:Thousands of BeyondTrust Systems Remain Exposed

"PhishWP’s features make fake checkout pages look real, steal security codes, send your details to attackers right away, and trick you into thinking everything went fine," SlashNext security researcher Daniel Kelley wrote in the post.

This immediate turnaround of data "equips cybercriminals with the necessary credentials to make fraudulent purchases or resell the stolen data — sometimes within minutes of capturing it," notes Jason Soroko, senior fellow at Sectigo, a certificate life-cycle management (CLM) firm, making it a fast return on their investment to use the plug-in for nefarious purposes.

**Other Key PhishWP Malware Features**

OTP hijacking is one of the plug-in's key features, which when combined provide attackers with a turnkey solution for hijacking payment pages. Included in these are the aforementioned customizable checkout pages that simulate common payment processes through "highly convincing" fake interfaces, Kelley wrote.

Another feature of PhishWP, browser profiling, captures data beyond payment info for the replication of user environments for use in potential future fraud. This includes IP addresses, screen resolutions, and user agents.

The plug-in also gives the hijacked checkout process added legitimacy by using auto-response emails to send fake order confirmations to victims, which delays suspicion and thus detection of the attack. And as mentioned before, PhishWP also integrates with Telegram to instantly transmit stolen data to attackers for potential exploitation in real time.

Related:Recorded Future: Russia's 'Undesirable' Designation Is a Compliment

The plug-in also comes in an obfuscated version for stealth purposes, or users can use its source code for advanced attacker customizations. Finally, PhishWP also offers multilanguage support so attackers can target victims globally.

**Browser-Based Protection From E-Commerce Phishing**

Creating malicious plug-ins for WordPress sites has become a cottage industry for cyberattackers, giving them a broad attack surface due to the popularity of the platform, which as of today is the basis for some 472 million websites, according to Colorlib, which provides WordPress themes.

One of the reasons that PhishWP — or any malicious WordPress plug-in — is so dangerous is that the malicious process is built directly into the browser, which makes it difficult to detect when it appears as a legitimate part of online engagement.

To defend against such threats, SlashNext recommends using phishing protection that also works from directly inside the browser to spot phishing sites before they reach the end user. These solutions, which are available within various browsers, work within browser memory to block malicious URLs before users engage with them. The company said this provides real-time threat detection and blocking capabilities that traditional security measures might miss.

Related:Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Who are you? Who is the person behind the machine? Security involves asking people who they are all the time. Send us a cybersecurity-related caption to describe the above scene. Our favorite entry will win its wordsmith a $25 gift card.

Here are four convenient ways to submit your ideas before the Jan. 28, 2025 deadline:

*   Via social media: X, Facebook, and LinkedIn. (New! Bluesky, too!) (If you win, we'll respond to you on the same platform, requesting your email address.)
    

**Last Month's Winner**

Shout out — and a $25 Amazon gift card — to Marcello Delcaro, winner of the July contest "Cyber Cloudburst," for sending us the winning caption for December's "Shackled!" cartoon. Some noteworthy contenders included "Corporate says we're free to innovate — just not free to leave," "Now I know why they are called control systems," and "Phase 3 of the Cyber Kill Chain-Exploitation." A big thank you to all who participated.

**About the Author**

Cartoonist

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Name That Edge Toon: Greetings and Salutations

We can't put defense on hold until Inauguration Day.

Christy Wyatt, President & Chief Executive Officer, Absolute Security

January 7, 2025

3 Min Read

Source: Albert Knapp via Alamy Stock Photo

COMMENTARY

In 1998, President Bill Clinton published the first White House national cyber policy. Since then, cyberattacks have evolved alongside the explosive growth of the digital world, as have laws, policies, and regulations. Although there's been continuous federal activity around cyber since the early days of the Internet, the level of seriousness and attitudes toward how much control government should exercise over technology and cybersecurity fluctuates, with debates continuing to rage over how free or controlled the tech markets should be.

With the upcoming changing of the guard in the US, those of us in the domestic cybersecurity and technology industries are all wondering where we will land. Will the Cybersecurity and Infrastructure Security Agency (CISA) be eliminated? Will we see a raft of new security, privacy, and compliance laws? Will current cybersecurity regulations be deprioritized? Will rapid deregulation undo much of what we've already adjusted to? No one really knows.

Despite the uncertainty, one thing cybersecurity and risk professionals all know is that cybercriminals aren't putting their plans on hold until after Inauguration Day. If anything, threat actors will ramp up activities to take advantage of this current period of post-election uncertainty. Those of us responsible for protecting the public and private sectors know that now isn't a time to debate which side has the better security plan. It's time to come together in our efforts to create a more resilient and secure nation. Of course, this is easier said than done. Every time we adopt a standard or best practice, some enterprising cybercriminal develops a new way to counter it. However, there are some basic and fundamental steps any organization that wants to thrive in the years to come should take.

**Defense Steps We Can Take Now**

*   Prioritize security: While policies may change, the fundamentals of keeping your organization secure and resilient do not. Your organization's ability to do business depends on proactive preparation. Don't wait for the next set of rules to be handed down from Washington — prepare now. 
    
*   Focus on recovery: Attacks and disruptions are inevitable; business continuity is essential. Evaluate and refine your remediation plans continually to ensure they address potential disasters. It's cliché to state that "failure to plan is planning to fail," but it's also true. Being prepared will reduce the time it takes you to recover from an incident.
    
*   Adopt common standards and language: Standards create a shared language for finding risks, and using existing frameworks will drive faster and more cohesive responses. Let's all get on the same page in terms of how we share information about challenges we face and which standards and frameworks map back to specific risks. This is an industry discussion and does not require any agency to facilitate this type of a forum. 
    
*   Own your cyber accountability: Governments, vendors, and enterprises all share responsibility for mitigating risks and ensuring continuity through adversity. You need to be ready to ride to your own defense — there is no calvary behind a digital hill ready to ride to your rescue.
    

Over the next 12 to 18 months, we can expect to see rapid and unpredictable changes. New challenges and risks will arise out of trade disputes, domestic policies, geopolitical events, and the growth of AI. The security problems we face today require a unified and focused approach. Changing administrations — anywhere in the world — should not distract us from the critical task at hand. Let's collectively commit to ensuring security and resilience for all organizations, whether they be part of the critical national infrastructure (CNI), an essential supply chain, or a favorite consumer brand. Remember, cybercriminals don't care about national cyber policy or politics. We can't put defense on hold until Inauguration Day.

**About the Author**

President & Chief Executive Officer, Absolute Security

Christy Wyatt is president and chief executive officer of Absolute Security, a leader in enterprise resilience, and the only endpoint and secure access provider embedded in more than 600 million endpoint devices globally.

Cybercriminals Don't Care About National Cyber Policy

The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.

Source: Yury Zap via Alamy Stock Photo

NEWS BRIEF

Application security company Veracode has acquired malicious package analysis, detection, and mitigation technology from software supply chain security startup Phylum, along with some staff who worked on package analysis.

The technology will enhance Veracode's capabilities to identify and block malicious code in open source libraries, giving customers a more comprehensive view of the risks associated with using open source code, the company said. The new staff will join Veracode's security research team.

The deal comes at a time when organizations are increasingly concerned about the risks of vulnerabilities in open source code.

Founded in 2020, Phylum specializes in technologies for analyzing, detecting, and mitigating malicious software packages. The tools provide instant analysis of newly published packages, helping organizations identify and blocks in real time. Back in 2022, when Phylum won Black Hat's first Innovation Spotlight competition, co-founder Peter Morgan described package analysis as looking at risk indicators to create a "credit score for packages."

Phylum’s recent research identified nearly half a million malicious packages, including campaigns targeting finance and cryptocurrency companies.

Veracode's platform is used by organizations to scan code to understand exploitable risks, identify and remediate vulnerabilities, and reduce security debt. With Phylum's technology, Veracode can significantly reduce the attack window by helping customers identify the existence of malicious packages in their applications much faster, the company said.

The malicious package database and package management firewall will be integrated into Veracode's Software Composition Analysis product, with general availability expected early this year, Veracode said.

"With Phylum's unmatched database and cutting-edge research—proven to detect 60 percent more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats," said Ravi Iyer, Veracode's chief product officer, in a statement.

Veracode did not disclose the financial terms of the transaction.

**About the Author**

Managing Editor, Features, Dark Reading

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Veracode Buys Package Analysis Technology From Phylum

Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.

Amit Yoran, Source: Tenable

The cybersecurity industry reacted with shock at the loss of Amit Yoran, the renowned cybersecurity executive who helmed several of the biggest cybersecurity companies, including Tenable, RSA Security, and NetWitness. Yoran was also the founding director of the US Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT) program.

Yoran, 54, died on Jan. 3. He had been in treatment for cancer since March 2024 and took a medical leave of absence on Dec. 5 to pursue additional treatment.

Yoran became the chairman and CEO of Tenable Holdings in 2016 following the retirement of co-founder Ron Gula; he also became the company's president in 2018. Yoran led the company's growth and successful $250 million Nasdaq initial public offering (IPO) in 2018. The exposure management company was valued at $2.1 billion at IPO; it is now worth $4.69 billion. In 2022, Tenable launched Tenable One, which combined vulnerability management, external attack surface management, identity management, and cloud security.

"Amit leaves behind an incredible legacy as a visionary, leader, colleague, mentor, brother, father, and friend. He touched the lives of so many within and beyond our company and he will be missed," Tenable said in a statement. "We understand that this news may come as a shock, and we encourage you to take the time to process this difficult loss." 

Prior to Tenable, Yoran served as president of RSA Security from 2014 to 2016. He founded threat detection and response platform NetWitness in 2006 and led the company until 2011, when it was acquired by RSA Security. In 1998, Yoran co-founded RIPtech, a managed security services provider that used sensor networks to protect government and corporate computers. RIPtech was acquired by Symantec for $145 million in 2002. Yoran, who graduated from the United States Military Academy at West Point in 1993, served in Homeland Security's National Cyber Security Division from 2003 to 2004 where he focused on critical infrastructure security and preparedness.

**True Leader in Cybersecurity**

Yoran helped shape the cybersecurity industry with his expertise, empathy, and leadership. His goal was to make the digital world safer for everyone, and toward that end, he acted as a mentor to many, shared his expertise with industry peers, and sat on a number of boards, including BlackLine and the Center for Internet Security. In a memo to employees, Tenable chief people and culture officer Bidgett Paradise called Yoran "a visionary leader and a guiding force who profoundly impacted our industry, company, culture, and community." Former colleagues and peers filled social media with acknowledgements of Yoran's contributions to the cybersecurity field and their personal stories of how Yoran had guided them.

"Amit was one of the true OGs in cybersecurity, and we grew up together in this space," George Kurtz, founder and CEO of competitor CrowdStrike, wrote on LinkedIn. "He was a brilliant leader who understood the mission of protecting organizations and people at a fundamental level. Beyond his work in the private sector, Amit's public service with the federal government underscored his dedication to securing the nation at large."

Yoran's "open letter to Okta" after the company disclosed a third-party breach had compromised customers in 2022 is a good example of how he called out the industry for its mistakes in a thoughtful and constructive way, while advocating for best practices in a straightforward manner. He wrote a similar note in 2023 after multiple reports of vulnerabilities in Microsoft Azure.

Yoran's two brothers, Dov and Elad, are both in cybersecurity. "Late last night, we lost a brother, a father, a son, a husband, a veteran, an industry titan and a drinking buddy," Dov Yoran, former Cisco executive now leading cyber investigation startup Command Zero, wrote on LinkedIn. "Amit Yoran was a force of nature. He was a true hero in how he touched and helped so many people in so many unthinkable ways."

Editor's Note: Amit was a leader in the industry who generously shared his time, expertise, and insight with Dark Reading over the years. He was a friend to many of us here at Dark Reading — we will miss his big heart and smile.

In Appreciation: Amit Yoran, Tenable CEO, Passes Away

These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.

Source: Science Photo Library via Alamy Stock Photo

NEWS BRIEF

This past weekend, the Chinese state-backed hackers known as Salt Typhoon allegedly targeted their latest victims: Charter Communications, Consolidated Communications, and Windstream.

This comes after the group targeted a variety of other communications companies and ISPs, including AT&T, Verizon, and Lumen, accessing text messages, voicemails, and phone calls.

According to Anne Neuberger, White House deputy national security adviser for cyber and emerging technologies, nine US telecoms have been targeted and breached by Chinese hackers so far. Whether or not these latest three are included as a part of that list remains unclear.

Because of this tidal wave of Salt Typhoon telco breaches occurring in the US and around the world, the Cybersecurity and Infrastructure Security Agency (CISA) is advising senior government officials to switch to end-to-end encrypted messaging apps, such as Signal, in order to prevent the risk of interception.

"Possible targets of these Chinese attackers need to immediately follow the steps outlined by the FBI and NSA to help harden their systems against attack," said Chris Hauk, consumer privacy champion at Pixel Privacy, in an emailed statement to Dark Reading. "Patching and upgrading apps and devices, limiting the types of connections and privileged accounts, and only using strong encryption, are just some of the steps organizations can take to harden their systems against attack."

The US Department of Treasury has also made moves to mitigate risk from other Chinese threat groups, by sanctioning Integrity Technology Group, a Chinese cybersecurity company, for its role in Flax Typhoon-led incidents against US victims. That action comes after the Treasury Department was targeted by another Chinese state-backed threat actor.

Other major government developments include US Senator Ron Wyden (D-Ore.) announcing a bill aimed at securing American telecom infrastructure, and Federal Communications Commission (FCC) chair Jessica Rosenworcel stating that the agency will act with swiftness to ensure the cybersecurity of US carriers.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

China's Salt Typhoon Adds Charter, Windstream to Telecom Victim List

A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.

Source: Boris Kozlov via Alamy Stock Photo

A new advanced Android spyware threat called "FireScam" is using a fake Telegram Premium application to drop an infostealer on victims' phones that is able to track, monitor, and collect sensitive data on its victims.

Researchers at Cyfirma behind a new FireScam analysis said the campaign is part of a wider trend of threat actors finding success disguising malware as legitimate applications and services. In this case, they are abusing Firebase, a legitimate cloud platform widely used by developers of Google mobile and Web applications.

"By capitalizing on the widespread usage of popular apps and legitimate services like Firebase, FireScam exemplifies the advanced tactics used by modern malware to evade detection, execute data theft, and maintain persistent control over compromised devices," the report explained. "By exploiting the popularity of messaging apps and other widely used applications, FireScam poses a significant threat to individuals and organizations worldwide."

The infection routine starts with a phishing site hosted on the GitHbub\[dot\]io domain, dressed up to look like the RuStore app store, the report said. The site delivers a malicious version of Telegram Premium, which then steals data from the targeted Android device, including notifications, messages, and more, and sends it to a Firebase Realtime Database endpoint.

Related:China's Salt Typhoon Adds Charter, Windstream to Telecom Victim List

Once installed, FireScam uses regular checks and analysis, command-and-control communications (C2), and data storage to maintain persistence and deliver additional malware, as needed, the report added.

"The FireScam malware campaign reveals a worrying development in the mobile threat landscape: malware targeting Android devices is becoming increasingly sophisticated," Eric Schwake, director of cybersecurity strategy at Salt Security, said in a statement. "Although using phishing websites for malware distribution is not a new tactic, FireScam's specific methods — such as masquerading as the Telegram Premium app and utilizing the RuStore app store — illustrate attackers' evolving techniques to mislead and compromise unsuspecting users."

**Solutions for Stopping Spyware Like FireScam**

With these threats becoming increasingly sophisticated, it's important for cyber defenders to focus on anomalous app activity, according to a statement from Stephen Kowski, field CTO at SlashNext Email Security+.

"Real-time mobile app scanning and continuous monitoring are crucial safeguards, as these attacks often bypass traditional security measures by exploiting user trust and legitimate distribution channels," Kowski wrote. "The key to protecting against such threats is implementing security solutions that can detect suspicious permission requests and unauthorized app behaviors before sensitive data is compromised."

Related:EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets

Schwake added that protecting application programming interfaces (APIs) can also help protect users from increasingly convincing phishing lures.

"Real-time mobile-app scanning and continuous monitoring are crucial safeguards, as these attacks often bypass traditional security measures by exploiting user trust and legitimate distribution channels," Kowski wrote. "The key to protecting against such threats is implementing security solutions that can detect suspicious permission requests and unauthorized app behaviors before sensitive data is compromised."

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Source

DARKReading