By Habiba Rashid
The massive and sophisticated mobile malware campaign has been operating undetected on Android devices across the globe for more than six months. 
This is a post from HackRead.com Read the original post: Global Malware Attack Imitates VPN and Security Apps on Android Phones

The malware-infected apps include a variety of industries, including gaming, anti-virus, VPN, tutorials, gaming, social media and many more.

Bitdefender, a leading cybersecurity company, has recently revealed the existence of a massive and sophisticated **mobile malware campaign** that has been operating undetected on Android devices across the globe for more than six months. 

The campaign, which poses a significant threat on a global scale, primarily aims to aggressively distribute adware to Android devices with the intention of generating revenue for the malicious actors involved.

However, the researchers warn that these threat actors have the capability to switch tactics, potentially redirecting users to more dangerous forms of malware such as **banking Trojans or ransomware**. So far, Bitdefender has identified over 60,000 unique apps carrying the adware, suggesting that there may be many more variants still lurking in the wild.

Here are the countries most impacted by the new malware campaign:

*   United States 55.27%
*   South Korea 9.8%
*   Brazil 5.96%
*   Germany 2.93%
*   United Kingdom 2.71%
*   France 2.56%
*   Kazakhstan 2.5%
*   Romania 2.41%
*   Italy 1.93%
*   Other 12.19%

One of the remarkable aspects of this malware campaign is its longevity, as it has remained active since at least October 2022. The absence of behaviour-based detection capabilities on Android has enabled the malware to **evade detection** for such an extended period. Moreover, the sheer number of unique samples discovered strongly indicates that the operation is largely automated.

What sets this malware campaign apart is its distribution strategy. The malicious apps are not present in official app stores, requiring the perpetrators to convince users to download and install third-party applications. To accomplish this, the threat actors have disguised their malicious software as highly sought-after apps that are typically not found in official stores or have mimicked legitimate applications available on the **Play Store**. 

The apps imitate various popular categories, including game cracks, unlocked game features, **free VPNs**, fake videos, Netflix, fake tutorials, ad-free versions of YouTube/TikTok, cracked utility programs, and fake security programs. Here is the full list shared by the researchers:  

*   Netflix
*   Free VPN
*   Fake videos
*   Fake tutorials
*   Game cracks
*   Fake security programs
*   YouTube/TikTok without ads
*   Games with unlocked features
*   Cracked utility programs: weather, pdf viewers, etc

The distribution of this malware occurs organically when users search for these specific types of apps, cracks, or mods. Websites dedicated to offering modded apps have become popular platforms for such distribution. When a user visits a website through a Google search for a “modded” app, they may be redirected to a deceptive page hosting the malware disguised as a legitimate download for the desired mod.

Bitdefender’s researchers have discovered the malware’s sophisticated techniques to remain hidden and ensure its persistence on infected devices. By not registering any launchers during installation, the malware avoids displaying an app icon on the device’s launcher.

The malware also employs a special packer that utilizes the SQLCipher package to encrypt its malicious content. Bitdefender’s technical **blog post** includes further details about the infection process.

To protect Android devices from this widespread malware campaign and similar threats, it is crucial to employ a robust security solution capable of detecting and preventing such attacks.

Users are strongly advised against downloading apps from third-party app stores or websites, as these platforms pose a **higher risk of malware infection**. It is always safest to stick to official app stores for app downloads.

**RELATED ARTICLES**

1.  Hackers Leak i2VPN Admin Credentials on Telegram
2.  MaliBot Android Malware Stealing Personal, Banking Data
3.  Play Store Apps Caught Spreading Android Malware to Millions
4.  Evolving Toll Fraud Android Malware Draining Wallets, Microsoft
5.  Goldoson Malware Seen in 60 Android Apps with 100M Downloads

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Global Malware Attack Imitates VPN and Security Apps on Android Phones

By Waqas
These 2 billion SWEAT tokens, which make up around 13% of the total supply, have been locked in…
This is a post from HackRead.com Read the original post: Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens

These 2 billion SWEAT tokens, which make up around 13% of the total supply, have been locked in inactive user accounts under a 24-month contract.

In a groundbreaking move, Sweat Economy, the trailblazing move-to-earn project, is putting the destiny of 2 billion dormant SWEAT tokens in the hands of its community through a new governance vote on the Sweat Wallet application.

These 2 billion SWEAT tokens, which make up around 13% of the total supply, have been locked in inactive user accounts under a 24-month contract.

Following a successful Token Generation Event last year, a significant number of users have yet to activate the Sweat Wallet application and claim their tokens, despite repeated reminders.

The purpose of the new governance vote is to address the lingering question surrounding these idle tokens: What should be done with them? Sweat Economy is now empowering token holders to directly participate in the decision-making process, embracing the principle of one person, one vote, and democratizing the token’s future.

Participants in the vote have two options: They can vote in favour of recovering the 2 billion idle SWEAT tokens and transferring them back to the Sweat Treasury for potential future distribution or other uses determined by subsequent votes. Alternatively, they can vote in favour of leaving these tokens in the inactive user accounts.

To ensure fairness and allow everyone to have their say, a minimum of 75,000 votes is required for the proposal to be accepted or denied. The voting period will run for at least seven days, with the potential for a three-day extension if there is a continuous influx of votes.

The significance of this governance vote lies in the large number of SWEAT tokens at stake and Sweat Economy’s commitment to community-centred decision-making. The platform is dedicated to ensuring that every voice is heard, irrespective of the amount of SWEAT they hold. This commitment has resonated well with the community, as expressed through user feedback:

“It’s an excellent proposal! I can’t wait to see what they plan to do with over 2 billion $SWEAT!”

The previous vote witnessed an impressive turnout of 153,783 participants, and Sweat Economy is optimistic about even higher engagement numbers this time, given the magnitude of the SWEAT tokens involved.

This milestone event further strengthens Sweat Economy’s mission to establish a more inclusive, transparent, and democratic ecosystem, where the community has a significant say in crucial decisions.

**About Sweat Economy**

Since its establishment in 2015, Sweat Economy has been promoting healthier lifestyles by encouraging people to be more physically active. The Sweatcoin app, the most popular health and fitness app globally in 2022, incentivizes over 130 million users to move more by earning sweatcoins, referred to as ‘Airmiles for steps.’ Users can redeem these in-app currencies for branded products, and digital services, or donate them to various charities.

Last summer, Sweat Economy launched the Sweat Wallet app and introduced its cryptocurrency, $SWEAT, to further reward users and establish a tangible financial unit of value for movement. In the largest crypto giveaway ever, over 14 million users received airdropped tokens. By harnessing the decentralized power of Web3, the company is making significant strides towards creating a true economy of movement, where health and wealth intersect.

**RELATED ARTICLES**

1.  Tenet and LayerZero Forge Cross-Chain LSD Adoption
2.  Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem
3.  How Cross-Chain DEXes are Democratizing the Crypto Market?
4.  Utilizing Economic Calendar to Enhance Safety in Crypto Trading
5.  From Power Plants to eWallets: The role of ZTNA in the gig economy

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens

By Waqas
If the alleged admin login credentials are authentic, i2VPN users are at risk of a massive security and privacy breach.
This is a post from HackRead.com Read the original post: Hackers Leak i2VPN Admin Credentials on Telegram

With over 500,000 downloads from the Google Play Store alone, i2VPN boasts a significant user base.

In a recent cybersecurity incident, hackers have claimed to have successfully breached the admin credentials of i2VPN, a popular freemium VPN proxy server app available for download on Google Play and the App Store.

The hackers allegedly gained access to i2VPN’s main admin dashboard, obtaining confidential information related to hundreds of thousands of users. The breach came to light when the cybersecurity team at SafetyDetectives discovered that hackers had posted what appeared to be sensitive information from i2VPN on Telegram.

According to details shared by SafetyDetective with Hackread.com, the leaked data included the admin’s email address and password, as well as screenshots of the dashboard displaying data centers and users’ subscription details.

Alleged leaked credentials on Telegram and what the alleged i2VPN dashboard looks like (Screenshot credit: SafetyDetective)

Although the hackers did not directly release user data, the compromised admin panel credentials potentially grant access to a substantial amount of personal information and data centers.

This should not come as a surprise, since VPN companies are always a preferred target for hackers, and any security flaw can lead to privacy breaches of unsuspecting users. Just a few days ago, Hackread.com exclusively reported how SuperVPN, a free VPN service provider, exposed 360 million user records to the public.

With over 500,000 downloads from the Google Play Store alone, i2VPN boasts a significant user base. While the exact number of downloads from the App Store remains undisclosed, it is reasonable to assume that the alleged breach could impact a considerable number of individuals.

If the claims are true, the leaked information could expose sensitive details, including user IDs, account names, registered email addresses, and subscription-related information such as payment methods and expiry dates.

The implications of this breach are far-reaching. Hackers with access to such data could exploit it for various malicious purposes, including spying on users’ activities and perpetrating fraudulent activities.

Additionally, cybercriminals might employ compromised account information to initiate phishing attacks, leveraging the obtained names and email addresses to impersonate individuals and trick them into divulging sensitive personal information.

If you are an i2VPN user or subscriber, it is crucial to take immediate steps to bolster your security, particularly if you have noticed any suspicious activity related to your account. Consider the following precautions:

*   Evaluate whether you want to continue using i2VPN in light of these reported concerns.
*   Review the accounts, platforms, and websites you accessed while connected to the VPN service. Take measures to safeguard these accounts by changing your login credentials.
*   Scan your devices for any sensitive files or communications. Transfer or remove them promptly to prevent further compromise.

As the investigation into this breach continues, i2VPN must take swift action to address the security vulnerabilities and reinforce its system to prevent similar incidents in the future. Users are advised to remain vigilant and stay updated on any official announcements or notifications from i2VPN regarding the breach and recommended security measures.

In an increasingly interconnected world, incidents like these serve as reminders of the importance of robust cybersecurity practices and the need to exercise caution when sharing personal information online.

**RELATED ARTICLES**

1.  Kiwi Farms Website Hacked! Admin Warns of Data Leak
2.  Hacker dumps Guns.com database with users, admin data
3.  Hackers dump login data of Fortinet VPN users in plain-text
4.  15b credentials from 100,000 data breaches sold on dark web
5.  Hackers Selling US Colleges VPN Credentials on Russian Forums

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Hackers Leak i2VPN Admin Credentials on Telegram

By Habiba Rashid
The stolen tokens include popular cryptocurrencies such as Bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), Litecoin (LTC), BNB coin (BNB), and polygon (MATIC). 
This is a post from HackRead.com Read the original post: Atomic Wallet Hit by $35M Theft in Recent Crypto Breach

Reports from affected users indicate that some lost their crypto assets after a recent software update, while others suffered losses despite not having updated to the latest version.

In a recent incident that has sent shockwaves through the crypto community, Atomic Wallet has fallen victim to a substantial theft of various tokens amounting to nearly $35 million. 

The attack, which began on June 2nd 2023, affected less than 1% of Atomic Wallet’s monthly active users, according to the company’s Twitter statement on Monday. The firm, currently conducting investigations, has requested victims to submit relevant information via a Google Docs form to aid in the inquiry.

Reports from affected users indicate that some lost their crypto assets after a recent software update, while others suffered losses despite not having updated to the latest version.

The stolen tokens include popular cryptocurrencies such as Bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), Litecoin (LTC), BNB coin (BNB), and polygon (MATIC). 

ZachXBT, an independent investigator known for tracking stolen crypto funds, revealed that the largest victim had lost a staggering $7.95 million in Tether (USDT). Based on their findings, ZachXBT expressed concern that the total amount stolen could potentially surpass $50 million. These revelations have left the Atomic Wallet user base on edge, with many fearing for the security of their own assets. 

Atomic Wallet, a noncustodial-decentralized wallet, emphasizes in its Terms of Service that users bear sole responsibility for the assets stored in the application. The terms explicitly state that Atomic Wallet will not be liable for damages exceeding $50, a clause that may complicate matters for affected users seeking restitution.

The investigation into the security breach remains ongoing, with Atomic Wallet collaborating with leading security companies to identify possible attack vectors. The support team has reached out to major exchanges and blockchain analytics firms in an attempt to trace and block the stolen funds. However, the company has been criticized for the limited information shared with users, leaving many in a state of uncertainty and frustration.

> At the moment less than 1% of our monthly active users have been affected/reported. Last drained transaction was confirmed over 40h ago.
> 
> Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds.
> 
> — Atomic – Crypto Wallet (@AtomicWallet) June 5, 2023

On the other hand, it appears that ZachXBT decided to take matters into their own hands to aid the breach victims. On Twitter he wrote:

“A huge shoutout goes to @buffalu\_\_  @brian\_smith\_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims.”

While their efforts are commendable, the responsibility for timely recovery of the funds ultimately falls on Atomic Wallet. 

It should be noted that last week Jimbos Protocol experienced a loss of $7.5 million after hackers exploited a vulnerability resulting from the lack of slippage control on liquidity conversions. Attacks such as these highlight the vulnerabilities which continue to persist in the crypto ecosystem. 

**RELATED ARTICLES**

1.  6 of the Best Crypto Bug Bounty Programs
2.  Crypto ATM Manufacturer Suffers $1.5m Bitcoin Theft
3.  Crypto Discord Communities Hit by Malicious Bookmarks
4.  Crypto exchange Fiatusdt leaked trove of users KYC data
5.  Google Ads Malware Wipes NFT Influencer’s Crypto Wallet

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Atomic Wallet Hit by $35M Theft in Recent Crypto Breach

By Waqas
Reportedly, the hackers gained unauthorized access to sensitive data by exploiting a backdoor in MOVEit, a file transfer software used by Zellis.
This is a post from HackRead.com Read the original post: British Airways, BBC and Boots Hit by Suspected Russian Cyber Attack

British Airways has already informed 34,000 UK employees about the massive cyber attack, while the BBC has also acknowledged the incident.

In a shocking revelation, it has been uncovered that tens of thousands of employees from prominent UK companies, including British Airways (BA), the British Broadcasting Corporation (BBC), and Boots, may have fallen victim to a large-scale data breach suspected to be linked to a cyber attack originating from Russia.

The breach, which has raised serious concerns over cybersecurity, has reportedly exposed the personal information of affected individuals.

The alarming incident came to light after BA issued a warning to its 34,000-strong workforce, notifying them of a significant “cybersecurity incident” resulting in the disclosure of personal data belonging to employees paid through BA’s payroll systems in the UK and Ireland.

The compromised information encompasses a range of sensitive details, including names, addresses, national insurance numbers, banking information, and other personal records. What’s worse, British Airways was also a victim of a data breach in 2018, during which the personal and financial details of 380,000 of its customers were stolen.

Sources indicate that the breach is associated with Zellis, BA’s payroll provider and other firms in collaboration with the company have also fallen victim to the attack. Boots, a well-known UK pharmacy chain, sent out emails to its employees, informing them that their names, surnames, employee numbers, dates of birth, email addresses, and partial home addresses have been affected. It is believed that a small fraction of Boots employees may have had additional data compromised as well.

The BBC, a renowned broadcasting institution, has also confirmed its involvement in the breach. A spokesperson for the organization stated that they were aware of the data breach at Zellis, their third-party supplier, and are actively cooperating with them to investigate the extent of the incident. Emphasizing the significance of data security, the spokesperson reassured that the BBC is following established reporting procedures to address the issue.

Zellis, which provides payroll services to numerous major companies, including the National Health Service (NHS) and Jaguar Land Rover, has reportedly suffered a breach affecting eight of its clients.

According to local British media reports, the cyber attack is suspected to be the work of a Russian-speaking cybercrime gang known as Cl0p, as noted by security researchers.

Reportedly, the hackers gained unauthorized access to sensitive data by exploiting a backdoor in MOVEit, a file transfer software used by Zellis.

MOVEit’s vulnerability was first identified by its creator, Progress Software, which promptly alerted its customers, urging them to take immediate action by deleting any unauthorized user accounts created by the hackers.

Rafe Pilling, a principal researcher at Secureworks, a cybersecurity company, disclosed that the Cl0p ransomware gang has been actively targeting vulnerable servers recently. He expressed that his team is currently engaged in multiple incident response tasks associated with this particular hack, strongly suggesting a link between the attacks on BA and Boots.

Zellis has assured the public that it is actively assisting the affected customers and has taken swift action in response to the incident. Upon becoming aware of the breach, Zellis disconnected the server utilizing the compromised MOVEit software and engaged an external security incident response team for forensic analysis and ongoing monitoring.

The Information Commissioner’s Office (ICO), Data Protection Commission (DPC), and the National Cyber Security Centre (NCSC) in both the UK and Ireland have been notified.

BA has stated that the breach was a result of a previously unknown vulnerability in the widely used MOVEit file transfer tool, supplied by Zellis. The company has reached out to affected individuals, offering support and guidance in light of the compromised personal information.

Progress Software has also acknowledged the situation, confirming their investigation into the vulnerability in MOVEit Transfer and MOVEit Cloud. The company promptly alerted customers, implemented immediate mitigation steps, disabled web access to MOVEit Cloud, and developed a security patch to address the vulnerability within 48 hours.

They further asserted their collaboration with leading cybersecurity experts to thoroughly investigate the incident and ensure appropriate response measures are taken.

As the affected companies grapple with the aftermath of this significant data breach, authorities like the ICO continue to assess the information provided, aiming to ensure the protection of individuals’ data and hold responsible parties accountable.

The incident serves as a stark reminder of the growing cybersecurity threats faced by both corporations and individuals in an increasingly interconnected world.

**RELATED ARTICLES**

1.  UK’s Retail Giant WH Smith Cyberattack
2.  Media Giant Guardian Hit By Ransomware Attack
3.  UK Criminal Records Office Hit by Ransomware Attack

British Airways, BBC and Boots Hit by Suspected Russian Cyber Attack

By Waqas
Scrubs & Beyond were alerted multiple times about the data leak, but the company did not respond or secure the server.
This is a post from HackRead.com Read the original post: Scrubs & Beyond Leaks 400GB of User PII and Card Data in Plain Text

Currently, the server holds over 100,000 customer records, totalling 400 GB in size, while the database size and the number of customers are growing each day with new information.

Scrubs & Beyond, a popular online retailer specializing in healthcare uniforms and accessories, has suffered a severe data exposure incident, revealing its customers’ personally identifiable information and sensitive financial data public.

The leaked server, which contains a wealth of personal information, including full names, email addresses, mobile numbers, physical addresses, and even internal credentials, is publicly accessible and can be downloaded by anyone with knowledge of how to use tools like Shodan—an open-source intelligence (OSINT) tool often referred to as a search engine for the Internet of Things (IoT).

The database was exposed on May 16, 2023. Researchers identified the exposure on May 25, 2023, and since then, the information has remained exposed. Currently, the server holds over 100,000 customer records, totalling 400 GB in size. The database size and the number of customers are growing each day with new information.

According to Anurag Sen of CloudDefense, a security researcher who identified the server, the exposed data also includes plaintext credit card details, such as card numbers, CVV codes, and expiration dates, along with PayPal payment logs, purchase logs, and order information. This puts affected customers at an increased risk of financial fraud, identity theft, and other malicious activities.

As seen on Hackread.com, the full list of the exposed data includes the following:

*   Full name
*   Email address
*   Phone number
*   Physical full address
*   Internal credentials
*   Paypal payment logs
*   Purchase logs and orders
*   Full payment card details with CVV and expiration details in plaintext.

This breach is particularly alarming because the entire dataset has been exposed without any form of security authentication or password protection. This means that anyone with internet access can potentially access and exploit this sensitive information, posing a significant threat to affected customers’ privacy and financial security.

The trove of data that is being exposed (Screenshots provided to Hackread.com by Sen)

What’s worse, Sen alerted Scrubs & Beyond about the issue on multiple occasions but received no response from the company. This lack of response raises serious questions about the company’s handling of the situation and its commitment to promptly addressing security issues.

Customers who have purchased or interacted with Scrubs & Beyond should be on high alert for any suspicious activities related to their personal and financial information. Affected individuals should monitor their financial accounts regularly, change passwords associated with their Scrubs & Beyond accounts, and consider taking additional security measures such as credit monitoring or fraud alerts.

This incident serves as a stark reminder of the importance of robust data security measures and prompt responses to potential vulnerabilities. Companies entrusted with customer data must prioritize the protection of personal information and take immediate action to rectify any security flaws to safeguard their customers’ privacy.

**Impact**

Since the server is live and there has been no response from the company, the chances of misuse and abuse of data are high if it gets into the hands of a third party with malicious intent.

While the data can be exploited to carry out identity theft-related fraud, hackers can hold the company’s server or **data for ransom** and leak it on cybercrime forums if their demands are not met.

Scrubs & Beyond is yet to release an official statement addressing the breach or providing guidance for affected customers.

**RELATED ARTICLES**

1.  Video Marketing Software Animker Leaked User Data
2.  Indian Truck Brokerage Company Leaked 140GB of Data
3.  Indian Ticketing Platform RailYatri Hacked – Data Leaked
4.  QR code generator site leaks users’ login data & addresses
5.  Leaked Amazon Prime Video Server Exposed Viewing Habits

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Scrubs & Beyond Leaks 400GB of User PII and Card Data in Plain Text

By Waqas
The researchers discovered the oldest traces of infection in 2019, and it is believed that the attack is still active.
This is a post from HackRead.com Read the original post: Kaspersky Reveals iPhones of Employees Infected with Spyware

According to Kaspersky, this is an ongoing investigation, and the perpetrators are yet to be determined.

The CEO of cybersecurity giant and antivirus vendor Kaspersky, Eugene Kaspersky, revealed in a blog post that dozens of iPhones used by their senior employees contained spyware capable of recording audio, capturing images from messaging apps, geolocation, and more.

The company noted that iOS devices on its WiFi network had become targets of threat actors who launched zero-day exploits as part of Operation Triangulation. The researchers discovered the oldest traces of infection in 2019, and it is believed that the attack is still active.

****How Was the Activity Discovered?****

Kaspersky researchers noted suspicious activity on several iPhones while monitoring network traffic for mobile devices on their corporate WiFi network through the KUMA (Kaspersky Unified Monitoring and Analysis) platform.

To investigate further, they created offline backups of these devices since they couldn’t inspect them from the inside and discovered an infection using the Mobile Verification Toolkit’s mvt-ios. This utility provides information about the sequence of events, allowing researchers to recreate the incident.

****Digging Deeper…****

The attack begins with iOS phone users receiving an iMessage with an attachment that contains the exploit. Upon clicking, it triggers a vulnerability that leads to code execution without involving user input, making it a zero-click attack.

The malicious code downloads new payloads after connecting with the C2 server, which can include privilege escalation exploits. The final payload is a feature-rich APT platform.

“The analysis of the final payload is not finished yet. The code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server,” the researchers wrote in their blog post.

****Various Vulnerabilities Used to Get Deeper Access****

Multiple vulnerabilities are combined to allow attackers deeper access to the compromised device. Once the final payload is downloaded, the message and the malicious attachments initiate self-deletion. The malware cannot maintain persistence if the device is rebooted, but researchers observed reinfection in some samples.

The exact nature of the bugs used in this attack chain is unclear, but one of the flaws could be the kernel extension vulnerability (CVE-2022-46690) patched by Apple in December 2022.

****Apple’s Response****

Kaspersky’s findings were published the same day the Russian security services released a statement blaming the US for exploiting Apple devices to launch reconnaissance operations.

“Several thousand telephone sets of this brand were infected….. In addition to domestic subscribers, facts of infection of foreign numbers and subscribers using SIM cards registered with diplomatic missions and embassies in Russia, including the countries of the NATO bloc and the post-Soviet space, as well as Israel, SAR, and China, were revealed,” Russian intelligence claimed.

However, Apple’s spokesperson refuted these allegations, stating that none of their products have ever contained a backdoor, and Apple would never collaborate with governments.

Regarding Kaspersky’s report, Apple stated that the issue was detected in some versions of iPhones (iOS version 15.7 and below), whereas currently, iOS devices run version 16.5.

Patrick Wardle, an iOS and macOS security researcher, told Wired that Kaspersky remained hacked by an iOS zero-day exploit for five years, and the issue has been discovered now, indicating that it is pretty challenging to detect zero-day exploits.

Kaspersky noted that this difficulty is caused by iOS’s locked-down design, making it tough to inspect iOS’s activities. This is an ongoing investigation, and the perpetrators are yet to be determined. Stay tuned for an update…

**RELATED ARTICLES**

1.  Israel hacked Kaspersky Labs
2.  Kaspersky spots CIA malware
3.  US: Kaspersky is a national security threat
4.  WikiLeaks’ Vault 8: CIA Impersonated Kaspersky Lab
5.  Kaspersky Reveal How NSA Hacking Tools Were Stolen

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Kaspersky Reveals iPhones of Employees Infected with Spyware

By Habiba Rashid
The dark web search feature enables users to scan for their Gmail address on the dark web and receive guidance on online protection.
This is a post from HackRead.com Read the original post: Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID

For now, the dark web report is only available for most Google Accounts in the United States; however, access will also expand to more than 20 countries in the coming months.

Last month, Hackread.com reported that Google had started offering dark web monitoring for Gmail users in the United States. Now, the tech and search engine giant has announced the release of its latest Android feature drop, introducing several new enhancements and functionalities for Google-powered smartphones, tablets, and smartwatches.

Among the notable additions is the ability to search the dark web for Gmail addresses, expanded accessibility features for Google Books, and updates for Wear OS devices.

In the blog post detailing the feature drop, Google mentions that the dark web search feature, which enables users to scan for their Gmail address on the dark web and receive guidance on online protection, is now available for Google account holders in the United States.

The company also plans to expand this feature to include 20 more countries in the coming months, with the United Kingdom expected to be among them.

Younger readers using Google Books will benefit from a new reading practice feature. Books marked with the Practice badge will allow readers to hear the correct pronunciation of unusual words, enabling them to practice pronunciation effectively.

Google has also introduced three new home screen widgets for Android phones and tablets. These widgets provide personalized recommendations from Google TV, Google Finance, and Google News, enhancing the user experience by delivering relevant and tailored content.

The Spotify Wear OS app has received an update to incorporate the recently-launched Spotify DJ feature. This AI-powered function offers users a curated selection of streaming content along with a DJ who provides explanations and insights into the chosen songs or podcasts. Additionally, the app includes new tiles and watch face shortcuts for convenient access to Spotify on Wear OS devices.

In terms of Wear OS enhancements, users can now access Google Keep notes quickly through pinned lists. Furthermore, the Gboard keyboard app now offers new aquatic-themed emoji mashups, adding a touch of creativity and fun to text messaging.

While the Android feature drop delivers exciting updates, Google is also preparing for the anticipated release of Android 14 later this year. The company has been relatively quiet about the upcoming operating system, which is currently in beta, but it is expected to roll out to the public in August 2023.

**RELATED ARTICLES**

1.  On Dark Web Your Facebook ID is worth $5.20 & Gmail ID $1
2.  1 Million Decrypted Gmail & Yahoo Accounts Sold on Dark Web
3.  DarkBERT AI: Enhancing Cybersecurity Efforts on the Dark Web

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID

By Owais Sultan
The cryptocurrency niche has come a long way since Bitcoin’s inception and it is now far from the…
This is a post from HackRead.com Read the original post: Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem

The cryptocurrency niche has come a long way since Bitcoin’s inception and it is now far from the digital alternative to fiat currency than it was once intended to be – and one of the most prevalent indicators of this is the rise of meme coins.

The likes of Dogecoin set a precedent for bringing lightheartedness into a very serious niche and Shiba Inu is one of the more successful names to enter the fray. Designed for a more tongue-in-cheek approach to both Doge and digital finance in general, it aimed to create a community-driven, cult-like following without breaking the bank.

**A little more about Shiba Inu**

While Shiba Inu may look like just another joke coin, it actually powers an open-source ecosystem that plays host to many decentralized applications (known as DApps), products and even platforms that allow users and enthusiasts to create smart contracts using the widely popular Ethereum blockchain.

**Price predictions for Shiba Inu**

When it comes to Shiba Inu price predictions, there is a lot to consider before coming to an understanding of whether this meme coin can really reach the coveted $1 value that experts have been hoping for.

Late 2022 saw SHIB reaching its top potential so far, at an unprecedented $0.00008845 – and this gave traders and investors some hope for 2023. Industry insiders are predicting a potential maximum of $0.0000091, but the minimum could fall to as low as $0.0000220.

These predictions are led by considerations of technological innovations as well as market trends, and these can give important insights into where things are likely to fall over the coming years. Let’s take a look at some projections right now:

**SHIB price prediction 2024 – 2030**

In less than a year’s time, the average trading price is set to be around $0.00003041. This is taking the growing popularity of the Metaverse platform into consideration and the fact that it will increase usage across the crypto niche.

As a bullish market is thematic through 2024, Shiba Inu is expected to reach as much as $0.00004335 in 2025, $0.00007480 in 2026, $0.00010739 in 2027, $0.00016276 in 2028, $0.00021284 2029 and eventually reaching $0.00035649 by 2030.

**Should you invest in SHIB in 2023 and beyond?**

The above predictions seem to show that the meme coin will continue to see stable growth, but an influx in buyers will certainly push things forward in terms of significantly improving value growth. These numbers could better serve as an indicator of the quality and volume of investors that are likely to come into the wider ecosystem.

**RELATED ARTICLES**

1.  What is Cloud Mining and How Does it Work?
2.  How To Safely Navigate the World of Crypto Finance
3.  What Makes Bitcoin NFTs Different from Other NFTs?
4.  7 Rules Of Risk Management For Cryptocurrency Users
5.  How Cross-Chain DEXes are Democratizing the Crypto Market?

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem

By Deeba Ahmed
Currently, SeroXen RAT is delivered either via phishing emails or Discord channels.
This is a post from HackRead.com Read the original post: Windows Users Beware: Crooks Relying on SeroXen RAT to Target Gamers

The stealthy SeroXen RAT is available as a legit RAT for Windows 11 and 10 just for $15-$30 per month, and for $60, buyers get a lifetime license.

A fileless RAT (remote access trojan) has become the preferred tool for cybercriminals to target gamers. Dubbed SeroXen, the malware is distributed as a legit program on hacker forums and social media outlets, as per a report from AT&T.

**Analyzing SeroXen RAT:**

SeroXen RAT has excellent detection evasion capabilities on static and dynamic analysis. Since it results from a combination of different open-source projects, including r77-rootkit, Quasar RAT, and NirCmd, its capabilities get further enhanced, making it a powerful RAT.

For your information, Quasar RAT is a lightweight remote administration tool discovered in 2014 and available on GitHub for free. Quasar’s latest version (1.41) features a variety of functions such as remote desktop, reverse proxy, TLS communication, remote shell, and a file management system.

Conversely, the open-source r77 rootkit also features fileless persistence, in-memory process injection, malware embedding, child process hooking, and antivirus evasion capabilities. NirCmd, a freeware utility, can only carry out Windows system management tasks from the command line.

**How Is It Delivered?**

SeroXen RAT is delivered either via phishing emails or Discord channels. The attack scenario involves downloading a ZIP file and a hidden batch file. This file is automatically executed, and after several steps, the final payload is eventually installed as two .NET arrays. One of these is a rootkit, having versatile capabilities such as fileless persistence, EDR evasion, in-memory process injection, and function hooking.

The stealthy SeroXen malware is available as a legit RAT for Windows 11 and 10 just for $15-$30 per month, and for $60, buyers get a lifetime license. This RAT could be very attractive for threat actors at such a low cost. 

It is still unclear whether those offering the malware for sale are developers or resellers of SeroXen. Nonetheless, according to AT&T’s blog post, the company analyzed hundreds of samples since the malware first surfaced in September 2022, and the gaming community is mostly the target.

However, attackers may expand the scope of attack given the easy availability and low cost of SeroXen. Watch as CyberSec Zaado, a cybersecurity researcher, exposes the SeroXen RAT and alerts the community about its capabilities from a defensive perspective.

**SeroXen- An Undetectable RAT?**

Researchers noted that, at the moment, no antimalware tools can detect this malware, which is why researchers referred to it as a “fully undetectable version.”

“Since the RAT is packaged into an obfuscated PowerShell batch file. The file’s size typically ranges between 12-14 megabytes, as we can see in sample 8ace121fae472cc7ce896c91a3f1743d5ccc8a389bc3152578c4782171c69e87 uploaded to VT on May 21. Due to its relatively large size, certain antivirus may choose not to analyze it, potentially bypassing detection,” AT&T Alien Lab’s report read.

The sample analyzed by AT&T researchers had 0 detections on Virus Total, while some crowdsourced Sigma Rules detected it as suspicious activity. However, given that it is a lifeless malware that executes in memory after undergoing numerous decompression and decryption routines, it is hard for antivirus solutions to detect it.

Moreover, SeroXen’s toolkit loads a new copy of ntdll.dll, making it even harder to detect the malware through EDR (endpoint detection & response) solutions.

**RELATED ARTICLES**

1.  Windows PCs infected by Nodersok fileless malware
2.  Gamers hit in new malware attack with games cheat codes
3.  Fileless WannaMine Cryptojacking Malware Using NSA Exploit
4.  Gaming Firms &Community Members Hit by Dark Frost Botnet
5.  The Rise of Fileless Malware: Over 100 Gov’t Orgs Under Attack