Sponsored Spyware

Facebook Page Hijacking, $75m Ransom Payment, And State-Sponsored Spyware

DMARC Report
DMARC Report
Facebook Page Hijacking, $75m Ransom Payment, And State-Sponsored Spyware
Loading
/

Just when you think that, finally, the world is safe from cyberattacks, yet another instance pops up on your digital screen. The only key is to stay vigilant and educate yourself about the evolving trends in the cybercrime world. Staying well-versed with day-to-day cyberattacks and technological advancements help you keep your data and money safe and secure.

That’s why we are here to keep you updated about what’s happening across the cyber world.

For example, a Fortune 50 company went on to pay a ransom worth $75M, one of the highest to date. On the other hand, a malvertising campaign has been using phishing tactics to pry into and steal the Facebook account details of users. Lastly, a high-end Android spyware is targeting naive users in Russia.

Let’s find out more about these cyber mishaps

Facebook pages being hijacked by threat actors to access user details!

Facebook, one of the most popular social media platforms in the world, is again being targeted by threat actors. This time, they are focusing on Facebook pages to gain access to sensitive user data. The campaign involves promoting naive users to download a legit AI photo editor. But when the users try to download the same, they end up installing a malicious infostealer.

The malvertising campaign is leveraging different types of threat tactics such as social engineering, phishing, spoofing, etc. The increasing popularity of AI-generated and AI-enhanced photographs are also proving to be of great help to these threat actors. 

cybersecurity

While threat actors exploit Facebook paid ad campaigns to lure users into malicious schemes, it is equally crucial to implement email authentication protocols such as SPF, DKIM, and DMARC. These protocols help verify the sender’s identity and safeguard against phishing and spoofing attacks, complementing broader cybersecurity measures.

The attackers, after getting control of the Facebook page, start promoting the artificial intelligence-backed photo editing tool. Users then inadvertently download an endpoint management utility. 

The malicious campaign has so far been successful in generating around 1,200 downloads on macOS and 16,000 downloads on Windows devices. 

A Fortune 50 company pays a staggering ransom amount worth $75M to threat actors!

A Fortune 50 company has grabbed all eyeballs by paying a whopping $75M ransom demanded by a group of cyber attackers named Dark Angel. Authorities have been tight-lipped about the name of the company. This is not the first instance when the corporate world is getting attention for paying ransoms. 

3 years back, CNA Financial, an Illinois-based company, paid a ransom worth $40M. In 2023, Caesars Palace paid $15M to meet the demand. A meat manufacturer JBS also paid $11M to get rid of the ransomware attackers. 

prevent ransomware attack

Dark Angels first came into the scenario back in 2022. The group targets high-value victims such as S&P 500 companies. There are several industries that they keep an eye on, such as education, telecommunications, manufacturing, healthcare, finance, and government. They created a sensation across the cyber world by attacking the VMware ESXi hypervisors of Johnson Controls International (JCI) and went on to access a mind-boggling 27 terabytes worth of data. Dark Angels is known for its unconventional ransomware attack choices. Instead of operating as a ransomware-as-a-service business, it leverages encryptors such as Babuk and Ragnar Locker. 

State-backed Android spyware targets Russian users!

For the last three years, an unknown threat actor has been targeting Android smartphone users in Russia. The threat is known by the name of LianSpy. A post-exploitation Trojan, LianSpy is known for its ability to grow swiftly, unlike other spyware tools. 

LianSpy was first identified in March 2024. The Android spyware is highly dependent on user interaction. First, the malware checks if it has all the necessary permissions to carry out the malicious activities. If there’s a permission issue, it prompts the users accordingly. Once the malware gets the necessary permission, the next step involves registering the Android Broadcast Receiver. The aim is to receive and respond to phone system events such as low battery, network, and booting. After the launch, the malware conveniently removes its icon from the phone’s home screen and keeps operating in the background. 

malware checks

LianSpy keeps prying into your daily smartphone activity. For example, it can easily keep a tab on your call logs. Also, the Android spyware keeps recording your screen and gains smooth access to whatever messages you are sending or receiving.

LianSpy is not a one-of-its-kind malware attack. There are other spyware tools such as Pegasus software, Intellexa Alliance’s predator, BadBazaar, SandStrike, and so on.

LianSpy prefers to keep it slow and offbeat. So it leverages its root privileges in order to evade security setups. Also, it uses the root privileges on compromised devices only. Apart from prying into your call logs and messages, the app also keeps a tab on your app lists. 

LianSpy is quite different from other financially motivated malware and simply focuses on targeted data-gathering operations.

Similar Posts