Blacksite's Intelligence Report - Tuesday Edition for Week of May 16th, 2022

The Blacksite Weekly Intelligence Report

Tuesday Edition

 Facestealer Malware on Google Playstore Apps

 More than 200 Android apps have been spotted distributing spyware called Facestealer. The spyware is designed to siphon user credentials and other valuable information. 42 of the 200 apps are VPN services, followed by a camera and photo editing applications. Researchers from NortonLifeLock and Boston University published what they called the "largest on-device study" of potentially harmful apps (PHAs) on Android-based on 8.8 million PHAs installed on over 11.7 million devices between 2019 and 2020.

More information: https://www.usenix.org/conference/usenixsecurity22/presentation/shen


Admin IT Gets Jail Time for Wiping Company Database

 Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison. Bing allegedly used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers. Bing was one of the five main suspects in the data deletion incident. Bing raised suspicion when he declined to give his laptop password to investigators. He had repeatedly informed his employer and supervisors about security gaps in the financial system.

More information: https://www.bleepingcomputer.com/news/security/angry-it-admin-wipes-employer-s-databases-gets-7-years-in-prison/


Hacked Wordpress Sites Redirect Users to Scam Sites

 Researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects. The April set of attacks, on the other hand, has breached over 6,500 websites. The campaign is believed to have impacted 322 websites so far, starting May 9.

More information: https://blog.sucuri.net/2022/05/massive-wordpress-javascript-injection-campaign-redirects-to-ads.html


Tool of the Week: Gotanda

 Gotanda is OSINT (Open Source Intelligence) Web Extension for Firefox/Chrome. This web extension could search OSINT information from some IOC in web page.(IP,Domain,URL,SNS...etc).

More information: https://github.com/HASH1da1/Gotanda


 How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats

 The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.

 More information: https://blacksite.solutions/products

 Please contact us and we’ll be glad to assist you.

 Become invisible, become secure.