Security Incident Survey February 3-9, 2020

Last week was marked by another data leak affecting Russian users. This time, a database of clients of various microfinance organizations (MFIs) leaked to the Network, containing more than 1.2 million records, including full name, phone numbers, email addresses, birth dates and passport data. Most of the records were related to the clients of Bystrodengy, Zaymer, eKapusta, Lime, and Mikroklad.

Google admitted that due to technical problems related to the function of uploading Google Takeout data to Google Photos, user videos were stored in other people’s archives. The problem arose last November. As assured by Google, it has already been resolved.

Experts reported on a new phishing campaign aimed at Android users, in which attackers infect devices with the Anubis banking trojan. The malware is able to steal financial information from more than 250 banking and shopping apps. The malware is distributed via phishing emails with an APK file disguised as an invoice. When opening this file, the user is prompted to enable “Google Play Protect,” but in reality the victim provides the application with all the necessary permissions, while disabling the protective service.

Japanese defense contractors Pasco Corporation (Pasco) and Kobe Steel (Kobelco) reported hacking of computer systems that occurred in May 2018, as well as in June 2015 and August 2016, respectively. During the attacks, the internal networks were infected with malware (which one is not disclosed), however, according to the enterprises, the investigation did not reveal data leaks.

500 thousand computers around the world were infected with various malware (including miners, infostealers and encryption programs) during a campaign that distributes malware through the hosting service of Bitbucket projects. The victims of the attackers were users who downloaded hacked versions of commercial software, such as Adobe Photoshop, Microsoft Office, etc. The bait programs contained the Azorult and Predator the Thief infostillers – the first collected the necessary data, and the second established a connection to Bitbucket to download additional malware.

  • ru
  • en