Yazılar

More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package

/in /tarafından

A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.

The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.

According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.

Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.

Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.

Romania arrests 13 in phishing scam targeting British tax office

/in /tarafından

Thirteen individuals have been arrested in Romania following phishing attacks targeting the UK’s tax authority, HM Revenue & Customs (HMRC). The suspects are believed to have used stolen data to fraudulently claim millions of pounds in tax payments, HMRC announced on Thursday.

The arrests involved a coordinated effort with over 100 Romanian police officers, focusing on the southern counties of Ilfov, Giurgiu, and Calarasi. During the raids, authorities seized cash and luxury vehicles. The arrested individuals, aged between 23 and 53, face charges including computer fraud, money laundering, and illegal access to computer systems.

Additionally, a 38-year-old man was arrested in Preston, northwest England, on the same day. These actions follow HMRC’s disclosure last month that a criminal gang had stolen approximately £47 million ($63.7 million) by accessing over 100,000 customer accounts through phishing schemes and submitting false payment claims to the government.

HMRC emphasized that the fraud targeted the tax office rather than individual customers, though around 100,000 people were notified as a precaution. Criminal groups allegedly used the stolen data to file fraudulent claims for income tax, value-added tax (VAT), and child benefit repayments.

Simon Grunwell, operational lead of HMRC’s Fraud Investigation Service, said the agency has already taken steps to protect affected customers after detecting attempts to access a small portion of tax accounts.

Earlier, in November, two men were arrested in Bucharest as part of related cybercrime and fraud investigations linked to these phishing activities.

U.S. Indicts Chinese Hackers and Sanctions Tech Company Over Spy Campaign

/in /tarafından

The U.S. government has announced new legal actions targeting alleged Chinese hackers, including multiple indictments and sanctions, in connection with a years-long espionage campaign. Federal authorities have charged 10 individuals in total, including eight employees from a Chinese tech company, i-Soon (also known as Anxun Information Technology), and two members of the Chinese Ministry of Public Security.

The indictment, made public on Wednesday, describes i-Soon as a key component in China’s “hacker-for-hire” ecosystem, claiming the company played a significant role in targeting global and U.S. entities. Among the alleged victims were the U.S. Defense Intelligence Agency, the Department of Commerce, Taiwan’s and South Korea’s foreign ministries, and several organizations critical of China, including news agencies. Additionally, the hackers infiltrated various religious groups, including a major U.S.-based religious organization.

The indictment outlines that i-Soon charged Chinese intelligence agencies between $10,000 and $75,000 for each email inbox they successfully breached, with added fees for data analysis. The charges against the individuals range from stealing sensitive personal and government data to orchestrating cyber-attacks on foreign governments.

In response, the Chinese embassy in Washington condemned the U.S. sanctions, emphasizing China’s opposition to what it called “long-arm jurisdiction” and vowed to take action to protect the rights of its citizens and companies.

Alongside the indictments, the U.S. Treasury Department announced sanctions against Shanghai-based Heiying Information Technology and its founder, Zhou Shuai, for allegedly selling stolen data and access to compromised U.S. infrastructure networks. Some of the stolen data was reportedly sold to a previously sanctioned Chinese hacker, Yin Kecheng, who was also indicted. Yin is linked to a prior breach of U.S. Treasury data.