Hackers are Obsessed with Cryptocurrency and It’s Only Intensifying
Cyware Social reported on ever growing interest of hackers to cryptocurrencies
Attacks on cryptocurrency applications and platforms are spreading like wildfire. Recently, admins of Empire Market, the world’s biggest dark web marketplace that allegedly suffered a massive DDoS attack on August 23, could have exited the market pocketing $30 million. Cryptocurrency theft is growing both in terms of frequency of attacks and breadth of targets.
Joker Spyware Plagues More Google Play Apps
The Threatpost reported on Joker spyware messing with Google Play applications.
Google has deleted six apps from its Google Play marketplace that were infecting users with the Joker malware (a.k.a. Bread).
Together, the apps – which tout functionalities ranging from text messaging to emoji wallpaper – account for nearly 200,000 installs, researchers with Pradeo said in a post this week. As of Wednesday, Google confirmed with Threatpost that all infected applications have been removed from Google Play, but researchers said that they are still installed on the devices of their users, and urged users to immediately delete the apps.
Read more on the Threatpost
Slack Bug Allows Access to Private Channels, Conversations
The Threatpost reported on a critical Slack bug.
A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full remote control over the Slack desktop app with a successful exploit — and thus access to private channels, conversations, passwords, tokens and keys, and various functions. They could also potentially burrow further into an internal network, depending on the Slack configuration, according to a security report.
The bug (rated between nine and 10 on the CvSS vulnerability-severity scale), was disclosed on Friday, and involves cross-site scripting (XSS) and HTML injection. Slack for Desktop (Mac/Windows/Linux) prior to version 4.4 are vulnerable.