VPN user-data leaks, a new Android malware, and other cybersecurity developments

We have gathered the week’s most important cybersecurity news.

Researchers identify Android banking trojan that bypasses MFA and steals data from cryptocurrency holders

F5 Labs identified a new variant of MaliBot malware targeted at Android users, capable of bypassing two-factor authentication and stealing credentials.

. @F5 researchers led by @DorNizar have analyzed a new Android banking trojan, and it’s a doozy. It bypasses MFA, steals cryptocurrency from wallets, and allows for complete remote control. Read more https://t.co/P6fKlAuVOz pic.twitter.com/9bn9FLN9PR

— F5 Labs (@F5Labs) June 15, 2022

MaliBot masquerades as mining apps Mining X and The CryptoApp. The malware targets theft of cryptocurrency wallet data and banking accounts, personal information, and specializes in attacks on financial institutions in Italy and Spain.

The MaliBot controllers’ servers are located in Russia, and they appear to be the same servers used to distribute the Sality malware, according to F5 Labs.

Media: US authorities have increased funding for VPN developers to help Russian residents bypass censorship

The US government has, since the start of the war in Ukraine, increased funding for three VPN developers to help Russian residents bypass censorship and access media, Reuters reports.

Sources say the firms are nthLink, Psiphon and Lantern. Since the war began and Russia’s sweeping blocks on social networks, services, and media, VPN usage has surged. The increased funding aims to assist these companies with the influx of users from Russia.

Earlier, the U.S. State Department urged not to disconnect Russia from the Internet to allow residents to access independent information.

Cloudflare repelled a record DDoS attack

Cloudflare said its engineers mitigated a record DDoS attack with a peak of 26 million requests per second.

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record. https://t.co/cnOhlXhqkp

— Cloudflare (@Cloudflare) June 14, 2022

The attack targeted one of Cloudflare’s customers on the free plan. It was backed by a botnet consisting of 5,067 devices.

New Chrome extension hides users’ location better than a VPN

The Vytal extension for Google Chrome will not expose APIs for location discovery, reports Bleeping Computer.

The piece notes that even with a VPN enabled, a user’s geolocation can still be determined— for example, via a JavaScript API call to fetch location details directly from the browser.

Vytal lets users pick any location from a list of pre-filled locales, and to adjust data to match the IP address or their own geolocation.

Apple chief worries about the consequences of lost internet privacy

Apple chief executive Tim Cook told Time that he is concerned that people will start thinking and behaving differently as they lose the sense of privacy in a world where digital devices and technologies increasingly track their actions.

“I am deeply concerned about the loss of privacy. When we feel that we are constantly followed, our behaviour changes. We start doing less, thinking less, and we change the way we think. In a world where we curb our impulses, society changes profoundly,” he said.

BeanVPN user data leaked

Researchers found a database containing information on BeanVPN’s free VPN users.

The 18.5 GB dataset contains more than 25 million entries, including device IDs, IP addresses and other data.

Cisco to exit the Russian market entirely

Network equipment maker Cisco is set to leave the Russian market entirely, reports CNews citing sources.

According to the outlet, the company plans to announce the move at the end of June, after which it will lay off all staff. Cisco’s operations in Russia are expected to be wound down by early July.

Earlier, IBM, the largest producer and supplier of hardware and software, announced a complete cessation of its operations in Russia due to its invasion of Ukraine.

Also on ForkLog:

• In older versions of the MetaMask wallet, a vulnerability was discovered.
• Binance will restrict Litecoin deposits and withdrawals using the privacy feature.
• The hacker stole around $1.2 million in an attack on the Inverse Finance lending project.

What to read this weekend?

Against growing censorship and blocks, VPN services can help realise the right to free access to information. ForkLog has compiled a concise guide to the most popular options:

Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.