Takedown of the world’s most dangerous botnet, Signal blocked in Iran, and other cybersecurity events

We have compiled the most important cybersecurity news from the past week.

Authorities carried out two international operations to neutralise malware

This week, authorities in several countries announced two successful and large-scale operations against malware.

Eight countries, in cooperation with Europol dismantled the Emotet botnet, which many regard as the world’s most dangerous malware. They took control of the botnet’s infrastructure.

Dutch authorities reported installing an update with a special code designed to remove Emotet from all infected devices on 25 March 2021.

The US DOJ described the second major operation. In cooperation with Bulgarian police, American authorities disrupted the NetWalker ransomware.

As part of the investigation, authorities also charged a Canadian national for involvement with NetWalker and seized $454 530 in cryptocurrency.

Study: 88% of Russian government apps transmit data to third parties

Experts at the NGO “Information Culture” analyzed the privacy of Russian government mobile apps. 88% of them have at least one embedded third‑party tracker and transmit data to third parties.

Each of the studied apps uses at least one potentially dangerous permission, say the authors of the study. Among them are requests for read and write access to external storage, access to location, camera and device information.

TikTok bug allowed collection of users’ personal data

Check Point researchers identified a vulnerability in the popular TikTok app, through which one could gain access to users’ phone numbers, unique IDs and photos. It also allowed hiding profiles and managing subscriptions.

The vulnerability threatened users who had linked a phone number to their account.

Earlier, hackers from Anonymous accused TikTok of mass surveillance of users and data sharing with Chinese authorities.

Media: Signal blocked in Iran

Iranian authorities have begun a crackdown on the privacy-focused messenger Signal, according to Al Jazeera.

Since 14 January, it has been removed from Cafe Bazaar, Iran’s version of Google Play, and another local app store Myket, the publication reports.

Officially, authorities say they have not blocked media or messaging apps since 2019. Iranian cybersecurity researcher Amir Rashidi noted that Signal blocked Telecommunication Infrastructure Company — the sole provider of telecom infrastructure for all private and government operators in Iran.

Update: @signalapp‘s website was blocked by TIC and the app is blocked on ISP level. https://t.co/pktAWPlRab

— AmiR Rashidi (@Ammir) January 25, 2021

Signal had already been blocked in Iran in 2016-2017, but the block drew little attention as the app had few users at the time.

Since early 2021, the user base of the service has surged amid a mass exodus from WhatsApp.

Signal said it would fight censorship, saying Iranians deserve privacy.

Ever since Signal simultaneously hit #1 on the 🇮🇷 Play Store and #1 on the 🇮🇷 government’s block list, we’ve been working around 🇮🇷 censorship.

Unable to stop registration, the IR censors are now dropping all Signal traffic.

Iranian people deserve privacy. We haven’t given up.

— Signal (@signalapp) January 25, 2021

Data of more than 2 million MeetMindful dating-site users exposed online

Hackers published a 1.2‑GB database with the data of users of the American dating site MeetMindful.

It contains data on about 2.28 million people, including their names, birth dates, email addresses, IP addresses, hashed account passwords, and a multitude of other details.

Authorities will spend close to 3 billion rubles on facial recognition in New Moscow

The Moscow Department of Information Technology (DIT) plans to spend 2.917 billion rubles on a facial-recognition capable video surveillance system in the Novomoskovsky and Troitsky administrative districts. This was reported by Kommersant, citing documents on the state procurement portal.

The contractor will need to approve installation sites for 1,700 cameras in courtyards and 292 cameras in “crowded places.” By September 2025, video will be transmitted to the Unified Centre for Storage and Processing. Cameras will be integrated into the city’s facial recognition system and the Ministry of Internal Affairs system.

Earlier, the public organisation RosKomSvoboda called for a imposing a moratorium on the facial-recognition system in Moscow.

Darknet marketplace Deer administrator pleads guilty

Kirill Firsov, a Russian national held in the United States, pleads guilty to cybercrimes.

He confirmed that he was the administrator of Deer, a marketplace specialising in trading stolen personal data and banking card information. The DOJ describes it as a “Russian platform.”

Payments for Deer services were made in bitcoins or via WebMoney.

Recall, the FBI arrested Firsov in March 2020.

US intelligence buys location data for smartphones, reports say

The military arm of the U.S. Intelligence Community buys geolocation databases from various apps and tracks the movements of Americans and foreigners without a warrant, The New York Times reports.

According to the publication, the intelligence services track foreigners’ locations to prevent threats to American troops stationed worldwide.

However, data vendors do not separate American and foreign users. To access the database on U.S. residents, analysts who filter the data must obtain a special authorization. In the last 2.5 years, such authorization has been granted only five times, The New York Times notes.

Earlier journalists already reported that American military purchases data obtained from apps about people’s movements in various countries.

Also on ForkLog:

• The media reported a data leak of BuyUCoin users.
• A vulnerability was found in Apple devices allowing remote access.
• Hackers increased attempts to steal Telegram channels using a trojan.
• CipherTrace estimated losses from crypto scams and hacks in 2020 at $1.9 billion.

What to read this weekend?

“Russian hackers” have already become a byword, especially in the American discourse.

We tell the story of the Russian hacking group Lurk, which stole more than a billion rubles from bank accounts and broke one of the unspoken rules of cybercrime — “don’t work against RU.”

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full feed of news, ForkLog — the most important news and polls.