- \n
- Researchers found a compromised device belonging to a North Korean hacker.<\/li>\n
- Spyware is targeting Android users.<\/li>\n
- The Broadside botnet targets maritime navigation systems.<\/li>\n
- Asus, Qualcomm and ArcSoft were hit by hackers.<\/li>\n<\/ul>\n<\/div>\n
Analysts find a North Korean hacker\u2019s compromised device<\/h2>\n
Researchers at Israeli cybersecurity firm Hudson Rock found<\/a> in the logs of the Lumma infostealer a compromised device belonging to a North Korean hacker.<\/p>\n
The data point to a direct link between the owner and infrastructure used in the attack on Bybit<\/a> in February. A crucial clue was an email address on the device that had appeared in Silent Push<\/a> reports; it was used to register a phishing domain just hours before the Bybit incident.<\/p>\n
Although the owner of the infected system may not have taken part directly in the theft of funds, experts are confident the machine was part of the shared resource pool of Lazarus<\/a>.<\/p>\n
According to the analysts, the compromised workstation was powerful and purpose-built for developing hacking tools. Despite using a VPN to appear as a US IP address, the browser language was set to Chinese, and the search history contained requests to translate from Korean.<\/p>\n
Disk activity suggested the hacker was preparing a new phishing campaign. The researchers also found evidence of purchases of domains impersonating popular services and local files for fake Zoom installers.<\/p>\n
Spyware targets Android users<\/h2>\n
Zimperium experts identified<\/a> a new malicious campaign targeting Android users.<\/p>\n
The newly observed DroidLock trojan blends ransomware and spyware functions. It spreads via fraudulent sites masquerading as legitimate apps, using a two-stage infection scheme. Once installed, it tricks users into granting device administrator and accessibility permissions.<\/p>\n
The trojan mainly targets Spanish-speaking users and can change the PIN and biometric settings, as well as remotely control the device. It also captures unlock patterns, records audio and steals the contents of SMS and calls.<\/p>\n
Unlike traditional lockers, DroidLock does not encrypt files; it threatens to delete them. On command from its server, a ransom demand is displayed on the screen.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-0b22bb413dfe29f5-782770963814234.webp\")
Source: Zimperium.<\/figcaption><\/figure>\n The researchers have notified the Android security team, and Google Play Protect can now detect and block the threat.<\/p>\n
They strongly advise against sideloading APK files from third-party sources and urge caution with apps that request device administrator rights.<\/p>\n
The Broadside botnet targets ships\u2019 navigation systems<\/h2>\n
The new Broadside botnet is actively infecting CCTV systems and IoT<\/span> gateways on commercial vessels, report<\/a> experts at Cydome, a maritime-cybersecurity firm.<\/p>\n
The malware is based on Mirai\u2019s code. Its chief danger lies in its ability to mount powerful DDoS<\/span> attacks and covertly intercept video streams. Infected devices can be used as a beachhead to penetrate ships\u2019 navigation systems, posing a direct threat to maritime safety.<\/p>\n
According to Cydome, the botnet activates password\u2011brute\u2011forcing against VSAT satellite terminals that provide connectivity to ships on the open sea. Infection happens automatically when a victim enters the coverage area. After compromising the gateway, the malware scans the vessel\u2019s local network for weaknesses in electronic navigation chart display systems.<\/p>\n
The researchers warned that Broadside\u2019s operators have begun selling access to infected onboard networks on underground forums. Buyers may include rivals of logistics firms seeking route and cargo data, as well as pirates using vessel location information to plan physical attacks in high\u2011risk regions.<\/p>\n
Asus, Qualcomm and ArcSoft hit by hackers<\/h2>\n
Asus confirmed<\/a> unauthorised access at a supplier\u2019s infrastructure. The extortion group Everest in turn claimed a large data theft, the outlet Hacker<\/a> reported.<\/p>\n
The criminals say they stole 1TB of confidential information from all three companies \u2014 Asus, Qualcomm and ArcSoft. Media reports say the haul includes smartphone\u2011camera software source code, custom AI models and internal developer tools.<\/p>\n
As proof, the hackers posted screenshots of compromised files on the dark web.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-b18ad493d0f44c78-782771178948480.webp\")
Source: \u201cHacker\u201d.<\/figcaption><\/figure>\n Asus stressed that the attack did not affect its own servers or customer data. The leak was limited to parts of the mobile\u2011camera software source code managed by a partner. The company has launched a supply\u2011chain security audit but did not name the compromised contractor.<\/p>\n
At the time of writing, Qualcomm and ArcSoft had not commented on the possible data loss.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- Belarus\u2019s Ministry of Information cited<\/a> the reason for blocking several crypto exchanges.<\/li>\n
- A co\u2011founder of the Finiko pyramid was extradited<\/a> from the UAE to Russia.<\/li>\n
- Silk Road wallets moved<\/a> $3m in bitcoin.<\/li>\n
- Arkham de\u2011anonymised<\/a> more than half of Zcash transactions.<\/li>\n<\/ul>\n
What to read this weekend?<\/h2>\n
French thinkers showed that technology is not neutral. The internet, conceived as a realm of freedom, carries the genes of control and simulation.<\/p>\n
- A co\u2011founder of the Finiko pyramid was extradited<\/a> from the UAE to Russia.<\/li>\n
- Belarus\u2019s Ministry of Information cited<\/a> the reason for blocking several crypto exchanges.<\/li>\n