FlagThis

A new malware campaign is using a DLL side-loading technique to distribute the XLoader malware through a legitimate tool called jarsigner.exe, which is part of the Eclipse Foundation’s IDE package. Cybercriminals are placing malicious DLL files alongside the legitimate executable, ensuring their execution when the application runs. This method allows the malware to evade detection.

This cluster details a report by Citizen Lab and the EFF Threat Lab highlighting critical privacy vulnerabilities in the “RedNote” app. The analysis of version 8.59.5 found that the app transmits user content over unencrypted HTTP, potentially exposing sensitive data to network attackers. Static analysis also revealed the use of static keys for encrypting certain files, exposing those files to decryption. Furthermore, the app transmits device metadata without encryption, potentially vulnerable to man-in-the-middle attacks.

DeepSeek, a Chinese AI chatbot, garnered attention for its impressive performance and open-source approach. However, its rapid rise sparked security concerns regarding data transfer practices. Researchers discovered that the iOS application transmits user data unencrypted to servers controlled by ByteDance.

Brave Browser is introducing a new feature called ‘custom scriptlets’ that allows advanced users to inject their own JavaScript into websites, enabling greater control over their browsing experience. This functionality enhances privacy by blocking trackers and customizing website content, offering deeper customization and control.

Recent research suggests that OpenAI’s models, while powerful, are susceptible to “jailbreaks” or “fine-tuning” that can override their safety restrictions. This means that models designed for benign tasks can be trained to produce responses with malicious intent. The findings highlight an important vulnerability in current AI safety mechanisms and raise concerns about the potential for misaligned behavior from AI systems in real-world applications.

A massive data breach at location data company Gravy Analytics has exposed sensitive location data of millions of users. The breach affects users of popular apps like Candy Crush, Tinder, and MyFitnessPal, among thousands of others. This incident underscores the risks associated with the collection and sale of location data, particularly from advertising bid streams, without users’ or even app developers’ knowledge. The breach was posted on a Russian-language forum by the hacker using the alias “Nightly” and contained coordinates of devices in the US, Europe, and Russia.

Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.

Malicious actors are distributing malicious QR codes through various channels, including email attachments and physical mail. These QR codes lead to malicious applications designed to steal login credentials and other sensitive information. Security analysts are struggling to counter these attacks, while some email security vendors are employing overly aggressive flagging mechanisms that hinder legitimate communications.

A widespread campaign is leveraging the MintsLoader malware loader to distribute secondary payloads, including the StealC information stealer and a legitimate open-source network computing platform called BOINC. MintsLoader, a PowerShell-based loader, is delivered via spam emails with malicious attachments. This campaign targets a wide range of users with the intent to steal sensitive information using Stealc, and also leveraging BOINC for other malicious purposes such as crypto mining and other resource abuse. The multi-pronged approach makes this campaign more versatile and dangerous.