FlagThis

The Russian threat actor Star Blizzard has shifted its tactics, now targeting WhatsApp accounts via spear-phishing. The campaign involves messages that prompt victims to join a WhatsApp group, where their credentials can be harvested. This marks a departure from their previous methods, likely to evade detection. The primary targets are individuals involved in government, diplomacy, defense, and international relations, indicating an espionage-focused campaign. The use of social engineering via WhatsApp is a notable shift for this APT group.

A US Judge has ruled that NSO Group is liable for exploiting a vulnerability in WhatsApp to spy on 1,400 users. The court found NSO Group violated the Computer Fraud & Abuse Act, and WhatsApp is entitled to sanctions against NSO. NSO Group’s spyware, Pegasus, was used to target victims. This ruling has been called a landmark and major victory for WhatsApp. NSO used a zero-click exploit in WhatsApp to target the users.

The PixPirate malware, initially targeting Brazilian banks via Pix payment services, has expanded its reach to India, Italy, and Mexico. It spreads through WhatsApp spam messages, tricking victims into installing a downloader app that secretly installs the main malware. The malware hides its icon, making detection difficult. This campaign utilizes a YouTube video tutorial to further disguise its malicious nature, showcasing its deceptive nature and wide-ranging infection tactics.