Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization (WHO) but instead spreading malware. Lastly, we have tips for those who are working at home to stay secure while social distancing.
Other cybersecurity news
- The Iranian government pushed out an app that purported to diagnose COVID-19 to its citizens. It didn’t, but it collected their data and tracked their movements. (Source: Vice)
- Slack was found to have a bug that allows attackers to take over accounts. Thankfully, this has been fixed. (Source: Bleeping Computer)
- Good news! Dozens involved in several money laundering schemes based in Atlanta, such as romance scams, were arrested and charged. (Source: News from the Northern District of Georgia)
- False information surrounding COVID-19 continues to spread on various platforms, including WhatsApp and TikTok. Be careful what you read. (Source: The Washington Post)
- On that vein, Internet giants promised to curb COVID-19 fraud and misinformation. (Source: ZDNet)
- And while you’re sifting through good COVID-19 information versus the bad, be on the lookout for phishing attempts as well. (Source: Electronic Frontier Foundation)
- A report reveals that shadow IoT—IoT devices used by employees that are not supported by their enterprise’s IT department—is prevalent and insecure. (Source: TechCentral)
- MonitorMinor, the latest stalkerware, reared its ugly head. And it’s persistent. (Source: Securelist)
- With a pandemic at play and people losing jobs, opportunistic actors saw a widening pool of potential money mules. (Source: KrebsOnSecurity)
- TrickBot and Emotet were in on the hype as they used the trending COVID-19 news stories to bypass several methods of detection. (Source: Bleeping Computer)
Stay safe, everyone!
