AP Stylebook Data Breach Results in Targeted Phishing Attacks

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

The Associated Press announced that users of its old website ‘’AP Stylebook’’ had been hit by targeted phishing attacks as a result of the July 2023 data breach incident.

The popular writing and editing style guide is used by several journalists, editors, and newsrooms across the world. The hackers managed to infiltrate the third-party maintained website to steal personal information of users.

‘’The personal information was stored in a database that was accessible on an old AP Stylebook website that was no longer in use but still available online and maintained on our behalf by an outside service provider, Stylebooks.com, Inc. (“Stylebooks.com”),’’ the notice read.

First discovered by AP on July 20, when Stylebooks.com notified that some of the AP Stylebook customers reported receiving phishing emails asking them to update credit card information on dubious APS websites.

An investigation into the incident revealed that unauthorized threat actors had stolen 224 users’ data by accessing the old and defunct website between July 16 and July 22, 2023.

The stolen data included a user’s name, email and street address, city, state, zip code, phone number, and user ID. While making a purchase, some customers were asked to provide Tax Exempt IDs. Thus, the stolen information might also include a customer’s Social Security Number (SSN) or Taxpayer ID.

The new and active AP Stylebook website (apstylebook.com) was not impacted by this incident. However, the company has sent out emails to both old and new website users warning them about the incident and potential phishing attacks.

‘’In this email, we alerted the recipients to the phishing emails, clarified which email address is used to send legitimate emails, and provided our contact information for any questions,’’ the notice read.

AP notified the relevant authorities and also made it mandatory for all users to change their passwords. It is also reviewing its security protocols and updating training programs for all internal users. Moreover, its users are being offered 2-years complimentary credit monitoring and identity restoration services.

Trojanized Telegram Apps ‘Evil Telegram’ Infects Thousands of Android Users

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Several counterfeit Telegram apps laden with spyware have been found on the Google Play Store by security researchers. The apps dubbed ‘’Evil Telegram’’ have been downloaded tens of thousands of times and appear to be targeting the Uighur minority and Chinese speaking community.

These modified apps (mods) were first discovered by researchers at Kaspersky, claiming to be the fastest app due to a distributed network of data processing centers worldwide.

‘’At first it gives an impression of a perfectly ordinary Telegram mod: most packages look the same as the standard ones. But, on closer examination, you can see the package called com.wsys, which is not typical for Telegram,’’ the article read.

This malicious module is used to access and harvest various user-related information like, contacts, target’s name, user ID, and phone number. It also monitors any user activity within the app, including exfiltrating any data sent and received via the messenger app, which is then transferred to a threat actor controlled encrypted C2 server.

‘’When receiving a message, uploadTextMessageToService collects its contents, chat/channel title and ID, as well as sender’s name and ID. The collected information is then encrypted and cached into a temporary file named tgsync.s3. The app sends this temporary file to the command server at certain intervals,’’ Kaspersky investigation revealed.

Additionally, the trojanized app is also enabled to collect information like IDs, nicknames, names, and phone numbers associated with the victims’ contacts. It also closely monitors the victim’s Telegram account and any change in name or phone number is directly transmitted to the hackers via the C2 servers.

While concluding, the researchers said that these full-fledged spyware apps targeting a specific location (China) have the capability to steal all information from a user’s device. Moreover, with only a slight change in code, they could successfully bypass Google Play’s security checks. These findings were later shared with Google and ultimately, removed from the Play Store.