i2VPN Data Breach Exposed User Data in Telegram Group
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
In a recent data breach incident, threat actors claimed to have successfully hacked into i2VPN’s computer system and exfiltrated sensitive admin and user information, reveals a new report from SafetyDetectives.
Developed by i2tek, I2VPN is a free, no registration VPN proxy server app available to download on both Google Play and App Store. Since its launch, the app has been downloaded more than 500,000 times on Play store while for the iOS devices, the current download numbers are unavailable. Thus, making it inconceivable to estimate the number of users exposed to the breach.
The incident which occurred last month came to light when the researchers discovered the stolen information posted on an Arabic-speaking hacker channel. ‘’The hackers shared [..] on an Arabic-speaking hacker channel together with the message “حالا هی برید vpn های ناامن رایگان نصب کنید,” which, based on a web-translation, reads as “Now go install a free, unsecure VPN service,” stated the report.
The publicly available data contained the admin’s email ID and password, along with screenshots of the VPN’s dashboard displaying information about data centres and users’ subscription details. User subscription data included user account name, IDs, email addresses, payment information, and expiry dates. Although user data was not directly exposed by the hackers, access to admin credentials do present a potential threat. When accessed by a threat actor, it exposes the unsuspecting user to different security threats including spying and phishing attacks.
The report further revealed that the breached data was posted in a Telegram group on May 29, 2023. Details about the hackers behind this attack remain unknown as no threat group has claimed the attack nor has i2tek released any statement.
Android Malware Anatsa Targets 600 Financial Applications to Steal Sensitive User Information
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Researchers at ThreatFabric have discovered a new malware campaign that has been deploying Anatsa, an Android banking trojan that collects users’ financial information. Active since March 2023, the new campaign has seen more than 30,000 installations and seems to be targeted at users in US, UK, Germany, Austria, and Switzerland.
The Netherlands-based cybersecurity company has been tracking this malware since 2020 and their modus operandi continues to be the same. The Anasta creators release dropper apps disguised as office/productivity tools like office suites and PDF readers/ editors. To avoid detection during Google’s review process, the malware creators initially submit clean apps and later update them with malicious code.
Once installed, the malware takes the user to a GitHub-hosted page where they download a Anasta payload masquerading as an add-on to the original application. Using its keylogging and overlay technique, the malware extracts all financial data including payment information, banking credentials and credit-card details.
This information is later used by cybercriminals to perform phishing attacks. ‘’Anatsa provides them with the capability to perform Device-Takeover Fraud (DTO), which then leads to performing actions (transactions) on the victim’s behalf,’’ the findings revealed. The stolen money is converted to cryptocurrency and transferred to the malware operators through an extensive network of local money mules.
Till date, the malware has successfully avoided detection by the banking anti-fraud systems as ‘’transactions are initiated from the same device that targeted bank customers regularly use,’’ revealed ThreatFabric.
On being notified by the cybersecurity researchers, Google immediately removed these infected apps from its store. However, the creators are known to immediately publish a new disguised version of the app. Thus, it is essential that before downloading any app, users should check the reviews and install well-known apps with higher number of downloads. Having a good antivirus on the device can also keep the users safe from Android malwares.
