News Heading - 1

Malicious SpyLoan Applications on Google Play Extorts Users

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Since the beginning of 2023, security researchers have identified several deceptive loan apps on Google Play Store. Posing as legitimate personal loan services, these apps promise users a quick and easy access to funds. However, their true intent is to defraud victims into signing up for high-interest loan payments and collecting personal and financial information for blackmailing them.

Dubbed SpyLoan, due to their inherent functionality, these applications have been downloaded more than 12 million times on Google Play. However, the actual count is estimated to be much higher as they are also available on third-party app stores and fraudulent websites, revealed ESET .

Marketed through social media websites and SMS messages, SpyLoan deceives victim’s into sharing various kinds of sensitive information and exfiltrate it to hacker controlled C2 servers.

Stolen information includes, call logs, device details, installed apps, calendar events, contact list, location data, SMS messages, local Wi-Fi network details, and file information. According to ESET researchers, the purpose behind collecting this data and various device permission requests ‘’is to spy on their users and harass and blackmail them and their contacts’’.

ESET, a member of the App Defense Alliance and active participant in mitigating malware from Google Play, discovered 18 SpyLoan apps. These were reported to Google, resulting in the removal of 17 notified apps.

The research further revealed that irrespective of the download source, the risks and functionality of these apps were identical, due to a similar underlying code. Furthermore, ESET’s telemetry revealed that these attacks were more prominent in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore.

According to ESET’s researcher Lukáš Štefanko, these apps are designed to take advantage of vulnerable people. Thus, it is essential that online users exercise caution and stay vigilant when using such financial applications.

ESET further advises people to download apps only from verified, official sources and to carefully scrutinize requested permissions, app reviews, and policies to prevent falling prey to such threats.

News Heading - 2

Fancy Bear Exploits Outlook Flaw to Hijack Microsoft Exchange

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

The flaw CVE-2023-23397 (CVSS score 9.8) when successfully exploited allows hackers to access targets’ email accounts to retrieve ‘’high-value information’’, revealed Polish Cyber Command , which partnered with Microsoft in this investigation.

The investigation further revealed that without any user interaction, the vulnerability can be exploited with a specially crafted message to the victim. ‘’The user does not need to interact with the message: if Outlook on Windows is open when the reminder is triggered, it allows exploitation,’’ Microsoft said .

The flaw not only allows the theft of sensitive information, but also allows hackers to steal NTLMv2 hashes, thus granting system privileges. Using owner privilege, APT28 changed mailbox folder permissions, and initiated lateral movement in the compromised environment to not only steal information but also target other members of the same organization.

The flaw affects all versions of Outlook for Windows, except Outlook for Android, iOS, Mac, and users who use Outlook on the web (OWA) without using the Outlook client. According to the tech giant, APT28 is believed to have been exploiting this vulnerability since April 2022.

Later in March 2023, Microsoft identified this critical elevation of privilege vulnerability in Outlook on Windows and issued patches for this zero-day bug.

The company also revealed the other publicly available vulnerabilities exploited by APT28, like WinRAR CVE 2023-38831 and the MSHTML Remote Code Execution CVE 2021-40444 .

Microsoft urged all users to apply the latest available security updates, reset passwords of compromised accounts, and enable multi-factor authentication (MFA) for all users.