Invasive Linux Malware Symbiote Stealthily Steals Credentials and Enables Backdoor Access
Hackers use Follina to spread banking Trojan, Stalkerware TruthSpy exposes data, Russian warns West to stop cyberattacks or else, Hacker exploits Optimism lapse to swipe $16 million, much more
Researchers at BlackBerry and Intezer Labs say that a newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access.
The malware acts as a system-wide parasite, leaving no identifiable signs of infection even during in-depth inspections because it uses the BPF (Berkeley Packet Filter) hooking functionality to sniff network data packets and to hide its own communication channels from security tools. The malware is primarily used for automated credential harvesting from hacked Linux devices by hooking the "libc read" function. (Bill Toulas / Bleeping Computer)
Related: CSO Online, Teiss, The Hacker News, Cyberintel Magazine, ZDNet, ZDNet, Intezer, The Hacker News, SiliconANGLE, GovInfoSecurity.com, DataBreachToday.com, Ars Technica, BetaNews, The Info Op, Blackberry, Security Week, PC Risk, TechCentral.ie, Help Net Security
Researchers at Proofpoint say that hackers are using the recently disclosed Windows zero-day vulnerability Follina (CVE-2022-30190) to spread a widely-used banking trojan with ties to several ransomware groups.
Proofpoint shared evidence that a threat actor they’ve named “TA570”, who they’ve been tracking since 2018 and is heavily associated with the Qbot malware, is now using CVE-2022-30190 to deliver the widespread malware used to steal banking information.
Several cybersecurity experts corroborated Proofpoint’s findings, including Nicole Hoffman, senior cyber threat intelligence analyst at Digital Shadows. (Jonathan Greig / The Record)
Related: Security Week, Techradar, The Register - Security, The Hacker News, Forbes, Proofpoint
Spouse-monitoring stalkerware TruthSpy, part of a network of stalkerware apps that use infrastructure maintained by a Vietnam-based company called 1Byte, is exposing a wealth of data from phones with the malware installed, including photos of children, pets, and others related to babies. These images are available to anyone visiting a URL on TheTruthSpy’s website.
The exposed data also includes a selection of apparent GPS locations of victims’ phones. TruthSpy did not respond to a request for comment. (Joseph Cox / Motherboard)

Joseph Cox @josephfcox
New: TheTruthSpy, a popular piece of Android stalkerware that has marketed itself to abusive people to spy on their spouses, is exposing images of children and others related to babies. Very personal photos just sitting there online https://t.co/PIiR3Hxbt9Researchers at PIXM uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.
The operation used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions. The researchers found that in 2021, 2.7 million users had visited one of the phishing portals. This figure went up to 8.5 million in 2022, reflecting the massive growth of the campaign. (Bill Toulas / Bleeping Computer)
Related: Malwarebytes Labs, TechGenix, PIXM
Russia warned the West that cyber attacks against its infrastructure risked direct military confrontation and that attempts to challenge Moscow in the cyber sphere would be met with targeted countermeasures.
Russia’s foreign ministry said that Russia's critical infrastructure and state institutions are being hit by cyberattacks and pointed to figures in the United States and Ukraine as being responsible. The statement, issued by the ministry's head of international information security, said Washington was "deliberately lowering the threshold for the combat use" of IT. (Reuters)
Related: Ministry of Foreign Affairs of the Russian Federation





Around 20 million Optimism governance tokens (OP) worth around $16 million loaned to facilitate transactions were lost, with cryptocurrency market maker Wintermute taking responsibility for the lapse. Optimism blames the lapse on human error.
A hacker took advantage of the lapse to transfer the 20 million OP tokens from layer-1 to layer-2, even as Wintermute scrambled to recover the in-limbo funds. The attacker, however, had, as of publication, only liquidated about a million of the stolen tokens sending the one million tokens meant for crypto market maker Wintermute to Ethereum co-founder Vitalik Buterin’s wallet address, according to PeckShield. (Osato Avan-Nomayo / The Block)
Related: Blockworks, Optimism Foundation, Motherboard, CryptoPotato, BeinCrypto, Crypto Briefing


Osmosis, a decentralized exchange built using CosmosSDK, was exploited, with its liquidity pools losing approximately $5 million. Developershalted the Osmosis blockchain to prevent further damage.
One user on Reddit warned the Osmosis developers about a critical bug in their decentralized exchange. The user maintained that by providing liquidity to the liquidity pools, a malicious actor would then be able to withdraw 50% more than your deposit without any bonding period (a period over which the funds are locked). The recent loss resulted from just such a bug. (Sujith Somraaj / Decrypt)
Related: The Block, BeInCrypto

Junønaut @TheJunonaut
A critical bug has been found on $OSMO / @OsmosisZone which could have potentially drained all liquidity pools. It has been discovered after a post on the subreddits /r/CosmosNetwork and /r/OsmosisLab. The chain was halted under immediate emergency to avoid further damage. 🧵 https://t.co/VE2drIZjtwSeth Green's "kidnapped" Bored Ape has been returned to its original owner, ending weeks of frantic speculation about its whereabouts and the intentions of its alleged abductor, a pseudonymous NFT collector known as “Mr. Cheese.”
Bored Ape #8398 was stolen from Green in early May after the actor fell for a phishing scam. Mr. Cheese, who has also used the moniker “DarkWing84,” said they believed the ape was “bought in good faith” and claimed they had no idea it was illicitly obtained. The pseudonymous investor had purchased the NFT from Green’s scammer for a whopping $200,000. (Sarah Emerson / BuzzFeed News)
U.S. District Judge Edward Davila in San Jose, California, dismissed a proposed class-action lawsuit accusing Apple of defrauding customers by selling iPhones and iPads whose processors proved vulnerable to two cybersecurity memory flaws, Meltdown and Spectre, first disclosed in 2018.
Davila said customers failed to prove that they overpaid for their devices because Apple knowingly concealed defects and provided security patches that made its devices significantly slower. (Jonathan Stempel / Reuters)
Related: Apple Insider, Tom’s Hardware, The Register, Law360
In a paper presented at the IEEE Security and Privacy Conference last month, Researchers at the University of California San Diego showed for the first time that Bluetooth signals each have an individual, trackable fingerprint.
"By their nature, BLE [Bluetooth Low Energy] wireless tracking beacons have the potential to introduce significant privacy risks," the researchers wrote. "For example, an adversary might stalk a user by placing BLE receivers near locations they might visit and then record the presence of the user's beacons."
However, to exploit the fingerprint, an attacker would first need to isolate the target to capture the fingerprint in the wireless transmissions and find the unique physical-layer features of the device's Bluetooth transmitter. After that, they would need to have a receiver in a place the device might be and have it passively sniff for the target's Bluetooth transmissions. (Jeff Burt / The Register)
The Cybersecurity and Infrastructure Agency (CISA) added 36 new flaws to its catalog of vulnerabilities known to be exploited by cybercriminals.
Among the 36 vulnerabilities that have been added are flaws in software and products from Microsoft, Google, Adobe, Cisco, Netgear, QNAP, and others. (Danny Palmer / ZDNet)
Related: Security Week, CISA
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.