9-Jul-23: In Security News Today

Truebot Malware Variants Abound, According to CISA Advisory
An advisory from the Cybersecurity and Infrastructure Security Agency (CISA), several US organizations, and the Canadian Center for Cyber Security (CCCS) warns of Truebot malware variants that are increasingly being utilized by threat actors against various organizations in the US and Canada.

Malicious NPM packages power both commodity phishing attacks and higher-end software supply chain compromises
Malicious NPM packages were identified by researchers from ReversingLabs which supported phishing attacks that harvested user data with phony Microsoft.com login forms launched from malicious email attachments. The other tranche was intended to implant credential harvesting scripts in applications that inadvertently incorporate the npm packages.

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China
Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.

Malicious apps:

File Recovery and Data Recovery – com.spot.music.filedate – 1M+ Installs
File Manager – com.file.box.master.gkd – 500K+ Installs  

RomCom Threat Actor Suspected of Targeting Ukraine’s NATO Membership Talks at the NATO Summit
On July 4, the BlackBerry Threat Research and Intelligence team found two malicious documents submitted from an IP address in Hungary, sent as lures to an organization supporting Ukraine abroad, and a document targeting upcoming NATO Summit guests who may also be providing support to Ukraine. Their analysis based on the tactics, techniques, and procedures (TTPs), code similarity, and threat actor network infrastructure leads us to conclude that the threat actor known as RomCom is likely behind this operation.

Threads is a privacy nightmare
Instagram Threads collects a wide range of data from users, according to its “App Privacy” blurb on the Apple App Store, including health information, purchase histories, financial data, location, contact lists, search and browsing history, usage data, and a somewhat ominous category of data listed as simply “sensitive info.”