Cybersecurity news headlines for August 1-31, 2019

Cybersecurity news headlines for August 1-31, 2019

August’s edition of cybersecurity news headlines is here, and we have three stories to report on. It’s a short one this month but nothing too major happened. 22 Texas cities were hit with a coordinated ransomware attack, dating app 3Fun leaked users’ precise location data and personal information, and legitimate app CamScanner was found to deliver malware to its users.

22 Texas cities hit by coordinated ransomware attack

In what is believed to be a coordinated attack, 22 town governments in Texas had been infected with malware now identified to be Sodinokibi ransomware. On August 16, several local Texas governments reported problems with file access, and soon after 22 governments were identified as victims by the DIR (Texas Department of Information Resources). A collective ransom of $2.5 million was requested.

The full list of affected local governments has not been released but the cities of Borger and Keene did admit to being among the victims. Victims were notified soon after, and resources were deployed to help the local governments bring their systems back online. For a period of time, local governments were unable to access any kind of payments, and were unable to access Vital Statistics services. Other agencies such as Texas Division of Emergency Management, the FBI, the DHS, Texas Department of Public Safety were also involved in recovery efforts.

It was later revealed that the ransomware got into the systems via manager service provider (MSP) software, which is used for technical support. MSPs are convenient tools that allow external companies to gain remote access to client’s network to fix problems, as well as install updates/software.

Dating app 3Fun exposes users’ personal information and exact location

Dating app aimed at “curious couples & singles” 3Fun exposed its users’ location as well as personal data like date of birth, sexual preference, and pictures. The exposed locations were very precise, to the point that someone’s whereabouts could be tracked to a specific house or building. 3Fun users were tracked to the White House, 10 Downing Street, and US Supreme Court.

Many dating apps collect real-time location data from users in order to match with someone nearby. However, the precise locations of potential matches are never shown to users, and instead they can see how many kilometres/miles they are away. 3Fun users have the option of not showing their location to other users at all but it still reaches 3Fun servers. According to Pen Test Partners, a company specializing in penetration testing and security services, the 3Fun app leaks users’ locations to the mobile app. In addition to their location, the app also leaks dates of birth, allowing one to identify other users quite easily, particularly if their locations are in places like the White House. In addition to location and dates of birth, the app also leaked private photos.

Pen Test Partners contacted 3Fun with their findings, and it seems the problem was resolved fairly quickly.

CamScanner for Android found to deliver malware to millions of users

An app with more than 100 million downloads was found to deliver malware to its users. The app is available on Google’s Play Store, where it has more than 1 million reviews. Developed by Shanghai-based CC Intelligence, CamScanner is an app that allows users to create PDFs of documents/images.

Researchers from security company Kaspersky found the app to be delivering malware, a trojan dropper to be more specific. The company noticed that recent versions of the app contained an advertising library with a trojan. According to the company, the trojan dropper extracts and runs another malicious module from an encrypted file in the app’s resources. The dropped malware then downloads additional malicious modules.

Infected apps could subject users to intrusive advertisements and sign them up for paid subscription services without permission.

The app was removed from Google Play Store after the malicious behaviour was noticed. However, a clean version was reuploaded soon after. The app remains available both on Google Play Store and Apple App Store.

While downloading apps from legitimate stores like Google Play is much safer than from third-party stores, picking up malware is not impossible. CamScanner is a great example as it is a perfectly legitimate app with millions of downloads and great reviews. This incident just highlights how difficult it is for Google to keep track of all the apps. Not only are thousands of apps being uploaded every day, but they are also updated regularly.