Google Play Services Upgrade
In a significant upgrade to Google Play services, a novel automatic reboot feature has been introduced for Android smartphones. This change is likely to hinder data retrieval attempts using contemporary forensic methods. The update enables devices to restart automatically after 72 hours of inactivity, thus keeping them in a secure state known as “Before First Unlock” when the device is initially powered on. Most user data within this state remains encrypted, making it inaccessible until the device is unlocked for the first time, transitioning it into the “After First Unlock” (AFU) stage, where extraction becomes feasible.
Malicious Apps Discovered
Meanwhile, Dr.Web researchers have revealed the presence of malicious apps disguised as legitimate software on budget versions of popular Android smartphones from manufacturers like Samsung and Huawei. These trojanized applications include widely used services such as WhatsApp and Telegram, along with QR code scanners. A particular strain of malware, referred to as Shibai, manipulates the application updating process and hunts through chat logs for cryptocurrency wallet addresses, swapping them out with fraudulent ones. Furthermore, it maliciously scans stored images for vulnerable seed phrases. The perpetrators are said to utilize around 30 domains and more than 60 servers to spread the infection, with their scheme reportedly netting over $1.6 million in just two years.
Vulnerabilities in Browser Wallets
In another cybersecurity development, Coinspect researchers have identified serious vulnerabilities within popular browser wallets—Stellar Freighter, Frontier Wallet, and Coin98—that could enable covert theft of users’ assets. These vulnerabilities arise from the wallets injecting code into every tab a user visits, establishing channels that mistakenly allow applications to recognize the wallet’s operations and request access for functions such as funding transfers or balance inquiries. Malicious actors could exploit this background script to pose as legitimate requests, potentially leading to the accidental reveal of sensitive seed phrases to users. The developers of these wallets have been notified, and fixes have been implemented to address these critical issues.
4chan Hack Incident
On April 14th, the online forum 4chan fell victim to a significant hack, leading to its temporary closure. The imageboard Soyjak.party took credit, leaking sensitive information including administrator panel screenshots and email addresses linked to the platform’s management. Reports from Bleeping Computer indicated that the hackers could gain access to users’ IP addresses and personal locations, and even manipulate database functions across the platform. Less than an hour after the breach, the forum’s source code surfaced on Kiwi Farms. The community speculated that an outdated PHP version could have facilitated the attack, prompting administrators to shut down servers to limit further impact; at present, the site remains offline.
Prodaft’s Darknet Activities
Additionally, Swiss cybersecurity firm Prodaft announced its intent to acquire accounts from darknet forums, placing specific interest in ones from platforms like XSS, Exploit, RAMP4U, Verified, and BreachForums, especially those registered before December 2022. They assure sellers cryptocurrency payment while offering higher sums for admin roles, emphasizing that accounts must not be on law enforcement’s watchlists. Users can also report cybercrimes through this initiative, which operates securely and anonymously, with data being later shared with law enforcement for intelligence work and infiltration into cybercriminal networks.
Reddit’s Content Requests
In a related note, Reddit documented receiving 122 requests for content removal from various governments and law enforcement agencies during the second half of 2024. Notably, Russia issued 15 unique requests, of which only four were addressed (26%). The report indicated that merely 27% of the requested content was found to breach Reddit’s terms, with no geoblocking measures enacted. The United Arab Emirates made the most requests, totaling 24, while 27 of the legal inquiries were identified as counterfeit, prompting Reddit to inform law enforcement about the situation.
