Researchers have been tracking a non-malicious screen recording app, iRecorder, which has received an update that included the AhRAT remote access trojan and allowed the exfiltration of voice and screen recordings from the infected device. By injecting AhRAT into the iRecorder app, the malicious code gained the recording permissions from the app to gather data from the device without requiring any additional user input. The malicious version of iRecorder had been downloaded over 50,000 times before the Google Play Store was able to remove it.
Data leaks force Luxottica to confirm 2021 breach
Several weeks after a database containing sensitive information on 74 million individuals was posted to a leak site, officials for the eye-wear magnate Luxottica have finally confirmed that one of their partners had suffered a breach in March of 2021. It was also revealed that the company first learned of the incident in November of 2022, nearly 20 months after the breach occurred, and did not begin contacting affected customers until after the stolen database was published for a second time in May of 2023. With the amount of cybersecurity incidents that Luxottica has suffered in recent years, it is unclear why they continue to have a reactionary security response.
Hacker charged in DraftKings fraud campaign
One individual has been charged with a credential-stuffing campaign that targeted the sports betting site, DraftKings, and was able to defraud 60,000 user accounts of nearly $600,000 dollars. While law enforcement has determined that the hacker worked with other conspirators through emails and text messages, those individuals have yet to be identified or charged alongside the initial suspect, who is facing a series of charges that could lead to a maximum of 57 years in jail.
Ransomware attack leaks data on 300,000 Dish Network customers
Following a ransomware attack in late-February that impacted services for many Dish Network customers, it has been revealed that sensitive information on 300,000 customers and employees was stolen. Shortly after acknowledging the incident, Dish officials were able to confirm that the stolen data had been deleted, which may imply that the company paid the demanded ransom. They have also stated there is no indication the data has been used maliciously, but they are still offering credit and identity monitoring to all affected customers.
BlackBasta ransomware targets German arms manufacturer
Over the weekend, the threat actors behind the BlackBasta ransomware group began publishing data that was allegedly stolen from the German arms and automotives manufacturer, Rheinmetall AG, to their dark web leak site. Officials for Rheinmetall have confirmed that the stolen data is legitimate, but only impacts the company’s civilian business relations, as their infrastructure divides civilian and military groups.
