Security researchers at ESET have discovered Bootkitty, the first known UEFI bootkit targeting Linux systems, uploaded to VirusTotal. While currently limited to Ubuntu and lacking full functionality, Bootkitty represents a potential shift in UEFI threats, previously exclusive to Windows. This development underscores the need for vigilance against future Linux-targeted bootkits, which can persist undetected by infecting firmware before the operating system loads.
Android owners are urged to delete three dangerous "clone" apps masquerading as messaging services - Dink Messenger, Sim Info, and Defcom - from their devices, as they contain hidden XploitSPY malware aimed at stealing personal information and banking credentials. These apps, which have been removed from the Google Play store, are part of a targeted campaign to distribute malware primarily in India and Pakistan. Additionally, five other risky apps containing a hidden banking trojan called Anatsa have also been identified and removed from the Google Play store, posing a threat to users' personal information and banking apps.
Researchers from ESET discovered 12 Android apps, including MeetMe and Chit Chat, running a remote access trojan (RAT) called VajraSpy, capable of stealing contacts, files, call logs, SMS messages, WhatsApp and Signal messages, recording phone calls, and taking pictures with the camera. The campaign primarily targets devices in Pakistan and India and may be part of a romance scam. Users are advised to check for and remove these apps from their devices and be cautious about downloading apps to prevent malware infiltration.
A remote access trojan called VajraSpy was discovered in 12 malicious Android applications, with six of them available on Google Play from April 2021 to September 2023. The malware, attributed to the Patchwork APT group, can steal personal data, record phone calls, and intercept messages. Most victims are located in Pakistan and India, with users likely tricked into installing the fake messaging apps via a romance scam. ESET advises users to avoid downloading obscure chat apps recommended by unknown sources, as cybercriminals continue to find ways to infiltrate devices, despite Google Play's efforts to prevent malware.
