Weekly Cyber Reports

This Week in Cyber 25th November 2022

Latest news and views from our Cyber Analysts

Written by

Team Nucleus

Written on

25th November, 2022


Indian Government Publishes Anticipated Personal Data Protection Bill Draft

On Friday the 18th November, the Indian Government released a draft of the 4th data protection regulation since its proposal in 2018. The Digital Personal Data Protection Bill, 2022 aims to secure personal data and seek user consent in "clear and plain language" to describe exactly what data will be used and how. India has over 760 million internet users and the regulation is being brought in to prevent abuse and increase trust. The draft requires companies to follow security standards to protect user information, alert them on a data breach and remove user data if they delete their accounts with only the necessary duration to retain records. If a company fails to follow these rules, they could be fined up to 500 crores (5 Billion Rupee's / £52 Million). Minimisation requirements must also be met to prevent unauthorised collection, exfiltration or processing of personal data. This draft is open to public consultation until December 17th 2022.


LodaRAT Malware Has Been Seen Employing Updated Functionalities

LodaRAT has resurfaced and has been used in conjunction with other malware such as Neshta and RedLine stealer. LodaRAT is an AutoIT-based malware which harvests sensitive data from compromised systems and has been developed by the hacking group Kasablanca. Recently, Cisco have observed this malware using updated functionalities that assist with defence evasion. For example, the most noticeable difference is that LodaRAT will now proliferate to every attached storage device to detect any anti-virus software which could be running on it. Cisco have also observed that the malware has been written in a much more efficient manor which increases speed and reduces file size. Finally, the source code to LodaRAT is very easy to access and is likely to be used by many less skilled hackers as a means of stealing information.


Fake VPN Apps Are Being Pushed On To Android Users To Steal Their Data

The cyber espionage group ‘Bahamut’ have been behind a highly targeted campaign which tricks users to install a fake VPN app. The victims of this campaign are largely on Android and seemed to have been carefully selected by the group. VPN apps are becoming increasingly more popular due to privacy reasons and certain countries online laws preventing users accessing a large part of the internet. ‘Bahamut’ have capitalised on this by creating a fake VPN app which does work; however, it also steals the victim’s data. Researchers at ESET have seen a wide variety of data being stolen, ranging from files and telephone recordings to social media messages and calls. The method of delivery is fascinating because it sends the users an authentication key via phishing or smishing after they have downloaded the perfectly legitimate OpenVPN application. Once this key is inputted it will then redirect to a crafted website which will ‘update’ the app which consequently activates the malware which has been sitting dormant in the source code. Researchers have stated that the campaign is still active and to take extra care when installing untrusted versions of a VPN app.


RansomExx Ransomware Has Been Rewritten In The Rust Programming Language

RansomExx which is also known as ‘Defray777’ and ‘Ransom X’ has been in the wild since 2018. This particular strain of ransomware affected government agencies, manufacturers and private organisations whilst in it’s prime. However, once a strain of ransomware becomes popular, security professionals and anti-virus software’s know what indicators to look out for. Rewriting the ransomware in a lesser-known language is purely to increase its chances of evading detection from automated tools. Two of the most successful ransomware campaigns this year have been Blackcat and Hive which are both written in the Rust programming language. The correlation between the two indicates that it is increasing the chances of evading detection and achieving results for the hackers. 


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus