Security News

Lawsuit accuses Instagram of spying on users

Avast Security News Team, 25 September 2020

Plus, more newsbytes of the week including a ransomware attack on a hospital and half a million possibly-hacked Call of Duty accounts

Last week, lawyers for Instagram user Brittany Conditi filed a lawsuit in San Francisco against the social platform’s parent company Facebook for allegedly spying on Instagram users in the interest of market research.

The accusation stems in large part to the release of iOS 14, which added features to Apple products that alert users when their devices’ cameras or microphones are being used by apps. Noticing that the green dot signifying camera usage was on without her permission, Conditi and her team concluded that the app was collecting “valuable insights and market research” by “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” according to The Independent.

A spokesperson for Facebook said that the issue was caused by a bug in the app, stating, “We found and are fixing a bug in iOS 14 Beta that mistakenly indicates that some people are using the camera when they aren’t.” The spokesperson added that no user content is ever recorded by the app. Avast Security Evangelist Luis Corrons sees this user awareness of privacy issues as a good thing. “Companies have to be held accountable,” he commented, “especially those in the social media industry that have access to all kinds of information on their users. Some companies, like Facebook, have misused personal data in the past – giving access to third parties, for example. In this particular case, Facebook claims that the problem is a software bug and that Instagram is not using the camera when it shouldn’t. That should be easy to both prove and fix.”

CISA issues national alert on LokiBot malware

The United States Cybersecurity and Infrastructure Security Agency (CISA) released an alert this week to warn the nation about a notable increase in LokiBot malware attacks since July. Attackers use the malware to steal sensitive information such as login credentials and to create backdoors in the victims’ systems for future malware payloads. LokiBot is a simple, user-friendly malware and therefore a favorite choice of bad actors new to cybercrime. Since its discovery in 2015, the malware has been used for multiple types of attacks, including major phishing campaigns, ransomware, and impersonating a Fortnite launcher. The CISA alert provides recommendations to mitigate and avoid LokiBot attacks. 

Ransomware attack results in hospital patient’s death

A cyberattack that was probably intended for German institution Heinrich Heine University Düsseldorf, according to an extortion note and other evidence, instead hit University Hospital Düsseldorf, causing system outages that prevented the facility from offering emergency care and leading to the death of one patient who was turned away from the hospital and forced to seek treatment at a facility 20 miles away. A criminal case was launched and is still ongoing. Read more on this story at Newsweek. For more information on the dangers of hospital hacks, as well as some tips to become more resilient, see our blog post on the topic. 

Attackers take advantage of Google App Engine feature

A researcher has found a way that Google App Engine domains can be used to both host phishing sites and to create multiple paths to those phishing sites, all while evading security measures. The flaw is inherent in the naming protocol of the subdomain generator, which allows any number of multiple domains with the same group of suffixes to direct users to one main page. Bleeping Computer reported that upon discovery of the flaw, attention quickly shifted from the potential of the system being abused to the actual bad actors who were abusing the system. Another researcher revealed malicious manipulation of the app engine’s domains by pulling together a list of over 2,000 subdomains all leading to the same phishing page. 

500,000 Activision accounts possibly hacked 

The eSports site Dextero reported that claims from multiple users indicated that a major Activision data breach occurred on September 20th affecting over 500,000 user accounts. Activision, however, discounted the claim as inaccurate on September 21. In its initial report on the breach, Dextero stated that login credentials for popular games like Call of Duty were being leaked publicly and that hackers were changing account details, locking out the actual owners. Experts believe that the hack – if it indeed happened – was caused by a credential-stuffing attack, where bad actors use previously leaked credentials across other accounts to see if they work. While Activision dismisses the idea that any user accounts have been compromised, the company does advise that users who are concerned about their accounts change their passwords.

This week’s ‘must-read’ on The Avast Blog

When a 12-year-old girl in the Czech Republic suspected that something was off with a popular app that was circulating on TikTok, she knew what to do — report it to Avast. Our team followed up and found a total of seven adware scam apps that were available on both the Google Play Store and the Apple App Store.