North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.
53% of UK businesses experience cybercrime attempts at least once a month, and 70% of business owners anticipate a cyber attack in the near future, yet only 35% feel adequately prepared. 43% of cyberattacks are directed at small businesses, with over half potentially closing due to the damage. Antivirus software is a cost-effective solution that can prevent data breaches, reduce the likelihood of ransomware, and protect devices of remote workers.
53% of UK businesses experience cybercrime attempts at least once a month. 70% of business owners anticipate a cyber attack in the near future, but only about 35% feel prepared. 43% of cyberattacks are directed at small businesses, and over half of these may face closure due to the damage. Antivirus software can prevent data breaches, is cost-effective, reduces the likelihood of ransomware, and protects devices of remote workers.
Hundreds of Android applications have been compromised by SlopAds ad fraud malware, leading to their removal from the Google Play Store. A total of 224 apps were identified, collectively downloaded over 38 million times. The malware employs techniques like steganography to hide its activities and redirect users to malicious sites. Google has removed all identified malicious apps and will alert users to uninstall them. Android users are advised to activate Google Play Protect for enhanced security. The ad fraud undermines the integrity of legitimate advertisers and developers.
A new wave of cyber attacks targeting Android users has been identified, involving 224 compromised applications that have collectively amassed over 38 million downloads from the Google Play Store. This threat, named SlopAds by the Satori Threat Intelligence and Research Team, involves sophisticated advertising fraud techniques, including steganography, to generate illicit revenue through harmful ads embedded in apps. Google has removed all compromised applications from the Play Store and will notify users to uninstall them. Users are advised to enable Google’s Play Protect feature to safeguard against malicious applications. Ad fraud not only affects individual users but also undermines trust in the advertising ecosystem.
A cyber attack known as SlopAds has compromised 224 Android applications, which have been downloaded over 38 million times from the Google Play Store. The attack involves malicious advertisements that deceive users into providing personal and financial information. The Satori Threat Intelligence and Research Team reported that the threat actors use techniques like steganography and hidden WebViews to direct users to fraudulent cashout sites. Google has removed all identified problematic apps from the Play Store and will alert users who downloaded them to uninstall them. Android users are advised to activate the Google Play Protect feature to prevent future threats. Ad fraud not only affects individual users but also undermines the integrity of reputable advertisers and developers.
Android users are facing a security threat from a campaign aimed at extracting personal and financial information through a form of ad fraud called SlopAds, which has affected 224 Android applications with over 38 million downloads from the Google Play Store. Attackers embed corrupted advertisements in these apps, degrading device performance and generating revenue through fraudulent ad impressions and clicks. The malicious apps use steganography to conceal their activities, creating hidden WebViews that redirect users to hacker-controlled sites. Google has removed the identified malicious applications from the Play Store and will alert users to uninstall them. Security experts recommend enabling Google’s Play Protect feature to safeguard against harmful applications. Ad fraud undermines the integrity of the advertising ecosystem, harming reputable advertisers and developers. Users are advised to act promptly on notifications regarding infected applications to maintain device security.
M&S shoppers are being urged to enhance their online security following a cyber attack that disrupted customer services. The retailer has acknowledged ongoing challenges, stating they cannot process online orders while stores remain open. Sensitive customer information, including phone numbers, email addresses, and order histories, was compromised in the breach. Security expert Luis Corrons from Norton recommends activating two-step verification for online accounts, being cautious about stored personal and payment information, deleting unused accounts, using strong passwords, and keeping devices and software updated to improve security. He emphasizes that cyber threats are increasingly targeting human behavior and that these security measures are essential for digital safety.
M&S is addressing a cyber incident affecting its operations, which has led to customer reports of payment difficulties and order delays. The retailer has implemented minor changes to store operations and has suspended contactless payments and click and collect services. Additionally, M&S has halted all orders through its website and mobile applications, while customers can still browse products online. A spokesperson stated that a team, supported by cyber experts, is working to restore online and app shopping. Customers are being kept informed, and the stores remain open.
In December 2024, suspected state-sponsored Chinese hackers executed a sophisticated cyber attack on U.S. Treasury employees' workstations, utilizing a dual vulnerability strategy involving CVE-2024-12356 and CVE-2025-1094. CVE-2024-12356 is an unauthenticated command injection flaw in BeyondTrust Remote Support SaaS, while CVE-2025-1094 is a PostgreSQL zero-day vulnerability that allows SQL injection attacks through the psql tool. The PostgreSQL team released a fix for CVE-2025-1094 on February 13, 2025, and BeyondTrust issued patches in December 2024 to mitigate the vulnerabilities. PostgreSQL users are advised to upgrade to fixed versions: 17.3, 16.7, 15.11, 14.16, or 13.19, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided advisories and indicators of compromise related to these vulnerabilities.
