28 January 2022 | Asia Cyber Summary


In the Spotlight this Week:

  • New macOS malware “DazzleSpy” used in Hong Kong attacks

  • UnionBank of the Philippines will no longer use clickable website links on promo materials

  • Hackers creating fraudulent crypto tokens as part of “Rug Pull” scams

  • Experts find strategic similarities between NotPetya and WhisperGate attacks on Ukraine

  • FBI warns of malicious QR codes used to steal your money


New macOS Malware “DazzleSpy” Used in Hong Kong Attacks

A recent campaign targeting individuals in Hong Kong has leveraged at least two pieces of malware designed to target macOS systems. Google shared details about an attack where macOS malware was delivered to users in Hong Kong via compromised pro-democracy websites that served as watering holes.


According to Google, the attack was likely conducted by a state-sponsored threat group.

The attackers leveraged both iOS and macOS exploits. Google said at the time that one of the payloads delivered by the attackers was a piece of malware dubbed MACMA and CDDS, which could capture keystrokes, take screenshots, fingerprint compromised devices, upload and download files, execute terminal commands, and record audio.



UnionBank of the Philippines Will No Longer Use Clickable Website Links on Promo Materials

In an interesting move by a foreign bank to protect consumers, UnionBank of the Philippines said it will no longer use clickable website links in promo materials as a way to protect online users from becoming victims of phishing, smishing, and other online fraud.


Bank officials said the move was part of the company’s attempt to address the surge in smishing attempts made via text messages to customers. “Users should trust and verify all messages, especially if they are not expecting it or if it is from someone they do not know,” Unionbank said. “People should use the message as a springboard to log into the site to check its validity."



Hackers Creating Fraudulent Crypto Tokens as Part of “Rug Pull” Scams

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, according to researchers.


By examining the Solidity source code used for implementing smart contracts, researchers found instances of hidden and hardcoded fees that can't be changed, while allowing malicious actors to exert control over "who is allowed to sell." The implication is that crypto users will continue to fall into these traps, and will lose their money.



Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware. The malware, dubbed WhisperGate, was discovered by Microsoft which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586."


Russia is using the country as a cyberwar testing ground—a laboratory for perfecting new forms of global online combat.



FBI Warns of Malicious QR Codes Used to Steal Your Money

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.


The FBI said crooks are switching legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites designed to steal their personal and financial information, install malware on their devices, or divert their payments to accounts under their control. Victims successfully redirected to the phishing landing pages were asked to enter their bank location, code, user names, and PINs.




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.