Cybersecurity Update March 22nd 2023: Google Suspends Chinese App, New NAPLISTENER Malware, and More!

In the past few days, the cybersecurity world has seen a variety of developments, including a popular Chinese app being suspended by Google due to malware concerns, the discovery of a new malware strain, and a report indicating that many businesses are still conflicted about the role cybersecurity plays in their operations. Here are the top stories of the day!

Google Suspends Pinduoduo App Over Malware Concerns

On Tuesday, Google announced that it had suspended the installation of Pinduoduo, a popular Chinese app, due to concerns about malware. The tech giant also said that it would be scanning Android devices for malicious versions of the app using its Google Play Protect service. While Google’s suspension of Pinduoduo has prevented the app from being offered on Google Play, it has not stopped other Android app stores from continuing to offer it. PDD Holdings, the parent company of Pinduoduo, has responded to allegations of malware, stating that they “strongly reject the speculation and accusation that Pinduoduo app is malicious.”

New NAPLISTENER Malware Found

Another development in the cybersecurity world is the discovery of a new malware strain known as NAPLISTENER. Elastic Security Labs identified the malware and noted that it is being used by a threat group known as REF2924. NAPLISTENER is designed to evade “network-based forms of detection” and is programmed in C#. It is the latest addition to REF2924’s arsenal of malware, which includes DOORME, SIESTAGRAPH, and ShadowPad. The latter is particularly noteworthy as it has been used by China-based hacking groups in the past.

BreachForums to Shut Down Amidst FBI Arrest

The BreachForums platform, a popular destination for cybercriminals, will soon be shutting down following the arrest of the site’s alleged administrator, Conor Brian Fitzpatrick, by the FBI. Fitzpatrick, who went by the handle pompompurin on the site, has been charged with multiple cybercrime offenses. The new administrator of the platform, who goes by the handle Baphomet, expressed concerns that law enforcement may have access to the site’s source code and user data. As a result, Baphomet plans to shut down the site soon.

.NET Devs Targeted with Malicious Packages

Researchers have discovered that 13 packages hosted on the NuGet repository for .NET software developers are actually malicious components designed to steal crypto. These packages have been downloaded over 166,000 times and impersonate legitimate software such as Coinbase and Microsoft ASP.NET.

Businesses Still Conflicted About Cybersecurity’s Role

Finally, a report from Trend Micro indicates that while many businesses plan to increase their cybersecurity budgets in 2023, they remain conflicted about the role that cybersecurity plays in their operations. Over half of business decision makers believe that cybersecurity is necessary but not a revenue contributor, and nearly two-fifths view security as a barrier to business rather than an enabler. Despite these conflicting views, the report found that a lack of cybersecurity credentials can impact a business’s ability to win new customers. These developments highlight the need for continued vigilance and a proactive approach to cybersecurity. Organizations must prioritize the security of their networks and data, and remain aware of the ever-evolving tactics of cybercriminals. That wraps up todays cybersecurity update. As always stay safe, stay vigilant and we’ll see you tomorrow with another update!