The three most important news from the world of cybersecurity of the week.
Among the most important news in the world of cybersecurity of the week, the following stand out:
- Crypto wallet owners became victims of the Godfather Trojan.
- Okta has reported that their GitHub repositories have been hacked.
- LastPass clarified the damage from the December leak.
Crypto Wallet Owners Victimized by Godfather Trojan
Users of hundreds of banking apps, cryptocurrency wallets, and bitcoin exchanges have been targeted by the Godfather Mobile Banking Trojan for Android. This was reported by specialists from Grupo-IB, on December 21.
According to them, the malware has been spreading since June 2021, and as of October 2022, it targets 215 international banks, 94 crypto wallets, and 110 bitcoin exchanges. Most of them are located in the US, Turkey, Spain, Canada, Germany, France, and the UK.
Godfather is an improved version of the Anubis banking Trojan. On the victim’s device, it collects SMS usernames, passwords, and two-factor authentication codes.
Malware is distributed under the guise of legitimate apps on Google Play and under the malware-as-a-service model.
Experts were unable to estimate the number of victims; however, according to Cyble’s report, Godfather is distributed in Turkey under the guise of a popular music app. It has been downloaded more than 10 million times on Google Play.
Okta Announced That Its GitHub Repositories Were Hacked
The attackers hacked into GitHub repositories and stole source code from leading identity management solutions provider Okta.
According to an internal source, GitHub already warned Okta in early December about suspicious access to the Okta Workforce Identity Cloud code repositories. However, the Auth0 Customer Identity Cloud product was not affected.
Okta assured that the criminals did not have access to corporate or client environments. The incident did not affect customer service.
After noticing possible suspicious access, Okta placed temporary restrictions on access to GitHub repositories, suspended all integrations with third-party applications, and notified authorities about the incident.
LastPass Cleared Damage from December Leak
The developers of the LastPass password manager have completed an investigation into an attack that occurred in early December.
The attackers managed to gain access to the encrypted data in the password vault, which contains customer account information and associated metadata, including company names, end user names, billing addresses, email, phone numbers, and LastPass access IP addresses.
The developers emphasized that sensitive data in the vault remains securely encrypted, thanks to a zero-knowledge architecture.
At the same time, the incident did not affect unencrypted financial data, as it was archived in a cloud storage container.
LastPass has not disclosed the total number of victims, but it has notified less than 3% of its customers that they must take additional steps to ensure the security of their sensitive data.
LastPass acknowledges that the leak could later be used for phishing or brute-force accounts associated with the LastPass vault.
By Audy Castaneda
