Jet CSIRT specialists have prepared for you another Friday collection of key information security news. Today in the TOP 3: malware on Google Play, macOS mail vulnerability, and a major Facebook data leak. The news was chosen by Nikita Komarov, analyst of the Center for Monitoring and Response to Incidents of Information Security Jet CSIRT, Jet Infosystems.
Read more under the cut.
Check Point discovered the FlixOnline app in the official Google store, which pretended to be the Netflix app. It turned out that if the user granted certain rights to the malware, it would automatically reply to the victim’s incoming WhatsApp messages. FlixOnline inserted a phishing link into its messages. The fake Netflix was removed from the Google Play Store, but it was downloaded 500 times in two months.
Critical vulnerability fixed in Mail app for macOS
SensoFu founder and CEO Mikko Kentalla has discovered a critical vulnerability inside the sandbox of the Mail app for macOS. A flaw (0-click) allowed adding and modifying files inside the sandbox. Through this flaw, attackers could gain access to confidential information or change the settings of the Mail application (for example, set up redirects). At the moment the vulnerability has been fixed.
On the cybercriminal forum, the data of 533 million Facebook users were found. The following are publicly available: full usernames, their Facebook IDs, phone numbers, location information, email addresses, gender, occupation, country and city of residence, date of account creation, etc. Most of the victims are in the USA (32 million), Great Britain (10 million) and Russia (10 million).