Latest examples of nation-state espionage, cyber-crime and disruption activity including those from Chinese IT product builders like ZTE, Lenovo, Huawei. The concerns about Huawei have become more heightened under the Trump administration in 2018 and 2019. The U.S security experts and government leaders warned that Chinese-made rail cars and 5G telecommunications products are susceptible to compromise.
Malicious actors poisoning software supply chain dynamic components especially free open source to compromise web sites using them.
May 13, 2017, news by Rene Millman published in scmagazineuk reveals that open source Alpaca Forms & analytics service Picreel compromised. The Picreel, an analytics service enables website owners to see what users are doing and how they interact with a website. According to the security researchers, Hackers breached two services and modified the JavaScript code to infect more than 4,600 websites with malware leaking data to an exfil server in Panama.
ZDNet reported, that CloudCMS takedown the affected content delivery network (CDN) breached by hackers and resulting in modification of one of its Alpaca Forms scripts while allows website owners to create web forms.
In 2017, DHS ordered agencies to remove all Kaspersky Lab software branded products from U.S. systems citing the company's ties with Russian intelligence that can mandate Kaspersky pass information from U.S. systems to the Russian government.
In 2017, Dell lost control of a customer software website designed specifically to assist customers and its data when infected and its associated Internet web address after the support contractor failed to renew its authorized license. The domain was purchased by TeamInternet, a German company specialized in Uniform Resource Locator (URL) hijacking and typosquatting exploits and redirected it to a malware site.
In June 2017, suspected Russian actors deployed the PETYA ransomware to a wide range of European targets by compromising a targeted Ukranian software vendor.
In July 2017, Chinese cyber espionage operatives changed the software package of a legitimate software vendor NetSarang Computer. The change allowed to access a broad range of industries and institutions that included retail locations, financial services, transportation, telecommunication, energy, media, and academia.
In August 2017, hackers inserted a backdoor into the updates of the computer cleanup program ‘CCleanup', while it was in the software development phase.
Latest News
Unremovable' xHelper malware
According to Symantec, ‘unremovable' xHelper malware spotted in March 2019 has infected 45,000 Android devices. Most infections spotted in India, Russia, and the US. According to Malwarebytes, infections source is “web redirects” that send users to web pages hosting Android apps. The sites instruct users to side-load unofficial Android apps from outside the Play Store. These apps downloads have code hidden for xHelper trojan and gain access to Android devices. Furthermore, itself as a separate self-standing service.
It' near impossible to remove due to its self-reinstall mechanism even factory resets aren't helping. Also, mobile antivirus solutions fail to stop popping it again. It shows intrusive popup ads and notification spam, which redirect victims to the Play Store, asking to install other apps, through which xHelper gang is making money from pay-per-install commissions. The destructive operation of the trojan has not yet detected, but fear is that it can deploy second-stage malware payloads, such as ransomware, banking trojans, DDoS bots, or password stealers.
The users must disable the “Install apps from unknown sources,” but on infected androids, the services itself back on and get reinfected again after being cleaned.