Thousands of Android Apps Found Leaking Hard-Coded Secrets
Read also: Nitrokod cryptomining campaign infected thousands of PCs in 11 countries, Italian oil giant hit with a cyberattack, and more.
Thursday, September 1, 2022
Thousands of Android apps leak sensitive data
Thousands of Android applications contain “hard-coded secrets” within their source code, such as usernames, passwords, API keys and other sensitive data that if fallen into the hands of hackers could put at risk both app developers and their customers.
Out of 30,000 Android apps analyzed, more than half (55.94%) were found to contain hard-coded secrets, including API keys and links to open databases exposing sensitive enterprise and user data. In total, the researchers identified more than 124,000 strings potentially leaking sensitive information. The majority of hard-coded secrets were discovered in apps related to health and fitness, education, tools, lifestyle, and business.
Google announces new open source bug bounty program to tackle supply chain attacks
Google has launched a new bug bounty program focused on vulnerabilities in its open source projects such as Angular, GoLang, and Fuchsia, as well as flaws in third-party dependencies implemented in those project’s codebases.
The aim of the new program is to combat an increasing threat of supply chain attacks, Google said. The list of security issues the tech giant is offering monetary rewards for includes vulnerabilities leading to supply chain compromise, design issues resulting in product flaws, and other security issues like credential leaks, weak passwords, and insecure installations.
The payouts will range anywhere from $100 to $31,337 depending on the severity of the vulnerability and the importance of the project.
Italy’s largest energy firm Eni and the country’s energy agency hit by cyberattacks
The Italian oil and gas company Eni has recently been a target of a cyberattack, with hackers gaining access to its computer network.
According to the company’s spokesperson, the attack had a minor impact as it was caught in its early stage. The oil giant did not provide additional information about the incident, but people familiar with the matter said that Eni appeared to be hit with ransomware.
Eni has been not the only Italian organization that recently experienced a cybersecurity incident. Italy’s energy agency, Gestore dei Servizi Energetici (GSE), responsible for the country’s electricity market, has suffered a breach that impacted the agency’s operations. Italian intelligence sources believe that the Russian hackers may have been behind this attack.
Cybercriminals increasingly exploiting bugs in DeFi platforms to steal money, FBI warns
The US Federal Bureau of Investigation (FBI) has warned users to be cautious and research DeFi platforms, protocols, and smart contracts before investing money, after $1.3 billion was stolen from DeFi outfits in just three months.
The FBI said that cybercriminals are increasingly exploiting security issues in DeFi platforms to steal investors’ money. Out of $1.3 billion in cryptocurrencies pilfered by cyber crooks between January and March 2022, 97% was stolen from DeFi platforms, up from 72% in 2021. In May, blockchain analytics firm Chainalysis upped the figure to $1.68 billion in four months. Many of the cryptocurrency thefts that occurred in the past few years were linked to nation-state hackers, more specifically, those associated with North Korea.
A cryptomining campaign disguised as free software has been targeting PCs since 2019
Cybersecurity researchers have discovered a Turkey-based cryptomining campaign, dubbed “Nitrokod”, that has been infecting computers under the guise of Google Translate Desktop and other free software.
The campaign, believed to have been active since 2019, reportedly claimed victims across 11 countries, including the UK, the US, Sri Lanka, Greece, Israel, Germany, Turkey, Cyprus, Australia, Mongolia, and Poland.
The malware is served via free software hosted on popular websites, and, interestingly, the malicious software Nitrokod offers are popular programs that do not have an official desktop version. Another notable aspect of the campaign is that the attackers delay the infection process for weeks, which allows them to fly under radar.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
