Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses

These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection, and exfiltrating sensitive data. The attackers exploit search engine manipulation to push fraudulent websites that mimic legitimate software sources, luring unsuspecting users into downloading compromised executables. A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. Upon execution, the malware follows a consistent pattern: extracting temporary files, injecting processes, modifying security settings, and establishing network communications. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The campaign relies on centralized infrastructure hosted at IP address 47.243.192[.]62, which resolves to multiple malicious domains. Users should remain vigilant against suspicious domains and rely on trusted platforms for software installations to mitigate such threats effectively. This executable spawns additional processes and communicates with command-and-control (C2) servers hosted on Alibaba infrastructure in Hong Kong. For example, DNS queries to zhzcm.star1ine[.]com and outbound TCP connections to 8.210.9[.]4 on port 45 suggest data exfiltration or remote control activities. This campaign shows the importance of verifying software sources and avoiding unofficial download sites. One notable example involves the use of PowerShell commands to disable Windows Defender by excluding the entire C: drive from scanning. The attackers also utilize Let’s Encrypt TLS certificates to secure their spoofed websites, adding a layer of credibility to their operations.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Feb 2025 07:15:18 +0000

Cyber News related to Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses

Russian Groups Target Signal Messenger in Spy Campaign - But the tactics the threat actors are using in the campaign could well serve as a blueprint for other groups to follow in broader attacks on Signal, WhatsApp, Telegram, and other popular messaging apps, GTIG warned in a blog post this week. The other ...
5 months ago Darkreading.com Turla

Gmail Hackers Leave Vital Clues Behind-Check These 3 Things Now - With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It's not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. ...
1 year ago Forbes.com

Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses - These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection, and exfiltrating sensitive data. The attackers exploit search engine manipulation to push ...
5 months ago Cybersecuritynews.com

Running Signal Will Soon Cost $50 Million a Year - While Whittaker argues that Signal runs as lean an operation as possible, she also notes that many of its features cost more than they do for other communications platforms, due to the extra cost of enabling those features in privacy-preserving ways. ...
1 year ago Wired.com

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private - The third new feature, which is not enabled by default and which Signal recommends mainly for high-risk users, allows you to turn off not just your number's visibility but its discoverability. That extra safeguard might be important if you don't want ...
1 year ago Wired.com

Google rolls out easy end-to-end encryption for Gmail business users - Google says that after Gmail's new E2EE model rolls out, business users will be able to send fully encrypted emails to any user on any email service or platform without having to worry about complex certificate requirements. Google has started ...
4 months ago Bleepingcomputer.com

X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
5 months ago Bleepingcomputer.com

ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
2 years ago Hackread.com Everest

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
1 year ago Cysecurity.news

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
5 months ago Cybersecuritynews.com

Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
5 months ago Therecord.media Turla

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com

Malicious Android 'Vapor' apps on Google Play installed 60 million times - Although all of these apps have since been removed from Google Play, there's a significant risk that Vapor will return through new apps as the threat actors have already demonstrated the ability to bypass Google's review process. Bitdefender ...
4 months ago Bleepingcomputer.com

Attack of the copycats: How impostor apps and fake app mods could bite you - Instant communication services are among the most popular apps on iOS and Android alike - US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service. ...
1 year ago Welivesecurity.com

How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
1 year ago Gbhackers.com

Halting Hackers on the Holidays 2023 Part II: The Apps You Trust - Most free flashlight apps are creepware - also known as malware that spies on you and your online behavior and could pass along information to others. The problem doesn't begin and end with flashlight apps, though. Many seemingly innocuous apps that ...
1 year ago Cyberdefensemagazine.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com