Who Got Hacked This Week? Feb. 25 Edition

Note: Each week we bring you the latest hacking news on the internet. Read on to find out who and what was hacked this week.

Hackers Use Malware to Spy on Israeli Military Personnel

More than 100 = servicemen from the Israeli Defense Force have been targeted with spyware called ViperRAT.

The malware was designed to hijack the Android-based smartphones of Israeli soldiers. The malware then exfiltrates data of high value like photos and audio recordings.

The soldiers were tricked into speaking with hackers that were posing as women from various countries including Canada, Germany and Switzerland via social media sites like Facebook Messenger. The soldiers would be duped into downloading a different messaging app to make communication easier. The malware was also hidden in common Israeli apps. The apps would the download another malicious application disguised as an update.

The hackers could then execute demand commands in order to control microphones and cameras to eavesdrop on conversations. The malware also gathered data including geolocation, call log, personal photos, SMS messages, cell phone tower information, network and device metadata, internet browsing, and app download history.

Typo Leads to Hacker Stealing $585,000 in Zcoin

Zerocoin announced that a typographical error on a single additional character in the Zerocoin source code has allowed an attacker to steal 370,000 Zerocoin, equal to over $585,000.

The typo allowed the attacker to reuse existing valid proofs and generate additional Zerocoin spend transactions, meaning that the attacker would carry out a single transaction but receive the amount of Zcoins multiple times.

The Zerocoin team assures users the problem is not with its cryptography, but instead a simple typo. An update has since been released.

600 Gigabytes of Data Stole from 70 targets in Malware Operation

An advanced malware-operation has siphoned more than 600 gigabytes from 70 targets in multiple industries including critical infrastructure, news media, and scientific research. The malware captured audio recordings, screen shots, documents and passwords.

Dubbed Operation BugDrop, targets were infected through malicious Microsoft Word documents sent in phishing emails. The infected machines then uploaded audio and data to Dropbox, where attackers retrieved the info.

Most of the organizations infected were in the Ukraine.

New Google Chrome Font Scam Delivers Malware to Victims

Hackers are inserting JavaScript into poorly secured websites to trick users.

The hacked sites have text modified, making the site look jumbled and incorrectly encoded. A window pops up saying “The ‘HoeflerText’ font wasn’t found” and it prompts users to download an update.

The update, as you can imagine, instead delivers malware to the user’s device.

Fake PornHub Apps Delivering Ransomware to Android Phones

Android users looking to download the app for popular pornography site PornHub are in for a tough surprise.

Illegitimate PornHub apps are being installed by users, and once installed the app asks to check for viruses. Instead, the app installs ransomware that locks the user’s phone and asks for a $100 ransom in the form of Bitcoins.

Users should be aware that Google Play does not allow X-rated apps on its site. These users have been searching outside of the Google Play store for apps, and have been downloading fake equivalents that install the ransomware.

Server on Trump’s Website Hacked

A server connected to President Trump’s campaign site, donladjtrump.com was hacked by an attacker that claims to come from Iraq.

The hacker left an image of a man with a fedora and the message:

“Hacked By Pro_Mast3r ~

Attacker Gov

Nothing Is Impossible

Peace From Iraq”

The server has since gone offline.

Emily Ratajkowski Has Nude Photos Leaked After iCloud Hack

Emily Ratajkowsi has been hacked.

The 25-year-old actress and model had has as many as 200 private nude photos leaked online after her iCloud was hacked.

The story came out after a columnist for the Daily Star was allegedly approached with the photos for publication. The columnist turned the attacker down, instead publishing a column detailing the attacker’s attempt to get the photos published.