#FactCheck - AI Generated image of Virat Kohli falsely claims to be sand art of a child

Recent Incidents:

Recent reports are revealing a significant security threat linked to a new infostealer based malware campaign known to solely target gaming accounts. This attack has affected users of Activision and other gaming websites. The sophisticated software has captured millions of login credentials, notably from the cheats and players. The officials at Activision Blizzard, an American video game holding company, are still investigating the matter and collaborating with cheated developers to minimize the impact and inform the accounts’ residents of appropriate safety measures.

Overview:

Infostealer, also known as information stealer, is a type of malware designed in the form of a Trojan virus for stealing private data from the infected system. It can have a variety of incarnations and collect user data of various types such as browser history, passwords, credit card numbers, and login details and credentials to social media, gaming platforms, bank accounts, and other websites. Bad actors use the log obtained as a result of the collection of personal records to access the victim’s financial accounts, appropriate the victim’s online identity, and perform fraudulent actions on behalf of the victim.

Modus Operandi:

• Infosteale­r is a malicious program created to illegally obtain pe­ople's login details, like use­rnames and passwords. Its goal is to enable cybe­rattacks, sell on dark web markets, or pursue­ malicious aims.

• This malware targets both personal de­vices and corporate systems. It spre­ads through methods like phishing emails, harmful we­bsites, and infected public site­s.

• Once inside a device­, Infostealer secre­tly gathers sensitive data like­ passwords, account details, and personal information. It's designe­d to infiltrate systems being undete­cted. The stolen cre­dentials are compiled into datalogs. The­se logs are then sold ille­gally on dark web marketplaces for profit.

Analysis: 

‍

‍

Basic properties:

• MD5: 06f53d457c530635b34aef0f04c59c7d
• SHA-1: 7e30c3aee2e4398ddd860d962e787e1261be38fb
• SHA-256: aeecc65ac8f0f6e10e95a898b60b43bf6ba9e2c0f92161956b1725d68482721d
• Vhash: 145076655d155515755az4e?z4
• Authentihash: 65b5ecd5bca01a9a4bf60ea4b88727e9e0c16b502221d5565ae8113f9ad2f878
• Imphash: f4a69846ab44cc1bedeea23e3b680256
• Rich PE header hash: ba3da6e3c461234831bf6d4a6d8c8bff 
• SSDEEP: 6144:YcdXHqXTdlR/YXA6eV3E9MsnhMuO7ZStApGJiZcX8aVEKn3js7/FQAMyzSzdyBk8:YIKXd/UgGXS5U+SzdjTnE3V
• TLSH:T1E1B4CF8E679653EAC472823DCC232595E364FB009267875AC25702D3EFBB3D56C29F90
• File type: Win32 DLL executable windows win32 pepe dll
• Magic: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
• File size: 483.50 KB (495104 bytes)

Additional Hash Files:

• 160389696ed7f37f164f1947eda00830
• 229a758e232aeb49196c862655797e12
• 23e4ac5e7db3d5a898ea32d27e8b7661
• 3440cced6ec7ab38c6892a17fd368cf8
• 36d7da7306241979b17ca14a6c060b92
• 38d2264ff74123f3113f8617fabc49f6
• 3c5c693ba9b161fa1c1c67390ff22c96
• 3e0fe537124e6154233aec156652a675
• 4571090142554923f9a248cb9716a1ae
• 4e63f63074eb85e722b7795ec78aeaa3
• 63dd2d927adce034879b114d209b23de
• 642aa70b188eb7e76273130246419f1d
• 6ab9c636fb721e00b00098b476c49d19
• 71b4de8b5a1c5a973d8c23a20469d4ec
• 736ce04f4c8f92bda327c69bb55ed2fc
• 7acfddc5dfd745cc310e6919513a4158
• 7d96d4b8548693077f79bc18b0f9ef21
• 8737c4dc92bd72805b8eaf9f0ddcc696
• 9b9ff0d65523923a70acc5b24de1921f
• 9f7c1fffd565cb475bbe963aafab77ff

Indicators of Compromise:

• Unusual Outbound Network Traffic: An increase in odd or questionable outbound network traffic may be a sign that infostealer malware has accessed more data.

• Anomalies in Privileged User Account Activity: Unusual behavior or illegal access are two examples of irregular actions that might indicate a breach in privileged user accounts.

• Suspicious Registry or System File Changes: Infostealer malware may be trying to alter system settings if there are any unexpected changes to system files, registry settings, or configurations.

• Unusual  DNS queries: When communicating with command and control servers or rerouting traffic, infostealer malware may produce strange DNS queries.

• Unexpected System Patching: Unexpected or unauthorized system patching by unidentified parties may indicate that infostealer malware has compromised the system and is trying to hide its footprint or become persistent. 

• Phishing emails and social engineering attempts:  It is a  popular strategy employed by cybercriminals to get confidential data or implant malicious software. To avoid compromise, it is crucial to be wary of dubious communications and attempts of social engineering.

Recommendations:

• Be Vigilant: In today's digital world, many cybercrime­s threaten online safe­ty, Phishing tricks, fake web pages, and bad links pose­ real dangers. Carefully che­ck email sources. Examine we­bsites closely. Use top se­curity programs. Follow safe browsing rules. Update software­ often. Share safety tips. The­se steps reduce­ risks. They help kee­p your online presence­ secure.

• Regular use of Anti-Virus Software to detect the threats: Antivirus tools are vital for finding and stopping cybe­r threats. These programs use­ signature detection and be­havior analysis to identify known malicious code and suspicious activities. Updating virus de­finitions and software-patches regularly, improve­s their ability to detect ne­w threats. This helps maintain system se­curity and data integrity.

• Provide security related training to the employees and common employees: One should learn Cybe­rsecurity and the best practice­s in order to keep the­ office safe. Common workers will ge­t lessons on spotting risks and responding well, cre­ating an environment of caution.

• Keep changing passwords: Passwords should be changed fre­quently for better se­curity. Rotating passwords often makes it harder for cybe­r criminals to compromise and make it happen or confidential data to be­ stolen. This practice keeps intruders out and shie­lds sensitive intel.

Conclusion:

To conclude, to reduce the impact and including the safety measures, further investigations and collaboration are already in the pipeline regarding the recent malicious software that takes advantage of gamers and has stated that about millions of credentials users have been compromised. To protect sensitive data, continued usage of antivirus software, use of trusted materials  and password changes are the key elements. The ways to decrease risks and safely protect sensitive information are to develop improved Cybersecurity methods such as multi-factor authentication and the conduct of security audits frequently. Be safe and be vigilant.

Reference:

• https://techcrunch.com/2024/03/28/activision-says-its-investigating-password-stealing-malware-targeting-game-players/
• https://www.bleepingcomputer.com/news/security/activision-enable-2fa-to-secure-accounts-recently-stolen-by-malware/
• https://cyber.vumetric.com/security-news/2024/03/29/activision-enable-2fa-to-secure-accounts-recently-stolen-by-malware/
• https://www.virustotal.com/
• https://otx.alienvault.com/

‍

Introduction 

Governments worldwide are enacting cybersecurity laws to enhance resilience and secure cyberspace against growing threats like data breaches, cyber espionage,  and state-sponsored attacks in the digital landscape. As a response, the EU Council has been working on adopting new laws and regulations under its EU Cybersecurity Package- a framework to enhance cybersecurity capacities across the EU to protect critical infrastructure, businesses, and citizens. Recently, the Cyber Solidarity Act was adopted by the Council, which aims to improve coordination among EU member states for increased cyber resilience. Since regulations in the EU play a significant role in shaping the global regulatory environment, it is important to keep an eye on such developments.

Overview of the Cyber Solidarity Act 

The Act sets up a European Cyber Security Alert System consisting of Cross-Border Cyber Hubs across Europe to collect intelligence and act on cyber threats by leveraging emerging technology such as Artificial Intelligence (AI) and advanced data analytics to share warnings on cyber threats with other cyber data centres across the national borders of the EU. This is expected to assist authorities in responding to cyber threats and incidents more quickly and effectively. 

Further, it provides for the creation of a new Cybersecurity Emergency Mechanism to enhance incident response systems in the EU.  This will include testing the vulnerabilities in critical sectors like transport, energy, healthcare, finance, etc., and creating a reserve of private parties to provide mutual technical assistance for incident response requests from EU member-states or associated third countries of the Digital Europe Programme in case of a large-scale incident.  

Finally, it also provides for the establishment of a European Cybersecurity Incident Review Mechanism to monitor the impact of the measures under this law. 

Key Themes

1. Greater Integration: The success of this Act depends on the quality of cooperation and interoperability between various governmental stakeholders across defence, diplomacy, etc. with regard to data formats, taxonomy, data handling and data analytics tools. For example, Cross-Border Cyber Hubs are mandated to take the interoperability guidelines set by the European Union Agency for Cybersecurity (ENISA) as a starting point for information-sharing principles with each other.  
2. Public-Private Collaboration: The Act provides a framework to govern relationships between stakeholders such as the public sector, the private sector, academia, civil society and the media, identifying that public-private collaboration is crucial for strengthing EUs cyber resilience. In this regard, National Cyber Hubs are proposed to carry out the strengthening of information sharing between public and private entities.  
3. Centralized Regulation: The Act aims to strengthen all of the EU's cyber solidarity by outlining dedicated infrastructure for improved coordination and intelligence-sharing regarding cyber events among member states. Equal matching contribution for procuring the tools, infrastructure and services is to be made by each selected member state and the European Cybersecurity Competence Centre, a body tasked with funding cybersecurity projects in the EU. 
4. Setting a Global Standard: The underlying rationale behind strengthening cybersecurity in the EU is not just to protect EU citizens from cyber-threats to their fundamental rights but also to drive norms for world-class standards for cybersecurity for essential and critical services, an initiative several countries rely on.

Conclusion

In the current digital landscape, governments, businesses, critical sectors and people are increasingly interconnected through information and network connection systems and are using emerging technologies like AI, exposing them to multidimensional vulnerabilities in cyberspace. The EU in this regard continues to be a leader in setting standards for the safety of participants in the digital arena through regulations regarding cybersecurity. The Cyber Solidarity Act’s design including cross-border cooperation, public-private collaboration, and proactive incident-monitoring and response sets a precedent for a unified approach to cybersecurity. As the EU’s Cybersecurity Package continues to evolve, it will play a crucial role in ensuring a secure and resilient digital future for all. 

Sources

• https://www.consilium.europa.eu/en/press/press-releases/2024/12/02/cybersecurity-package-council-adopts-new-laws-to-strengthen-cybersecurity-capacities-in-the-eu/ 
• https://data.consilium.europa.eu/doc/document/PE-94-2024-INIT/en/pdf 
• https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-strategy 
• https://www.weforum.org/stories/2024/10/cybersecurity-regulation-changes-nis2-eu-2024/

Introduction

A message has recently circulated on WhatsApp alleging that voice and video chats made through the app will be recorded, and devices will be linked to the Ministry of Electronics and Information Technology’s system from now on. WhatsApp from now, record the chat activities and forward the details to the Government. The Anti-Government News has been shared on social media.

Message claims

• The fake WhatsApp message claims that an 11-point new communication guideline has been established and that voice and video calls will be recorded and saved. It goes on to say that WhatsApp devices will be linked to the Ministry’s system and that Facebook, Twitter, Instagram, and all other social media platforms will be monitored in the future.
• The fake WhatsApp message further advises individuals not to transmit ‘any nasty post or video against the government or the Prime Minister regarding politics or the current situation’. The bogus message goes on to say that it is a “crime” to write or transmit a negative message on any political or religious subject and that doing so could result in “arrest without a warrant.”
• The false message claims that any message in a WhatsApp group with three blue ticks indicates that the message has been noted by the government. It also notifies Group members that if a message has 1 Blue tick and 2 Red ticks, the government is checking their information, and if a member has 3 Red ticks, the government has begun procedures against the user, and they will receive a court summons shortly.

WhatsApp does not record voice and video calls

There has been news which is spreading that WhatsApp records voice calls and video calls of the users. the news is spread through a message that has been recently shared on social media. As per the Government, the news is fake, that WhatsApp cannot record voice and video calls. Only third-party apps can record voice and video calls. Usually, users use third-party Apps to record voice and video calls.

Third-party apps used for recording voice and video calls

• App Call recorder
• Call recorder- Cube ACR
• Video Call Screen recorder for WhatsApp FB
• AZ Screen Recorder
• Video Call Recorder for WhatsApp

Case Study

In 2022 there was a fake message spreading on social media, suggesting that the government might monitor WhatsApp talks and act against users. According to this fake message, a new WhatsApp policy has been released, and it claims that from now on, every message that is regarded as suspicious will have three 3 Blue ticks, indicating that the government has taken note of that message. And the same fake news is spreading nowadays.

WhatsApp Privacy policies against recording voice and video chats

The WhatsApp privacy policies say that voice calls, video calls, and even chats cannot be recorded through WhatsApp because of end-to-end encryption settings. End-to-end encryption ensures that the communication between two people will be kept private and safe.

WhatsApp Brand New Features

• Chat lock feature: WhatsApp Chat Lock allows you to store chats in a folder that can only be viewed using your device’s password or biometrics such as a fingerprint. When you lock a chat, the details of the conversation are automatically hidden in notifications. The motive of WhatsApp behind the cha lock feature is to discover new methods to keep your messages private and safe. The feature allows the protection of most private conversations with an extra degree of security
• Edit chats feature: WhatsApp can now edit your WhatsApp messages up to 15 minutes after they have been sent. With this feature, the users can make the correction in the chat or can add some extra points, users want to add.

Conclusion

The spread of misinformation and fake news is a significant problem in the age of the internet. It can have serious consequences for individuals, communities, and even nations. The news is fake as per the government, as neither WhatsApp nor the government could have access to WhatsApp chats, voice, and video calls on WhatsApp because of end-to-end encryption. End-to-end encryption ensures to protect of the communications of the users. The government previous year blocked 60 social media platforms because of the spreading of Anti India News. There is a fact check unit which identifies misleading and false online content.