Новая угроза для пользователей Android и утечка данных у Asus: главные события недели в кибербезопасности Translated: New Threat for Android Users and Data Leak at Asus: Key Cybersecurity Events of the Week

We have compiled the most significant cybersecurity news from the past week.

Researchers from the Israeli cybersecurity firm Hudson Rock have **identified** a compromised device belonging to a North Korean hacker within the logs of the information stealer Lumma.

Data analysis revealed a direct connection between the device owner and the infrastructure utilized for the **attack on the Bybit exchange** in February. A crucial piece of evidence was an email address found on the device, which had previously appeared in reports from **Silent Push**. This specific address was used for registering a phishing domain just hours before the Bybit incident.

While the owner of the infected system may not have been directly involved in the fund withdrawal, experts believe that the device was part of the resource pool utilized by the **Lazarus** group.

According to analysts, the compromised workstation was sufficiently powerful and specifically equipped for developing hacking software. Despite employing a VPN to mask its IP as American, the browser settings were set to Chinese, and the search history contained queries for translations from Korean.

Activity on the disk suggested that the hacker was preparing a new phishing campaign. Researchers also discovered traces of domain purchases mimicking popular services and local files of fake Zoom installers.

Experts from Zimperium have **uncovered** a new malicious campaign targeting Android users.

The identified Trojan, DroidLock, combines ransomware and spyware functionalities. According to specialists, it spreads through fraudulent websites disguised as legitimate applications, utilizing a two-step infection method. Once installed, the software deceptively gains administrator rights and access to the device’s special features.

This Trojan primarily targets Spanish-speaking users and can alter PIN codes and biometric settings, as well as remotely control the device. Furthermore, DroidLock intercepts graphic keys, records audio, and steals contents of SMS and calls.

Unlike traditional ransomware, DroidLock does not encrypt files but threatens to physically delete them. A ransom demand window appears on the screen upon command from the server.

Researchers have already notified the Android security team, and the Google Play Protect system has learned to recognize and block this threat.

Experts strongly advised avoiding downloading APK files from third-party sources and to critically evaluate applications requesting device administrator rights.

A new botnet called Broadside is actively infecting surveillance systems and **IoT** gateways on commercial vessels. This is reported by **Cydome**, a company specializing in maritime cybersecurity.

The malware is based on Mirai code. Its main danger lies in its capability to conduct powerful **DDoS** attacks and secretly intercept video streams. Infected devices could serve as a foothold for infiltrating ships’ navigation systems, posing a direct threat to maritime safety.

According to Cydome, the botnet activates a weak password guessing system on VSAT satellite terminals that provide communications on ships in open seas. The infection occurs automatically as the victim enters the coverage area. After compromising the gateway, the malware scans the local network of the vessel, searching for vulnerabilities in the electronic navigation chart display systems.

Researchers warned that the operators of Broadside have already commenced selling access to infected ship networks on dark forums. Potential buyers could include competitors from logistics companies seeking route and cargo data, as well as pirates using ships’ location information to plan physical attacks in high-risk areas.

Asus has **confirmed** a breach in the infrastructure of one of its suppliers. Meanwhile, the ransomware group Everest announced a significant data theft. This was reported by the publication **Hacker**.

The criminals claim to have stolen 1 TB of sensitive information from three companies: Asus, Qualcomm, and ArcSoft. According to media reports, they have obtained source codes for smartphone camera software, custom AI models, and internal developer tools.

As evidence, hackers posted screenshots of the hacked files on the dark web.

Asus emphasized that the attack did not impact its own servers or customer data. The leak was limited to a portion of the source code for mobile camera software managed by a partner. The manufacturer has already begun a security audit of its supply chain but did not disclose the name of the compromised contractor.

At the time of writing, Qualcomm and ArcSoft had not commented on the potential data loss.

French thinkers have demonstrated that technologies are not neutral. The Internet, originally conceived as a space for freedom, carries within it the genes of control and simulation.