The year 2023 was a nightmare for cybersecurity and privacy. Cybercriminals exploited vulnerabilities in various devices, platforms and networks to launch malicious attacks. They used phishing scams, malware infections and data breaches to steal personal and financial information from unsuspecting victims. Millions of people were affected by these incidents.

In this blog post, we will review some of the worst malware, security, and privacy breaches that happened in the past year.

Callisto Group

A new cyberattack campaign has been traced back to a Russian group with links to the Kremlin. The group, known as Star Blizzard or by various other names, uses deceptive web links to infiltrate and steal data from their targets. The victims include academic, defense, and government entities in the U.S., the U.K. and other NATO allies, as well as countries near China. The U.S. Cybersecurity and Infrastructure Security Agency has issued a warning about this threat and urged organizations to take precautions. Two malicious campaigns lured users into downloading fake apps that contain malware.

The first campaign is called CherryBlos and it uses phishing websites to trick you into downloading apps that contain the malware. Once installed, the malware can access your cryptocurrency wallet credentials and replace your withdrawal address with the attacker’s. This means that when you try to withdraw your funds, they will go to the hacker instead of you.

The second campaign is called FakeTrade and it uses fake money-earning apps that contain the malware. These apps claim to offer you increased income, but they will not let you withdraw your funds. They will also ask you for personal information and access to your device. Both campaigns use fake posts on popular platforms like TikTok, X and Telegram to lure you into their traps.

MOVEit

A huge cyberattack hit a popular file-transfer program called MOVEit, putting the personal data of millions of Americans at risk. The attack affected people in Louisiana and Oregon who had driver's licenses or state IDs, and officials feared more victims could emerge. The breach also had serious consequences for many businesses and institutions, such as global companies, federal and state agencies, and universities.

NodeStealer

Bitdefender Labs has discovered a new threat to Facebook users. A virus called NodeStealer is spreading through malicious ads that pretend to be from Meta, the parent company of Facebook. This virus can steal your cookies and passwords, and use them to hack your Facebook account.

NodeStealer is a sophisticated malware that runs on JavaScript and Node.js. It can access your web browser data and monitor your online behavior. If you click on one of the fake Meta ads, you will download the virus without knowing it. Then, it will start to collect your personal information and send it to the hackers.

Realst

If you're a Mac user, you might want to watch out for a new cyber threat that's lurking in the dark corners of the internet. It's called "Realst" and it's a sneaky malware that can steal your passwords, crypto and personal data. How does it do that? By tricking you into playing fake blockchain games that it distributes through social media or direct messages.

But "Realst" is not a simple malware that you can easily detect and remove. It's a shape-shifter that can change its form and behavior depending on the situation. It has 16 different variants that it uses to infect your Mac and perform its nefarious deeds. You might think you're playing a fun game, but in reality, you're giving "Realst" access to your sensitive information.

ShadowVault

Don't let your Mac fall prey to ShadowVault malware. This malicious software can steal your sensitive data, such as your login credentials, credit card numbers, crypto wallet keys and more. ShadowVault is not a typical malware that you can easily detect and remove. It operates stealthily on infected Mac devices, sending your data to hackers who pay $500 a month to use it. ShadowVault was discovered by Guardz, a cybersecurity company, on the XSS forum on the dark web, where it was advertised as a malware rental service.

SuperVPN

A massive data leak has exposed the personal information of millions of users of the free VPN service SuperVPN. Cybersecurity researcher Jeremiah Fowler found and reported that the leak involved over 360 million records, including email addresses, original IP addresses, geolocation records, unique user identifiers, and references to visited websites.

Fowler also uncovered a disturbing detail about the SuperVPN app. He noticed that the app had different developers on different App Stores. On the Google Play Store, the app was developed by SuperSoft Tech, while on the Apple App Store, it was developed by Qingdao Leyou Hudong Network Technology Co. Both developers seem to have ties to China, as their notes are written in Mandarin, the official language of the country. Fowler then found a publicly exposed database that belonged to the SuperVPN app, containing 133 GB of data.

This leak raises serious questions about the security and privacy of SuperVPN users. How did the leak happen? Who is behind the app? What are they doing with the data? How can users protect themselves from such leaks in the future? These are some of the questions that need to be answered urgently.

ClearFake

Are you a Mac user who often gets notifications or pop-ups asking you to update your web browser? If so, you should be careful before clicking on them, because they might be part of a malicious malware campaign called ClearFake, which aims to steal your personal data.

ClearFake is the name of a malware campaign that uses fake browser updates to infect your Mac with a credential stealer called Atomic Stealer. This campaign was first detected by security company Malwarebytes in their threat research report. Malwarebytes says that ClearFake is one of the first social engineering campaigns that targets both Windows and Mac users with fake browser updates.

Racoon Stealer

Racoon Stealer is a malware strain so cunning it steals data from 60 applications. We're talking usernames, passwords, credit card numbers, those precious browser histories you thought were hidden and even the trendy cryptocurrency accounts.

Now, what if I told you that this infamous service was accessible to any wannabe hacker for a mere $200 subscription a month? It's the Netflix of cybercrime, except you get pilfered credentials instead of shows.

What to Do?

If you are looking for a way to improve your security posture and reduce your cyber risks, you might want to consider hiring a Fractional Information Security Officer (FISO) and penetration testers from Webcheck Security. A FISO is a professional who can help you design, implement and maintain a security strategy that aligns with your business goals and compliance requirements. A penetration tester is a professional who can simulate real-world attacks on your systems and networks, and identify vulnerabilities and weaknesses that need to be fixed. Webcheck Security offers both FISO and penetration testing services, as well as other security solutions, to help you protect your data, reputation and customers. To learn more about how Webcheck Security can help you visit https://www.webchecksecurity.com/advisory-services.