Your Daily Dose Of Cyber Risk With Coronalab Data Oops Moments, Facebook Deception, and BigPanzi Cyber Crime

cyber crime banner

A recently discovered Facebook-oriented scam combines deception and grief to introduce a phishing trap. 

The scam begins with a message: “I can’t believe he’s gone. I’ll miss him so much.” To add a layer of credibility, a Facebook permalink is provided, leading curious users to another post featuring a fabricated BBC news article titled “Fatal road accident on the highway takes several lives.”

Hijacked Accounts and Tagged Friends

As pointed out by a Reddit user, the scammers go a step further by hijacking a relative’s Facebook account. They exploit the trust among friends by tagging them in a post discussing the alleged loss, creating a more personalized and convincing narrative.

Behind the Scenes

The malicious link takes victims through multiple redirects, possibly extracting valuable data such as location and browser information. 

Bigpanzi On The Go

Bigpanzi deploys a previously unknown malware, “pandoraspear,” which infiltrates devices through pirated movie and TV apps and backdoored firmware. Analysts warn that this discovery might only scratch the surface of a more significant cyber threat.

DDoS Attacks and Illicit Streaming

The pandoraspear malware equips compromised devices with tools for distributed denial of service (DDoS) attacks, turning them into zombies in a massive botnet. 

Additionally, these infiltrated devices become operational nodes for illicit streaming, facilitating activities such as traffic proxying and over-the-top (OTT) content provision.

Over the past eight years, Bigpanzi has operated covertly, accumulating wealth from the shadows. The researchers acknowledge that their findings represent just the tip of the iceberg, highlighting the vast and intricate network that Bigpanzi has.

Coronalab. eu Accidentally Shows 11.8 Million Patient Records

Even though the COVID-19 times are fading, a concerning issue pops up. Coronalab. eu, a Dutch website for COVID-19 testing, accidentally left a computer folder open, and it had 11.8 million patient records. 

These records include COVID-19 certificates, test results, passport numbers, and other private info.

Oops Moment: How the Data Got Out

The mistake happened in a computer folder called “prod,” suggesting Coronalab used it for their regular computer work. The researcher’s team found this open folder in November, and Coronalab fixed it after being told about the problem.

What Kind of Private Stuff Got Out?

In the millions of files, there were 120,000 COVID certificates in QR code form and 32,000 files with over 11.7 million COVID test results. 

These files covered the time from 2020 to 2022 and had a bunch of personal info like names, birthdates, passport numbers, COVID test results, email addresses, phone numbers, and even where people were traveling if they got tested.

Who Got Affected?

Most of the leaked info seems to be from people in the Netherlands – almost 89% of the leaked phone numbers are Dutch. A smaller percentage is from the UK, the USA, Germany, and Italy.

Why is This a Big Deal?

When private info like this gets out, it can cause significant issues. Bad actors might use it for scams, fake emails, or even steal someone’s identity. Keeping this kind of health info private is super important, and a leak like this might break the rules.

Beware: Your Privacy is At Stake

Facebook scams, android malware, and health data being leaked and used for illicit activities are something we must not ignore. We all must do something to guard our data. 

Being on the internet is not safe and we must realize that our privacy can be leaked anytime. It is essential to be careful all the time!


Anas Hasan


January 19, 2024


9 hours ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *