A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight.

The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender called out in 2020. Bitdefender said the apps appeared in two waves, one in 2016 through 2017 and again in 2018 through 2020.

URL:
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv

Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.6

CVEs: CVE-2024-38373

FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read

issue in the DNS Response Parser when parsing domain names in a DNS response.

A carefully crafted DNS response with domain name length value greater than

the actual domain name length, could cause the parser to read beyond the DNS

response buffer.

This issue affects applications using DNS functionality of the

FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are

not affected, even when the DNS functionality is enabled.

This is fixed in FreeRTOS-Plus-TCP versions 4.1.1 or later.

Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.

The crooks have already hijacked an estimated 30,000 domains since 2019, by using a technique dubbed Sitting Ducks by cybersecurity outfits Infoblox and Eclypsium.

The flaw at the heart of the matter has been known since at least 2016, when security researcher Matt Bryant detailed the takeover of 120,000 domains using a DNS vulnerability at major cloud providers such as AWS, Google, and Digital Ocean. It resurfaced in 2019 at internet service provider GoDaddy, leading to bomb threats and sextortion attempts.

Kaiken kaikkiaan Parametrixin arvioi CrowdStriken viallisen päivityksen aiheuttaneen yrityksille yhteensä 5,4 miljardia euron kustannukset. On todennäköistä, että tappiot ovat sitäkin suuremmat, sillä mukaan ei ole edes laskettu Microsoftille koituneita kustannuksia.