Svoboda Cybersecurity Brief August 25, 2025
Aug 25, 2025bulletproof VPN - stay anonymous
Google Removes 19M+ Android App Installs Over Anatsa Banking Malware
Google deleted 77 malicious Android apps (19M+ downloads) from Play Store after Zscaler discovered they contained Anatsa (TeaBot) malware. The malware steals banking credentials via keylogging and targets 831 financial institutions. Google Play Protect now blocks all active variants.
Source: DataBreaches.net
Malicious Go Module Exfiltrates SSH Credentials via Telegram Bot
A deceptive Go package (golang-random-ip-ssh-bruteforce) disguised as an SSH brute-force tool sends compromised credentials to a Telegram bot (@sshZXC_bot). It disables host key verification (ssh.InsecureIgnoreHostKey) and uses a weak wordlist (e.g., root:12345678). Linked to Russian threat actor “IllDieAnyway.”
Impact: Credential theft from exposed SSH services.
Mitigation: Disable SSH password authentication, enforce key-based auth, monitor egress traffic for Telegram API calls.
Source: The Hacker News
EU NIS2 Directive Expands Cybersecurity Rules for Intra-Group IT Services
The EU NIS2 Directive now mandates stricter cybersecurity requirements for shared IT services within corporate groups, aiming to mitigate supply chain risks. Details include enhanced incident reporting and accountability.
Source: DataBreaches.net
Share this brief: https://svo.bz/2dFJ
If you want to support us, you can donate here: Donate