The Bored Ape Yacht Club and Otherside Metaverse’s Discord servers were hacked in a phishing scam resulting in hackers getting away with around $257,000 in Ethereum and 32 NFTs stolen. Due to internal pressure, Google is in hot water over de-platforming Thenmozhi Soundararajan’s talk on Dalit issues.
Google has also disabled RCS ads in India following reports of businesses exploiting the feature to spam users with ads. Apple reported having removed over 1.6 million apps from the Apple App Store, which were either risky or vulnerable and could potentially fraud users.
Last but not least, security researchers have warned of a new Android malware named SMS factory that automatically subscribes targets to premium services adding unwanted costs to their phone bills.
BAYC gets hacked again
- The BAYC and Otherside Metaverse Discord servers were hacked in a phishing scam.
- The attack allegedly occurred early Saturday morning through a community manager’s compromised account.
- The scam pretended to be an exclusive giveaway for existing BAYC, MAYC and Otherside NFT owners and included a link to a webpage allowing users to mint a free NFT.
- Reports from blockchain cybersecurity company PechShield suggest around 32 NFTs were stolen in the attack, including one BAYC, two MAYC, five Otherdeed and one BAKC.
- Several users have also reported that 145 Ethereum was also lost, costing $276,017 at the time of writing.
- It’s unknown currently how the community manager’s account was compromised, and BAYC is investigating the attack.
H/t: Bored Ape Yacht Club
Google faces heat for cancelling Dalit speaker’s talk
- Google is in trouble for cancelling a talk on Dalit issues by Thenmozhi Soundararajan, founder and executive director of Equality Labs, who was scheduled to talk to the Google News team for Dalit History Month.
- The call was initially scheduled for April, but Google employees spread disinformation called Thenmozhi “Hindu-phobic” or “anti-Hindu” in emails to company leaders.
- Thenmozhi did appeal directory to Google CEO Sundar Pichai (an upper-caste Indian) to let her talk go forward, but it was cancelled nonetheless.
- The cancellation has led Google employees to believe that the company is ignoring caste bias on purpose and the resignation of Tanuja Gupta, a senior manager at Google News who invited Thenmozhi to speak in the first place.
- According to Google, the talk was creating “division and rancour” instead of “bringing the community together and raising awareness”.
- The Alphabet Workers Union has demanded that Google add caste to all its HR policies in all locations, reinstate Thenmozhi’s talk at Google News in addition to agree to a continued commitment to bringing more Dalit and caste-oppressed speakers to address the issue as well as commit to addressing the problem inside the company.
H/t: Washington Post
RCS says goodbye to India
- Google has stopped businesses from using RCS ads in India following reports of the feature being exploited to spam users with unsolicited ads.
- The feature was announced back in 2020 and was mainly intended to be a way for businesses to interact better with customers. While advertising was part of the package, it wasn’t meant to be the only feature.
- Many of these spam ads come from verified businesses, including top banks and lending organisations in the country. The ads mostly revolve around personal loans or financing, a rather dangerous sector riddled with scams targeting the lower and middle class.
Apple cleans up the App Store
- Apple reported this week blocked more than 343,000 apps from the App Store last year for privacy violations and another 157,000 for attempting to mislead or spam iOS users.
- Another 34,500 apps were blocked for using undocumented or hidden features, and another 155,000 for bait-and-switch tactics (adding new features or capabilities after approval).
- Overall, the company’s app review team blocked over 1.6 million risky or vulnerable apps from showing up on the App Store.
- The company also added that it was able to protect customers from $1.5 billion in potentially fraudulent transactions in the last year.
New Android malware will automatically subscribe you to premium services
- An Android malware discovered by Avast researchers is automatically adding targets to premium services, increasing their phone bills.
- The malware, called SMSFactory, has recorded tens of thousands of attempts to infect Android devices, targetting over 165,000 Avast customers alone between May 2021 to May 2022, with most located in Argentina, Brazil, Russia, Turkey and Ukraine.
- While the malware’s primary goal is to send premium texts and make calls to premium phone numbers, a variant which can steal the contact list on compromised devices has also been found.
- The malware is mostly hosted on unofficial app stores. ESET researchers found malicious APKs with the malware on APKMods and PaidAPKFree.