Happy Friday! Let’s jump into the month of April’s first cybersecurity news recap of 2025. Here’s what you might have missed this week:
There’s a new malware known as Crocodilus that is designed to take control of Android devices remotely to steal crypto assets.
After installation that bypasses Android restrictions and a granting of access to enable Accessibility Service, the malware continuously runs in the background and uses many modern techniques to steal information, notably cryptocurrency wallets, from the victim. Due to the sophistication of this malware, financial institutions have been advised to utilize layered security.
(–Source: International Business Times
Read More: Crocodilus: New Android Malware Remotely Controls Devices To Hijack Crypto Wallets | IBTimes )
In one of the largest social media data leaks ever, roughly 2.8 billion X (formerly Twitter) accounts have been affected after a hacker posted a CSV file containing 34 GB of information that has been verified to be correct on BreachForums.
The hacker, who goes by the alias ThinkingOne, said in the post that they have tried contacting X multiple times but have received no response and it appears that the general public is unaware of this breach. The leaked information includes metadata and email addresses of various X accounts.
(–Source: Mashable on MSN
Read More: Massive breach of Elon Musk’s X allegedly leaks over 200 million users’ email addresses )
The Oracle Cloud breach, which we covered in last week’s cybersecurity news recap, has new developments as the hacker who claimed responsibility for this incident said in a post on Sunday that they will leak or sell the data since Oracle is not cooperating with demands.
Oracle originally denied that the breach occurred, and has mostly remained silent about the incident since, even though experts are finding evidence indicating that the breach did, in fact, occur.
(–Source: Construction Dive
Read More: Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Construction Dive )
Approximately 270,000 Samsung customer records were leaked on the dark web by hackers after they gained access to Samsung Electronics Germany’s support data base.
The stolen data relates to customer satisfaction tickets which include names, addresses, and other contact information of Samsung customers. The user who posted about the stolen data on a well-known dark web forum is asking for the equivalent of 2 euros for the data records.
(–Source: Heise Online
Read More: Data leak: 270,000 Samsung customer tickets on the darknet | heise online )
The Clop ransomware gang mentioned Sam’s Club on a leak site last week, leading Sam’s Club officials to investigate the possibility of a cyberattack.
Though the ransomware gang did not mention any specific details in the post and there have not been any indicators of an attack on Sam’s Club, officials of the business are investigating the matter to be safe.
(–Source: Cybersecurity Dive on Yahoo! Finance
Read More: Sam’s Club investigating attack claim linked to Clop ransomware )
The FBI is investigating after Baltimore City was defrauded of $1.5 million after payments were approved for a vendor of the city, but directed to a bank account not affiliated with the vendor.
This large sum of money was sent in two payments, one of which was returned to the city after the fraudulent account was frozen, but the other payment has still not been recovered. Investigation is ongoing.
(–Source: CBS News
Read More: Baltimore City alerted to $1.5 million theft by fraudulent vendor, prompting investigation – CBS Baltimore )
