Symantec details an ongoing campaign by the Witchetty hacking group, potentially tied to a China-backed threat actor, that hides malware in a Windows logo image (Bill Toulas/BleepingComputer)

Bill Toulas / BleepingComputer:
Researchers find thousands of repos on GitHub offering fake proof-of-concept exploits for various vulnerabilities, with many of them containing malware instead  —  Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept …

Bill Toulas / BleepingComputer:
McAfee researchers found 16 clicker apps with adware in Google Play with 20M+ downloads in total; Google removed the apps after McAfee reported them  —  Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android.

Ax Sharma / BleepingComputer:
Google blocklisted two Chrome “SearchBlox” extensions with 200K+ installs, after discovery of a backdoor that can be used to steal Roblox credentials and assets  —  Chrome browser extension ‘SearchBlox’ installed by more than 200,000 users has been discovered to contain a backdoor …

Bill Toulas / BleepingComputer:
Researchers find 75 apps on Google Play and 10 on Apple’s App Store that engaged in ad fraud, collectively had 13M installs, and have since been removed  —  Security researchers have discovered 75 applications on Google Play and another ten on Apple’s App Store engaged in ad fraud.

Bill Toulas / BleepingComputer:
Yandex says a former employee is responsible for the leak of a 44.7GB source code repository on a hacking forum and that the company’s systems were not hacked  —  A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum.

Bill Toulas / BleepingComputer:
Yandex says a former employee is responsible for the leak of a 44.7GB source code repository on a hacking forum and that the company’s systems were not hacked  —  A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum.