This is a news item roundup of privacy or privacy-related news items for 5 JAN 2025 – 11 JAN 2025. Information and summaries provided here are as-is for warranty purposes.
Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.
Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.
Privacy Tools and Services
Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com
Privacy Services
Quantum-resistant tunnels are now the default on desktop
Mullvad
As of the 2025.2 desktop release, quantum-resistant WireGuard tunnels are enabled by default on all desktop platforms (macOS, Windows, Linux)
Proton Mail still down as Proton recovers from worldwide outage
Bleeping Computer
Past event (presumed resolved).
On 9 JAN 2025, Proton appeared to suffer an outage significantly affecting availability of most of their services. According to Proton, service was restored on the same day at approximately 1327 (ET).
Matrix.org to retire guest accounts and introduce MAS authentication
AlternativeTo
The matrix.org home server will disable guest accounts and introduce the Matrix Authentication Service (MAS), which aims to alleviate client developers from having to include support for every authentication method.
Service Providers’ Privacy Practices
This section is dedicated to notable changes or developments in popular/large service provider’s privacy practices.
Service providers listed here are not necessarily “privacy-focused,” but may have privacy practice changes positively (ex: adopting end-to-end encryption for messaging or) or negatively (ex: increased sharing of data with affiliates) affecting a large amount of users.
Negative changes
Telegram Hands U.S. Authorities Data on Thousands of Users
404media
According to numbers reported by Telegram via their transparency report, the service fulfilled 900 requests for the US government, affecting 2.2k users. The released data indicates fulfilled requests sky rocketed from October to December. These requests appear to generally involve sharing IP addresses and/or phone numbers.
Users are reminded that Telegram does not use end-to-end encryption by default, instead storing messages in the cloud. For messaging, it is generally recommended to use messaging platforms that enable and use end-to-end encryption by default. Ideally, users would use end-to-end encrypted messaging platforms that expose minimal metadata to the routing servers, if any.
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
404media
Note: This isn’t a privacy change by apps displaying programmatic advertising, rather a revelation how location data companies may acquire user location data using shady tactics.
This revelation stems from the hack of shady location data company Gravy Analytics.
In the past, location data companies typically approached app developers and offered payment to include code enabling the company to gather user data. However, the rise and prevalence of Real-Time Bidding (RTB) has eroded user privacy further; during the bid stream, potential advertisers receive user profiles – which may contain data such as location, advertising ID, device information, etc – to determine whether an ad is shown. Data brokers have been “spying” on this process, harvesting user location data.
What has ended up happening is that the app itself, as coded by the developer, does not collect this data directly… but if it displays programmatic ads, then it may be sharing user data.
Bonus: The EFF has a great explainer on the significant privacy threat posed by the current state of real-time bidding employed by many programmatic advertisers.
Vulnerabilities and Malware
Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.
This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.
Malware
Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps
SlashNext
PhishWP is a malicious WordPress plugin designed to steal payment information and 3D Secure one-time passcodes to bypass security protections for suspicious transactions. The plugin can deliver this information in near real-time to threat actors. PhishWP can collect payment information, such as:
- credit card number
- billing details
- CVV
- expiration date
It can also collect browser information such as IP address and user-agents to replicate user environments for future fraud.
Attackers may compromise a legitimate WordPress website and subsequently install this malicious plugin – or they may simply create convincing, fraudulent websites with the plugin installed and advertise them to unsuspecting users.
Scam Sniffer 2024: Web3 Phishing Attacks – Wallet Drainers Drain $494 Million
ScamSniffer
Research by ScamSniffer indicates that in 2024, a type of malware known as a “wallet drainer” used in some attacks caused almost $500 million in losses. This is a 67% increase year-over-year while number of victims increased by $3.7%. The largest single theft was approximately $55.48 million.
Wallet drainers were primarily delivered to victims via phishing websites. The phishing websites primarily acquired traffic via hijacked Twitter and Discord accounts and scam ads.
Cracking the Code: How Banshee Stealer Targets macOS Users
Check Point
Banshee Stealer operates with extreme stealth, blending in with normal processes on macOS while stealing credentials stored in the browser, cryptocurrency wallet seeds, and sensitive file data – it exfiltrates this data to the threat actors. A variation of Banshee Stealer appeared to have “stolen” a string encryption algorithm from Apple’s XProtect antivirus engine, potentially allowing the stealer to evade detection by antivirus engines for over two months.
Like many other information stealers, Banshee Stealer is commonly distributed via phishing websites, malicious GitHub repos, and via masquerading as “forked” versions of Chrome and Telegram.
While Banshee Stealer’s source code has been leaked and presumably reverse engineered for better detection, variants could (and likely are) derive from the leaked source code.
Recruitment Phishing Scam Imitates CrowdStrike Hiring Process
CrowdStrike
Phishing emails claiming to be part of the CrowdStrike recruiting process…
The post Privacy Roundup: Week 2 of Year 2025 appeared first on Security Boulevard.