{"id":37325,"date":"2020-09-25T12:40:01","date_gmt":"2020-09-25T12:40:01","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=544526"},"modified":"2020-09-25T12:40:01","modified_gmt":"2020-09-25T12:40:01","slug":"this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/","title":{"rendered":"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps"},"content":{"rendered":"<p><img decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-300x300.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt loading=\"lazy\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-300x300.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-768x768.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-1024x1024.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-640x640.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-900x900.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-440x440.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-380x380.jpg 380w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"> <\/p>\n<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how threat actors are bundling Windscribe VPN installers with backdoors. Also, read about a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications.<\/p>\n<p>Read on:<\/p>\n<p><a href=\"https:\/\/www.helpnetsecurity.com\/2020\/09\/22\/windows-backdoor-vpn\/\"><strong>Windows Backdoor Masquerading as VPN App Installer<\/strong><\/a><\/p>\n<p><em>This article discusses findings covered in a <\/em><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/i\/cybercriminals-distribute-backdoor-with-vpn.html\"><em>recent blog<\/em><\/a><em> from Trend Micro where company researchers warn that Windows users looking to install a VPN app are in danger of downloading one that\u2019s been bundled with a backdoor. The trojanized package in this specific case is the Windows installer for Windscribe VPN and contains the Bladabindi backdoor.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/i\/the-evolution-of-malicious-shell-scripts.html\"><strong>The Evolution of Malicious Shell Scripts<\/strong><\/a><\/p>\n<p><em>The Unix-programming community commonly uses shell scripts as a simple way to execute multiple Linux commands within a single file. Many users do this as part of a regular operational workload manipulating files, executing programs and printing text. However, as a shell interpreter is available in every Unix machine, it is also an interesting and dynamic tool abused by malicious actors. <\/em><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/microsoft-says-it-detected-active-attacks-leveraging-zerologon-vulnerability\/\"><strong>Microsoft Says It Detected Active Attacks Leveraging Zerologon Vulnerability<\/strong><\/a><\/p>\n<p><em>Hackers are actively exploiting the Zerologon vulnerability in real-world attacks, Microsoft\u2019s security intelligence team said on Thursday morning. The attacks were expected to happen, according to security industry experts. Multiple versions of weaponized proof-of-concept exploit code have been published online in freely downloadable form since details about the Zerologon vulnerability were revealed on September 14 by Dutch security firm Secura BV.<\/em><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/3575093\/stretched-and-stressed-best-practices-for-protecting-security-workers-mental-health.html?upd=1600779903816\"><strong>Stretched and Stressed: Best Practices for Protecting Security Workers\u2019 Mental Health<\/strong><\/a><\/p>\n<p><em>Security work is stressful under the best of circumstances, but remote work presents its own challenges. In this article, learn how savvy security leaders can best support their teams today \u2014 wherever they\u2019re working. Trend Micro\u2019s senior director of HR for the Americas, Bob Kedrosky, weighs in on how Trend Micro is supporting its remote workers.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/i\/exploitable-flaws-found-in-facial-recognition-devices.html\"><strong>Exploitable Flaws Found in Facial Recognition Devices<\/strong><\/a><\/p>\n<p><em>To gain a more nuanced understanding of the security issues present in facial recognition devices, Trend Micro analyzed the security of four different models: ZKTeco FaceDepot-7B, Hikvision DS-K1T606MF, Telpo TPS980 and Megvii Koala. Trend Micro\u2019s case studies show how these devices can be misused by malicious attackers.<\/em><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/new-alien-malware-can-steal-passwords-from-226-android-apps\/#ftag=RSSbaffb68\"><strong>New \u2018Alien\u2019 Malware Can Steal Passwords from 226 Android Apps<\/strong><\/a><\/p>\n<p><em>Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications. Named Alien, this new trojan has been active since the start of the year and has been offered as a Malware-as-a-Service (MaaS) offering on underground hacking forums.<\/em><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/government-software-provider-tyler-technologies-hit-possible-ransomware-attack?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29\"><strong>Government Software Provider Tyler Technologies Hit by Possible Ransomware Attack<\/strong><\/a><\/p>\n<p><em>Tyler Technologies, a Texas-based provider of software and services for the U.S. government, started informing customers this week of a security incident that is believed to have involved a piece of ransomware. Tyler\u2019s website is currently unavailable and in emails sent out to customers the company said its internal phone and IT systems were accessed without authorization by an \u201cunknown third party.\u201d<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/i\/u-s--justice-department-charges-apt41-hackers-over-global-cyberattacks.html\"><strong>U.S. Justice Department Charges APT41 Hackers Over Global Cyberattacks<\/strong><\/a><\/p>\n<p><em>On September 16, 2020, the United States Justice Department announced that it was charging five Chinese citizens with hacking crimes committed against over 100 institutions in the United States and abroad. The global hacking campaign went after a diverse range of targets, from video game companies and telecommunications enterprises to universities and non-profit organizations. The five individuals were reportedly connected to the hacking group known as APT41. <\/em><\/p>\n<p><a href=\"https:\/\/www.helpnetsecurity.com\/2020\/09\/24\/phishers-targeting-employees-fake-gdpr-compliance-reminders\/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29\"><strong>Phishers are Targeting Employees with Fake GDPR Compliance Reminders<\/strong><\/a><\/p>\n<p><em>Phishers are using a bogus&nbsp;GDPR&nbsp;compliance reminder to trick recipients \u2013 employees of businesses across several industry verticals \u2013 into handing over their email login credentials. In this evolving campaign, the attackers targeted mostly email addresses they could glean from company websites and, to a lesser extent, emails of people who are high in the organization\u2019s hierarchy.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/mispadu-banking-trojan-resurfaces\"><strong>Mispadu Banking Trojan Resurfaces<\/strong><\/a><\/p>\n<p><em>Recent spam campaigns leading to the URSA\/Mispadu banking trojan have been uncovered, as reported by malware analyst Pedro Tavares in a Twitter post and by Seguranca Informatica in a blog post. Mispadu malware steals credentials from users\u2019 systems.<\/em> <em>This attack targets systems with Spanish and Portuguese as system languages. <\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/us\/iot-security\/news\/6239\/A_Blind_Spot_in_ICS_Security_The_Protocol_Gateway_Part_3_What_ICS_Security_Administrators_can_Do\"><strong>A Blind Spot in ICS Security: The Protocol Gateway Part 3: What ICS Security Administrators Can Do<\/strong><\/a><\/p>\n<p><em>In this blog series, Trend Micro analyzes the impacts of the serious vulnerabilities detected in the protocol gateways that are essential when shifting to smart factories and discusses the security countermeasures that security administrators in those factories must take. In the final part of this series, Trend Micro describes a stealth attack method that abuses a vulnerability as well as informs readers of a vital point of security measures required for the future ICS environment.<\/em><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2020\/09\/instagram-android-hack.html?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29\"><strong>Major Instagram App Bug Could\u2019ve Given Hackers Remote Access to Your Phone<\/strong><\/a><\/p>\n<p><em>Check Point researchers disclosed details about a critical vulnerability in Instagram\u2019s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. The flaw lets attackers perform actions on behalf of the user within the Instagram app, including spying on victim\u2019s private messages and deleting or posting photos from their accounts, as well as execute arbitrary code on the device.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/addressing-threats-like-ryuk-via-trend-micro-xdr\"><strong>Addressing Threats Like Ryuk via Trend Micro XDR<\/strong><\/a><\/p>\n<p><em>Ryuk has recently been one of the most noteworthy ransomware families and is perhaps the best representation of the new paradigm in ransomware attacks where malicious actors go for quality over sheer quantity. In 2019, the Trend Micro\u2122 Managed XDR and Incident Response teams investigated an incident concerning a Trend Micro customer that was infected with the Ryuk ransomware. <\/em><\/p>\n<p>What are your thoughts on the Android Instagram app bug that could allow remote access to user\u2019s phones? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: <a href=\"https:\/\/twitter.com\/jonlclay\">@JonLClay.<\/a><!-- AddThis Advanced Settings above via filter on the_content --><!-- AddThis Advanced Settings below via filter on the_content --><!-- AddThis Button BEGIN --><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#160; Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how threat actors are bundling Windscribe VPN installers with backdoors. Also, read about a new strain of Android malware that comes with a wide&#8230;<br \/>\nThe post This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New &#8216;Alien&#8217; Malware can Steal Passwords from 226 Android Apps appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37326,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[311,399,307],"class_list":["post-37325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-current-news","tag-industry-news","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-25T12:40:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps\",\"datePublished\":\"2020-09-25T12:40:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/\"},\"wordCount\":1030,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg\",\"keywords\":[\"Current News\",\"Industry News\",\"Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/\",\"name\":\"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg\",\"datePublished\":\"2020-09-25T12:40:01+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg\",\"width\":300,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Current News\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/current-news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/","og_locale":"en_US","og_type":"article","og_title":"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-09-25T12:40:01+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps","datePublished":"2020-09-25T12:40:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/"},"wordCount":1030,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg","keywords":["Current News","Industry News","Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/","url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/","name":"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg","datePublished":"2020-09-25T12:40:01+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps.jpg","width":300,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-cybercriminals-distribute-backdoor-with-vpn-installer-and-new-alien-malware-can-steal-passwords-from-226-android-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Current News","item":"https:\/\/www.threatshub.org\/blog\/tag\/current-news\/"},{"@type":"ListItem","position":3,"name":"This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New \u2018Alien\u2019 Malware can Steal Passwords from 226 Android Apps"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37325"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37325\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37326"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}