This Week in Cyber 21st March 2025

Analyst Insight

This week in cyber, we have seen more malicious activity related to mobile devices. Starting with a critical zero-click, zero-day vulnerability discovered in WhatsApp allowing attackers to install spyware without any interaction. We have also seen an increase in malicious applications on the Google Play Store; with over 300 apps discovered to be hosting full screen malicious advertisements to trick users into giving away sensitive information. This highlights that users need to be more vigilant on downloading applications, even from trusted mobile app stores. Read below to discover more this week in cyber. 

Malicious Google Play Store Apps Installed Over 60 Million Times

Security researchers at Bitdefender have uncovered a significant threat on the Google Play Store, identifying at least 331 malicious apps that have been downloaded over 60 million times. These apps, which mimic simple utility functions like QR code scanners, expense trackers, health apps, and wallpapers, display out-of-context ads and attempt to trick users into giving away credentials and credit card information through phishing attacks. The malicious applications can start activities even when not running in the foreground and without the necessary permissions, bombarding users with continuous, full screen ads to gather sensitive information. This highlights the need to be vigilant even when on trusted mobile app stores. 

Zero-day WhatsApp Vulnerability Exploited in Spyware Attacks Patched

In a recent security update, WhatsApp addressed a critical zero-click, zero-day vulnerability that was being exploited to deploy Paragon's Graphite spyware. The vulnerability allows attackers to remotely install spyware on users' devices without any interaction, posing a significant threat to user privacy, which was identified by researchers at the University of Toronto's Citizen Lab. The attack chain involved the spyware embedding itself within WhatsApp's process, enabling attackers to intercept encrypted conversations without needing to install separate components. Users are strongly encouraged to update their app to the latest version to ensure their devices remain secure.

Newly Discovered Phishing Scam Targeting Coinbase Crypto Wallet Users

A newly discovered phishing scam targeting Coinbase users was discovered this week. First reported by BleepingComputer, the article details a convincing phishing email prompting the user to “Migrate to Coinbase Wallet”  stating that all customers must transition to self-custodial wallets. The emails are sent from a legitimate SendGrid IP address and from Akamai’s email account to pass email security checks. Interestingly, there is no links to click on within the email to trick the user into giving sensitive information, which is usual behaviour of a phishing email. Instead, the victim will create a new wallet with the threat actor’s recovery phrase, allowing the attacker full control of the funds when the new wallet is set up.

Critical Apache Tomcat Vulnerability Actively Exploited in Attacks

A critical Apache Tomcat vulnerability has been exploited in the wild. Classified as CVE-2025-24813 with a severity of 9.8 (Critical) making it notably easy to exploit. Attackers start by uploading a serialized Java session file using a PUT request. Then, they trigger the deserialization process by referencing the malicious session ID in a GET request. This sequence allows them to exploit the vulnerability and gain control over the server. Vulnerability researchers at Wallarm discovered the vulnerability being exploited, explaining “The attack is dead simple to execute and requires no authentication”.

Google Acquires Cybersecurity Firm Wiz for $32 Billion

Google (Alphabet) has agreed to acquire Wiz for an impressive $32 Billion cash this week, making it the largest M&A transaction of the year to date. Wiz is a cloud security platform that protects code, CI/CD, and cloud environments. Sundar Pichai, a chief-executive at Alphabet states that this acquisition will drive growth in its cloud services, competing with AWS, Azure and Oracle stating “Together, Google Cloud and Wiz will turbocharge improved cloud security and the ability to use multiple clouds.” The acquisition of Wiz adds to Google’s growing cloud security portfolio, including Google Security Operations, Security Command Center Enterprise, Chrome Enterprise, and Mandiant Consulting which was acquired in 2022 for $5.4 billion.