CySecurity News - Latest Information Security and Hacking Incidents: Social Media



 Trendy Right Now

Showing posts with label Social Media. Show all posts

age verification online AI Australia social media restrictions Child Online Safety India social media ban Social Media Technology under 16 social media law

India Sees Rising Push for Limits on Children’s Social Media Access

A growing conversation around restricting social media access for children under 16 is gaining traction across India, with several state leaders reviewing regulatory models adopted overseas — particularly in Australia.

Ministers from at least two southern states have indicated that they are assessing whether prohibiting minors from using social media could effectively shield children from excessive online exposure.

Adding weight to the debate, the latest Economic Survey — an annual report prepared by a team led by India’s chief economic adviser suggested that the central government explore age-based controls on children’s social media usage. While the survey does not mandate policy action, its recommendations often influence national discussions.

Australia’s Precedent Sparks Global Debate

Australia recently became the first nation to prohibit most social media platforms for users under 16. The law requires companies to verify users’ ages and deactivate accounts belonging to underage individuals.

The decision drew criticism from tech platforms. As Australia’s internet regulator told the BBC last month, companies responded to the framework "kicking and screaming - very very reluctantly".

Meanwhile, lawmakers in France have approved a bill in the lower house seeking to block social media access for children under 15; the proposal now awaits Senate approval. The United Kingdom is also evaluating similar measures.

In India, LSK Devarayalu of the Telugu Desam Party — which governs Andhra Pradesh and supports Prime Minister Narendra Modi’s federal coalition — introduced a private member’s bill proposing a ban on social media use for children under 16. Although such bills rarely become law, they can influence legislative debate.

Separately, the Andhra Pradesh government has formed a ministerial group to examine international regulatory models. It has also invited major technology firms, including Meta, X, Google and ShareChat, for consultations. The companies have yet to respond publicly.

State IT Minister Nara Lokesh recently wrote on X that children were "slipping into relentless usage" of social media, affecting their attention spans and academic performance.

"We will ensure social media becomes a safer space and reduce its damaging impact - especially for women and children," he added.

In Goa, Tourism and IT Minister Rohan Khaunte confirmed that authorities are studying whether such restrictions could be introduced, promising further details soon.

Similarly, Priyank Kharge, IT Minister of Karnataka — home to Bengaluru, often dubbed India’s Silicon Valley — informed the state assembly that discussions were underway on responsible artificial intelligence and social media use. He referenced a “digital detox” initiative launched in partnership with Meta, involving approximately 300,000 students and 100,000 teachers. However, he did not clarify whether legislative action was being considered.

Enforcement and Legal Hurdles

Experts caution that implementing such bans in India would be legally and technically complex.

Digital rights activist Nikhil Pahwa pointed out that enforcing state-level prohibitions could create jurisdictional conflicts. "While companies can infer users' locations through IP addresses, such systems are often inaccurate. Where state boundaries are very close, you can end up creating conflicts if one state bans social media use and another does not."

He also underscored the broader issue of age verification. "Age verification is not simple. To adhere to such bans, companies would effectively have to verify every individual using every service on the internet," Pahwa told the BBC.

Even in Australia, some minors reportedly bypass restrictions by entering false birth dates to create accounts.

According to Prateek Waghre, head of programmes at the Tech Global Institute, successful enforcement would hinge on platform cooperation.

"In theory, location can be inferred through IP addresses by internet service providers or technology companies, but whether the companies operating such apps would comply, or challenge such directions in court, is not yet clear," he says.

Broader Social Concerns

While lawmakers acknowledge the risks of excessive social media exposure, some analysts argue that a blanket ban may be too narrow a solution.

A recent survey of 1,277 Indian teenagers by a non-profit organisation found that many accounts are created with assistance from family members or friends and are often not tied to personal email addresses. This complicates assumptions of individual ownership central to age-verification systems.

Parents remain divided. Delhi resident Jitender Yadav, father of two young daughters, believes deeper issues are at play.

"Parents themselves fail to give enough time to children and hand them phones to keep them engaged - the problem starts there," he says.

"I am not sure if a social media ban will help. Because unless parents give enough time to their children or learn to keep them creatively engaged, they will always find ways to bypass such bans," he says.

As the discussion unfolds, India faces a complex balancing act — safeguarding children online while navigating legal, technological and social realities.



 

Technology

Age Restriction Australia Facebook Instagram Meta Social Media Technology

Meta Begins Removing Under-16 Users Ahead of Australia’s New Social Media Ban

Meta has started taking down accounts belonging to Australians under 16 on Instagram, Facebook and Threads, beginning a week before Australia’s new age-restriction law comes into force. The company recently alerted users it believes are between 13 and 15 that their profiles would soon be shut down, and the rollout has now begun.

Current estimates suggest that a large number of accounts will be affected, including roughly hundreds of thousands across Meta’s platforms. Since Threads operates through Instagram credentials, any underage Instagram account will also lose access to Threads.

Australia’s new policy, which becomes fully active on 10 December, prevents anyone under 16 from holding an account on major social media sites. This law is the first of its kind globally. Platforms that fail to take meaningful action can face penalties reaching up to 49.5 million Australian dollars. The responsibility to monitor and enforce this age limit rests with the companies, not parents or children.

A Meta spokesperson explained that following the new rules will require ongoing adjustments, as compliance involves several layers of technology and review. The company has argued that the government should shift age verification to app stores, where users could verify their age once when downloading an app. Meta claims this would reduce the need for children to repeatedly confirm their age across multiple platforms and may better protect privacy.

Before their accounts are removed, underage users can download and store their photos, videos and messages. Those who believe Meta has made an incorrect assessment can request a review and prove their age by submitting government identification or a short video-based verification.

The new law affects a wide list of services, including Facebook, Instagram, Snapchat, TikTok, Threads, YouTube, X, Reddit, Twitch and Kick. However, platforms designed for younger audiences or tools used primarily for education, such as YouTube Kids, Google Classroom and messaging apps like WhatsApp, are not included. Authorities have also been examining whether children are shifting to lesser-known apps, and companies behind emerging platforms like Lemon8 and Yope have already begun evaluating whether they fall under the new rules.

Government officials have stated that the goal is to reduce children’s exposure to harmful online material, which includes violent content, misogynistic messages, eating disorder promotion, suicide-related material and grooming attempts. A national study reported that the vast majority of children aged 10 to 15 use social media, with many encountering unsafe or damaging content.

Critics, however, warn that age verification tools may misidentify users, create privacy risks or fail to stop determined teenagers from using alternative accounts. Others argue that removing teens from regulated platforms might push them toward unmonitored apps, reducing online safety rather than improving it.

Australian authorities expect challenges in the early weeks of implementation but maintain that the long-term goal is to reduce risks for the youngest generation of online users.

Banking Malware Can Hack Communications via Encrypted Apps



 

AI Cloud malware Social Media Sturnus Telegram WhatsApp

Banking Malware Can Hack Communications via Encrypted Apps

Sturnus hacks communication

A new Android banking malware dubbed Sturnus can hack interactions from entirety via encrypted messaging networks like Signal, WhatsApp, and Telegram, as well as take complete control of the device.

While still under growth, the virus is fully functional and has been programmed to target accounts at various financial institutions across Europe by employing "region-specific overlay templates."

Attack tactic

Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication with the command-and-control (C2) server, making it a more sophisticated threat than existing Android malware families.

Sturnus may steal messages from secure messaging apps after the decryption step by recording the content from the device screen, according to a research from online fraud prevention and threat intelligence agency Threatfabric. The malware can also collect banking account details using HTML overlays and offers support for complete, real-time access through VNC session.

Malware distribution

The researchers haven't found how the malware is disseminated but they assume that malvertising or direct communications are plausible approaches. Upon deployment, the malware connects to the C2 network to register the target via a cryptographic transaction.

For instructions and data exfiltration, it creates an encrypted HTTPS connection; for real-time VNC operations and live monitoring, it creates an AES-encrypted WebSocket channel. Sturnus can begin reading text on the screen, record the victim's inputs, view the UI structure, identify program launches, press buttons, scroll, inject text, and traverse the phone by abusing the Accessibility services on the device.

To get full command of the system, Sturnus gets Android Device Administrator credentials, which let it keep tabs of password changes and attempts to unlock and lock the device remotely. The malware also tries to stop the user from disabling its privileges or deleting it from the device. Sturnus uses its permissions to identify message content, inputted text, contact names, and conversation contents when the user accesses WhatsApp, Telegram, or Signal.

EU's Chat Control Bill faces backlashes, will access encrypted chats



 

Chats Encryption EU Privacy Social Media WhatsApp

EU's Chat Control Bill faces backlashes, will access encrypted chats

The EU recently proposed a child sexual abuse (CSAM) scanning bill that is facing backlashes from the opposition. The controversial bill is amid controversy just a few days before the important meeting.

On 12 September, the EU Council will share its final assessment of the Danish version of what is known as “Chat Control.” The proposal has faced strong backlash, as it aims to introduce new mandates for all messaging apps based in Europe to scan users’ chats, including encrypted ones.

Who is opposing?

Belgium and the Czech Republic are now opposing the proposed law, with the former calling it "a monster that invades your privacy and cannot be tamed." The other countries that have opposed the bill so far include Poland, Austria, and the Netherlands.

Who is supporting?

But the list of supporters is longer, including important member states: Ireland, Cyprus, Spain, Sweden, France, Lithuania, Italy, and Ireland.

Germany may consider abstaining from voting. This weakens the Danish mandate.

Impact on encrypted communications in the EU

Initially proposed in 2022, the Chat Control Proposal is now close to becoming an act. The vote will take place on 14 October 2025. Currently, the majority of member states are in support. If successful, it will mean that the EU can scan chats of users by October 2025, even the encrypted ones.

The debate is around encryption provisions- apps like Signal, WhatsApp, ProtonMail, etc., use encryption to maintain user privacy and prevent chats from unauthorized access.

Who will be affected?

If the proposed bill is passed, the files and things you share through these apps can be scanned to check for any CSAM materials. However, military and government accounts are exempt from scanning. This can damage user privacy and data security.

Although the proposal ensures that encryption will be “protected fully,” which promotes cybersecurity, tech experts and digital rights activists have warned that scanning can’t be done without compromising encryption. This can also expose users to cyberattacks by threat actors.

Russia launches messenger app "Max" that could replace WhatsApp



 

Russia Social Media Technology Telegram WhatsApp

Russia launches messenger app "Max" that could replace WhatsApp

Russia is planning to make a “national messenger” as an alternative to social media apps like WhatsApp and Telegram. Max, a messenger app released earlier this year by the tech giant VK and supported by state media campaigns, seems to be the basis of this service.

WhatsApp may face a ban in Russia as the Kremlin seeks to exert greater control over the online sphere. This blog explains about Max and what is likely to happen in Russia with the new changes.

About Max

The app was launched in March 2025. It has features similar to those of WhatsApp and Telegram. Max supports business accounts while also trying to become more than just a messaging app. "Friends, hello! I recently downloaded the Max app. And you know what, I was just amazed," said Russian influencer and singer Instasamka in a promotional video.

Max is promoted as a digital “super app”- a single platform for government and commercial services. The Russian bank has already started using a digital banking platform for customers to book via the travel wing of e-commerce giant Ozon.

Other national apps

Russia’s portal for public services, “Gosuslugi,” will be launched in 2026 with added access to the Central Bank’s Fast Payment System. “Several Asian countries have national or quasi-official messengers: China’s WeChat, Japan’s Line, South Korea’s KakaoTalk, Vietnam’s Zalo, and India’s Sandes,” according to the BBC.

Russian media has termed the app as “the Russian WeChat,” hinting at the Chinese state-backed application that is known as a tool of social control. Max is yet to prove its potential. According to VK, a million people have registered already. Both VK and Telegram have monthly Russian users of around 100 million, according to MediaScope. The app has mixed reviews. It currently has a 4.2 rating on the App Store and 2.4 on Google Play.

According to BBC, “Max is owned by a firm called “Communication Platform,” located in the same Moscow business center as VK. Russian business paper Vedomosti has reported that the two companies are affiliated. VK is ultimately controlled by state energy giant Gazprom.”

Here's Why We Need Child Influencer Laws in a Monetised Content Society



 

User Security

Child Influencer Laws Legal Framework Social Media Technology User Security

Here's Why We Need Child Influencer Laws in a Monetised Content Society

The increasing urgency around safeguarding children who are featured as influencers or content creators online is a concerning trend that has grown rapidly in recent years. Earlier, U.S. child labor laws like the Coogan Law were designed to protect child actors, but the rise of social media has created an environment where many minors—sometimes as family breadwinners—are now regularly producing monetized content. This shift raises new legal and ethical questions regarding consent, financial exploitation, and the long-term impact on children’s wellbeing.

Recent popular documentaries, such as Hulu’s "Devil in the Family" and Netflix’s "Bad Influence," have brought to light extreme cases of abuse and exploitation involving child influencers. These shows highlight not only physical and emotional abuse but also the dangers posed when children’s most private moments are shared for profit. Central concerns include whether children can meaningfully consent to being featured, how difficult it is for them to refuse their parents, and who ultimately controls the digital footprint these young people accumulate.

State legislatures are starting to take action in response to these harms. In 2023, Illinois took the lead by amending its child labour laws to specifically define vlogging as work and required parents to record their children's participation in content. Additionally, the state established trust funds to receive a percentage of the revenue.Other states, including Minnesota, Montana, California, and Utah, have enacted similar laws with unique provisions. For example, Minnesota prohibits children under 14 from engaging in content creation as labor, while Utah only mandates compensation for children when families earn a threshold amount from content.

A key feature of some new state laws is the “right to be forgotten,” allowing individuals who were featured as minors to have their content removed later in life. While this empowers former child influencers, it can sometimes conflict with law enforcement needs for evidence. Even so, these laws mark important progress toward recognizing and addressing the specific risks faced by children in the influencer economy, mainly by treating online content creation as work and prioritizing financial safeguards.

However, child experts stress that legislation alone cannot solve all problems associated with child influencing. Effective protection requires a collaborative approach: tech platforms should enforce clear and accessible privacy options, families must educate themselves and respect children’s right to consent, and policymakers should continue to advocate for balanced regulations. Ultimately, safeguarding the emotional and psychological wellbeing of child influencers—and considering the lasting effects of exposing personal lives online—must remain the top priority.

Beware of Pig Butchering Scams That Steal Your Money



 

Social Media

Crypto Cyber Security Facebook Instagram Internet Meta Pig Butchering Scam Social Media

Beware of Pig Butchering Scams That Steal Your Money

Pig butchering, a term we usually hear in the meat market, sadly, has also become a lethal form of cybercrime that can cause complete financial losses for the victims.

Pig Butchering is a “form of investment fraud in the crypto space where scammers build relationships with targets through social engineering and then lure them to invest crypto in fake opportunities or platforms created by the scammer,” according to The Department of Financial Protection & Innovation.

Pig butchering has squeezed billions of dollars from victims globally. Cambodian-based Huione Group gang stole over $4 billion from August 2021 to January 2025, the New York Post reported.

How to stay safe from pig butchering?

Individuals should watch out for certain things to avoid getting caught in these extortion schemes. Scammers often target seniors and individuals who are not well aware about cybercrime. The National Council on Aging cautions that such scams begin with receiving messages from scammers pretending to be someone else. Never respond or send money to random people who text you online, even if the story sounds compelling. Scammers rely on earning your trust, a sob story is one easy way for them to trick you.

Another red flag is receiving SMS or social media texts that send you to other platforms like WeChat or Telegram, which have fewer regulations. Scammers also convince users to invest their money, which they claim to return with big profits. In one incident, the scammer even asked the victim to “go to a loan shark” to get the money.

Stopping scammers

Last year, Meta blocked over 2 million accounts that were promoting crypto investment scams such as pig butchering. Businesses have increased efforts to combat this issue, but the problem still very much exists. A major step is raising awareness via public posts broadcasting safety tips among individuals to prevent them from falling prey to such scams.

Organizations have now started releasing warnings in Instagram DMs and Facebook Messenger warning users about “potentially suspicious interactions or cold outreach from people you don’t know”, which is a good initiative. Banks have started tipping of customers about the dangers of scams when sending money online.

URL Scams Everywhere? These Steps Will Help You Stay Safe



 

URL

Email Internet phishing QR code Scams Social Media Technology URL

URL Scams Everywhere? These Steps Will Help You Stay Safe

Scam links are difficult to spot, but it has become an everyday issue for internet users who accidentally click on malicious URLs that are part of a phishing attack. Most fake links include standard “https” encryption and domains similar to real websites. Phishing and spoofing scams caused over $70 million in losses for victims in 2024 says FBI’s Internet Crime Complaint Center.

When users click on a scam link, they might suffer monetary losses, and worse, give up private info such as name and credit card details to scammers, they may also accidentally install malware on their device.

How to spot scam link

They are generally found in text messages and emails sent by scammers, designed to trick us into downloading malware or bringing us to a scam website to steal our personal identifying information. A few examples include gold bars, employment, and unpaid toll scams. Scammers send these links to the masses— with the help of AI these days. Since a lot of users fall victim to phishing scams every year, scammers haven’t changed their attack tactics over the years.

How to avoid scam link

Always check the URL

These days, smartphones try to block scam links, so scammers have adapted making links that escape detection. Users are advised to look for typos-quatting, a technique that uses spelling mistakes. For eg: 'applle' instead of 'apple'.

Be cautious of URLs you visit regularly

Most brands don’t change their domain names. If you find the domain name is different in the URL, it is a fake link.

Watch out for short links

Shortlists are generally found on social media and texts. Experts say there is no way to determine the authenticity of a shortened URL, advising users to not open them. Instead, users should check the language for any suspicious signs.

How do victims receive scam links?

Text scams

These don’t need website links, they are sent via phone numbers. Users accidentally click on a malicious phone number thinking it is their bank or someone important. Experts suggest not to interact with unknown phone numbers.

Email

The most popular means to send scam links is via e-mail, resulting in the biggest monetary losses. To stay safe, users can copy the link in their notepad first and inspect it before opening it.

QR code scams

Malicious QR codes have become common in public avenues, from restaurants to parking stands. Scammers embed fake codes over real ones or fill them with phishing emails that redirect to fake sites or malware downloads.

DMs on social media

Scammers pretend to be someone you know, they may fake a medical emergency and demand you for money to help them. Always call the person to cross-check the identity before giving money, opening a link, or revealing any personal information.



 

User Privacy

Data Facebook Meta Social Media Technology User Privacy

Want to Leave Facebook? Do this.

Confused about leaving Facebook?

Many people are changing their social media habits and opting out of many services. Facebook has witnessed a large exodus of users deserting the platform after the announcement in March that Meta was terminating the independent fact-checking on its platform. However, fact-checking has been replaced with community notes, letting users make changes to potentially false/misleading information.

Users having years of photos and posts on Facebook are confused about how to collect their data before removing their accounts. If you also feel the same problem, this post will help you delete Facebook permanently, while taking all your information on the way out.

How to remove Facebook?

For users who do not want to be on Facebook anymore, deleting their account is the only way to completely remove yourself from the platform. If you are not sure, deactivating your account allows you to have some life off of Facebook without account deletion.

Make sure to remove third-party Facebook logins before deleting your account.

How to leave third-party apps?

Third-party apps like DoorDash and Spotify allow you to log in using your Facebook account. This lets you log in without remembering another password, but if you’re planning on deleting Facebook, you have to update your login settings. That is because if you delete your account, there will not be another Facebook account for the user to log in through.

Fortunately, there is another simple way to find which of your sites and applications are connected to Facebook and delete them before removing your account. Once you disconnect from other websites and applications from Facebook, you will need to adjust how you login to them.

Users should try specific applications and websites to set new passwords or passkeys or log in via a single-service sign-on option, such as Google.

How is deactivating different than deactivating a Facebook account?

If you want to stay away from Facebook, you have two choices. Either delete your account permanently, or you can disable it temporarily to deactivate it.

Florida Scraps Controversial Law That Threatened Online Privacy



 

Social Media

Encryption Florida Instagram Law Privacy Social Media

Florida Scraps Controversial Law That Threatened Online Privacy

A proposed law in Florida that raised concerns about online privacy has now been officially dropped. The bill, called “Social Media Use by Minors,” aimed to place tighter controls on how children use social media. While it was introduced to protect young users, many experts argued it would have done more harm than good — not just for kids, but for all internet users.

One major issue with the bill was its demand for social media platforms to change how they protect users’ messages. Apps like WhatsApp, Signal, iMessage, and Instagram use something called end-to-end encryption. This feature makes messages unreadable to anyone except the person you're talking to. Not even the app itself can access the content.

The bill, however, would have required these platforms to create a special way for authorities to unlock private messages if they had a legal order. But cybersecurity professionals have long said that once such a "backdoor" exists, it can't be safely limited to just the police. Criminals, hackers, or even foreign spies could find and misuse it. Creating a backdoor for some means weakening protection for all.

The bill also included other rules, like banning temporary or disappearing messages for children and letting parents view everything their child does on social media. Critics worried this would put young users at greater risk, especially those needing privacy in situations like abuse or bullying.

Even though the Florida Senate passed the bill, the House of Representatives refused to approve it. On May 3, 2025, the bill was officially removed from further discussion. Digital privacy advocates, such as the Electronic Frontier Foundation, welcomed this move, calling it a step in the right direction for protecting online privacy.

This isn’t the first time governments have tried and failed to weaken encryption. Similar efforts have been blocked in other parts of the world, like France and the European Union, for the same reason: once secure messaging is weakened, it puts everyone at risk.

For now, users in Florida can breathe a sigh of relief. The bill’s failure shows growing recognition of how vital strong encryption is in keeping our personal information safe online.

EU Fines TikTok $600 Million for Data Transfers to China



 

TikTok

China Data Regulation Europe GDPR Privacy Social Media TikTok

EU Fines TikTok $600 Million for Data Transfers to China

Regulators said that the EU has fined TikTok 530 million euros (around $600 million). Chinese tech giant ByteDance owns TikTok, which has been found guilty of illegally sending the private data of EU users to China and lack of compliance to ensure the protection of data from potential access by Chinese authorities. According to an AFP news report, the penalty— one of the largest ever issued to date by EU’s data protection agencies— comes after a detailed inquiry into the legitimacy of TikTok’s data transfer rules.

TikTok Fine and EU

TikTok’s lead regulator in Europe, Ireland’s Data Protection Commission (DPC) said that TikTok accepted during the probe about hosting European user data in China. DPC’s deputy commissioner Graham Doyle said that “TikTok failed to verify, guarantee, and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,”

Besides this, Doyle said that TikTok’s failure to address the dangers of possible access to Europeans’s private data by Chinese authorities under China’s anti-terrorism, counter-espionage, and other regulations, which TikTok itself found different than EU’s data protection standards.

TikTok will contest the decision

TikTok has declared to contest the heavy EU fine, despite the findings. TikTok Europe’s Christine Grahn stressed that the company has “never received a request” from authorities in China for European users’ data and that “TikTok” has never given EU users’ data to Chinese authorities. “We disagree with this decision and intend to appeal it in full,” Christine said.

TikTok boasts a massive 1.5 billion users worldwide. In recent years, the social media platform has been under tough pressure from Western governments due to worries about the misuse of data by Chinese actors for surveillance and propaganda aims.

TikTok to comply with EU Rules

In 2023, the Ireland DPC fined TikTok 354 million euros for violating EU rules related to the processing of children’s information. The DPC’s recent judgment also revealed that TikTok violated requirements under the EU’s General Data Protection Regulation (GDPR) by sending user data to China. The decision includes a 530 million euro administrative penalty plus a mandate that TikTok aligns its data processing rules with EU practices within 6 months.

Millions at Risk as Malicious Actors Hijack Popular YouTube Accounts



 

YouTube Account

Account Hack Cyber Fraud Malicious Campaign Online Creator Social Media YouTube Account

Millions at Risk as Malicious Actors Hijack Popular YouTube Accounts

At a startling rate, cybercriminals are taking over well-known YouTube channels, exposing viewers to malware, frauds, and data theft. With billions of views and millions of followers at risk, a single mistake can have disastrous results.

According to new research from Bitdefender Labs, social media account takeovers increased in 2024 and persisted into early 2025. Content creators and influencers with large followings and views have become primary targets.

Bitdefender discovered more than 9,000 fraudulent livestreams on YouTube in 2024. These are frequently presented on hacked channels that use trusted brands and public figures to propagate fraud and malware.

One such hijacked account had 12.4 billion views; if even 1% of viewers were duped, 124 million users would be impacted. Attackers frequently imitate well-known brands such as Tesla, Ripple, and SpaceX, holding phoney livestreams with deepfakes of public people like Elon Musk and Donald Trump to push cryptocurrency frauds and phishing links.

Beyond YouTube, Instagram has been a key target. Hackers send phishing emails impersonating Meta or Instagram Support, cloning login pages, and tricking creators into revealing SMS verification numbers.

Malicious sponsorships are another form of infiltration. Cybercriminals trick creators into downloading malicious files disguised as promotional content. Malvertising, which includes adverts for bogus AI products or games like GTA VI that install info-stealers and remote access trojans on victims' gadgets, is also a prevalent strategy.

Events with enormous internet audiences, such as Apple keynotes, the XRP-SEC litigation, or CS2 tournaments, are regularly targeted. Attackers take advantage of these periods of high interest to run frauds disguised as official livestreams or contests.

Prevention tips

To stay safe, creators should utilise the finest browsers with built-in security measures, enable multi-factor authentication (MFA), and regularly monitor account activity for any unusual changes. Unexpected sponsorship offers, particularly those related to trending issues, must also be carefully scrutinised.

It is recommended that you use the best DDoS protection to avoid service disruptions caused by account takeovers, and that you use a reputable proxy service to offer an extra layer of anonymity and security when managing accounts across many platforms.

Huge Spike in Social Media and Email Hacks – Simple Ways to Protect Yourself



 

Social Media

2FA Action Fraud Data Leaks phishing Social Media

Huge Spike in Social Media and Email Hacks – Simple Ways to Protect Yourself

There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were reported in 2024. This is a huge increase compared to the 22,000 cases recorded the previous year.

To address this growing problem, Action Fraud has teamed up with Meta to start an online safety campaign. Their main goal is to help people secure their accounts by turning on two-step verification, also known as 2FA. This extra security step makes it much harder for hackers to break into accounts.

Hackers usually target social media or email profiles for money. Once they gain access, they often pretend to be the real user and reach out to the person’s friends or followers. Many times, they use these stolen accounts to promote fake investment schemes or sell fake event tickets. In other cases, hackers simply sell these hacked accounts to others who use them for illegal activities.

One trick commonly used by hackers is messaging the account owner’s contacts and convincing them to share security codes. Since the message appears to come from a trusted person, many people unknowingly share sensitive information, giving hackers further control.

Another method involves stealing login information through phishing scams or data leaks. If people use the same password for many sites, hackers can easily access multiple accounts once they crack one.

The good news is that there are simple ways to protect yourself. The most important step is enabling two-step verification on all your accounts. This adds an extra barrier by asking for a unique code when someone tries to log in, making it much tougher for hackers to get through even if they know your password.

Meta has also introduced face recognition technology to help users recover hacked accounts. Still, experts say prevention is always better than trying to fix the damage later.

Here are a few easy tips to protect your online accounts:

1. Always enable two-step verification wherever it is available.

2. Create strong and unique passwords for each account. Avoid using the same password more than once.

3. Be careful if someone you know suddenly asks for a security code — double-check if it’s really them.

4. Stay alert for suspicious links or emails asking for your login details — they could be phishing traps.

5. Keep an eye on your accounts for unusual activity or login attempts from unknown places.

With online scams increasing, staying careful and following these safety steps can help you avoid falling victim to account hacks. Taking action now can save you a lot of trouble later.

SilentCryptominer Threatens YouTubers to Post Malware in Videos



 

Youtube

Blackmail Internet malware Russia SilentCryptominer Social Media Youtube

SilentCryptominer Threatens YouTubers to Post Malware in Videos

Experts have discovered an advanced malware campaign that exploits the rising popularity of Windows Packet Divert drivers to escape internet checks.

Malware targets YouTubers

Hackers are spreading SilentCryptominer malware hidden as genuine software. It has impacted over 2000 victims in Russia alone. The attack vector involves tricking YouTubers with a large follower base into spreading malicious links.

“Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,” reports Secure List. This helps threat actors by “allowing them to persist in an unprotected system without the risk of detection.

Innocent YouTubers Turned into victims

Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency.” Few commonly found malware in the distribution scheme are: Phemedrone, DCRat NJRat, and XWorm.

In one incident, a YouTuber with 60k subscribers had put videos containing malicious links to infected archives, gaining over 400k views. The malicious links were hosted on gitrock[.]com, along with download counter crossing 40,000.

The malicious files were hosted on gitrok[.]com, with the download counter exceeding 40,000.

Blackmail and distributing malware

Threat actors have started using a new distribution plan where they send copyright strikes to content creators and influencers and blackmail them to shut down channels if they do not post videos containing malicious links. The scare strategy misuses the fame of the popular YouTubers to distribute malware to a larger base.

The infection chain starts with a manipulated start script that employs an additional executable file via PowerShell.

As per the Secure List Report, the loader (written in Python) is deployed with PyInstaller and gets the next-stage payload from hardcoded domains. The second-stage loader runs environment checks, adds “AppData directory to Microsoft Defender exclusions” and downloads the final payload “SilentCryptominer.”

The infamous SilentCryptoMiner

The SilentCryptoMiner is known for mining multiple cryptocurrencies via different algorithms. It uses process hollowing techniques to deploy miner code into PCs for stealth.

The malware can escape security checks, like stopping mining when processes are running and scanning for virtual environment indicators.

WhatsApp Says Spyware Company Paragon Hacked 90 Users



 

New Media Privacy Social Media Spyware surveillance WhatsApp

WhatsApp Says Spyware Company Paragon Hacked 90 Users

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is done under the guise of national security, but in a few cases, it is aimed to suppress opposition and is a breach of privacy.

Zero-click Spyware for WhatsApp

One such interesting incident is the recent WhatsApp “zero-click” hacking incident. In a conversation with Reuters, a WhatsApp official disclosed that Israeli spyware company Paragon Solutions was targeting its users, victims include journalists and civil society members. Earlier this week, the official told Reuters that Whatsapp had sent Paragon a cease-and-desist notice after the surveillance hack. In its official statement, WhatsApp stressed it will “continue to protect people's ability to communicate privately."

Paragon refused to comment

According to Reuters, WhatsApp had noticed an attempt to hack around 90 users. The official didn’t disclose the identity of the targets but hinted that the victims belonged to more than a dozen countries, mostly from Europe. WhatsApp users were sent infected files that didn’t require any user interaction to hack their targets, the technique is called the “zero-click” hack, known for its stealth

“The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab,” Reuter reports. He didn’t discuss how it was decided that Paragon was the culprit but added that law enforcement agencies and industry partners had been notified, and didn’t give any further details.

FBI didn’t respond immediately

“The FBI did not immediately return a message seeking comment,” Reuter said. Citizen Lab researcher John Scott-Railton said the finding of Paragon spyware attacking WhatsApp is a “reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Ethical implications concerning spying software

Spyware businesses like Paragaon trade advanced surveillance software to government clients, and project their services as “critical to fighting crime and protecting national security,” Reuter mentions. However, history suggests that such surveillance tools have largely been used for spying, and in this case- journalists, activists, opposition politicians, and around 50 U.S officials. This raises questions about the lawless use of technology.

Paragon - which was reportedly acquired by Florida-based investment group AE Industrial Partners last month - has tried to position itself publicly as one of the industry's more responsible players. On its website, Paragon advertises the software as “ethically based tools, teams, and insights to disrupt intractable threats” On its website, and media reports mentioning people acquainted with the company “say Paragon only sells to governments in stable democratic countries,” Reuter mentions.

Meta Removes Independent Fact Checkers, Replaces With "Community Notes"



 

Trump

Facebook Instagram Meta Social Media Technology Trump

Meta Removes Independent Fact Checkers, Replaces With "Community Notes"

Meta to remove fact-checkers

Meta is dumping independent fact-checkers on Instagram and Facebook, similar to what X (earlier Twitter) did, replacing them with “community notes” where users’ comments decide the accuracy of a post.

On Tuesday, Mark Zuckerberg in a video said third-party moderators were "too politically biased" and it was "time to get back to our roots around free expression".

Tech executives are trying to build better relations with the new US President Donald Trump who will take oath this month, the new move is a step in that direction.

Republican Party and Meta

The Republican party and Trump have called out Meta for its fact-checking policies, stressing it censors right-wing voices on its platform.

After the new policy was announced, Trump said in a news conference he was pleased with Meta’s decision to have "come a long way".

Online anti-hate speech activists expressed disappointment with the shift, claiming it was motivated by a desire to align with Trump.

“Zuckerberg's announcement is a blatant attempt to cozy up to the incoming Trump administration – with harmful implications. Claiming to avoid "censorship" is a political move to avoid taking responsibility for hate and disinformation that platforms encourage and facilitate,” said Ava Lee of Global Witness. This organization sees itself as trying to bring big tech like Meta accountable.

Copying X

The present fact-checking program of Meta was introduced in 2016, it sends posts that seem false or misleading to independent fact-checking organizations to judge their credibility.

Posts marked as misleading have labels attached to them, giving users more information, and move down in viewers’ social media feeds. This will now be replaced by community notes, starting in the US. Meta has no “immediate plans” to remove third-party fact-checkers in the EU or the UK.

The new community notes move has been copied from platform X, which was started after Elon Musk bought Twitter.

It includes people with opposing opinions agreeing on notes that provide insight or explanation to disputed posts.

We will allow more speech by lifting restrictions on some topics that are part of mainstream discourse and focusing our enforcement on illegal and high-severity violations. We will take a more personalized approach to political content, so that people who want to see more of it in their feeds can.

India Proposes New Draft Rules Under Digital Personal Data Protection Act, 2023



 

Social Media

Cyberattacks Cybersecurity Cyberthreats Digital Personal Data Protection IT Ministry Privacy Social Media

India Proposes New Draft Rules Under Digital Personal Data Protection Act, 2023

The Ministry of Electronics and Information Technology (MeitY) announced on January 3, 2025, the release of draft rules under the Digital Personal Data Protection Act, 2023 for public feedback. A significant provision in this draft mandates that parental consent must be obtained before processing the personal data of children under 18 years of age, including creating social media accounts. This move aims to strengthen online safety measures for minors and regulate how digital platforms handle their data.

The draft rules explicitly require social media platforms to secure verifiable parental consent before allowing minors under 18 to open accounts. This provision is intended to safeguard children from online risks such as cyberbullying, data breaches, and exposure to inappropriate content. Verification may involve government-issued identification or digital identity tools like Digital Lockers.

MeitY has invited the public to share their opinions and suggestions regarding the draft rules through the government’s citizen engagement platform, MyGov.in. The consultation window remains open until February 18, 2025. Public feedback will be reviewed before the finalization of the rules.

Consumer Rights and Data Protection Measures

The draft rules enhance consumer data protection by introducing several key rights and safeguards:

Data Deletion Requests: Users can request companies to delete their personal data.
Transparency Obligations: Companies must explain why user data is being collected and how it will be used.
Penalties for Data Breaches: Data fiduciaries will face fines of up to ₹250 crore for data breaches.

To ensure compliance, the government plans to establish a Data Protection Board, an independent digital regulatory body. The Board will oversee data protection practices, conduct investigations, enforce penalties, and regulate consent managers. Consent managers must register with the Board and maintain a minimum net worth of ₹12 crore.

Mixed Reactions to the Proposed Rules

The draft rules have received a blend of support and criticism. Supporters, like Saneh Lata, a teacher and mother of two from Dwarka, Delhi, appreciate the move, citing social media as a significant distraction for children. Critics, however, argue that the regulations may lead to excessive government intervention in children's digital lives.

Certain institutions, such as educational organizations and child welfare bodies, may be exempt from some provisions to ensure uninterrupted educational and welfare services. Additionally, digital intermediaries like e-commerce, online gaming, and social media platforms are subject to specific guidelines tailored to their operations.

The proposed draft rules mark a significant step towards strengthening data privacy, especially for vulnerable groups like children and individuals under legal guardianship. By holding data fiduciaries accountable and empowering consumers with greater control over their data, the government aims to create a safer and more transparent digital ecosystem.

FireScam Malware Targets Android Users via Fake Telegram Premium App



 

Android Malware Fake Apps FireScam malware Social Media Telegram

FireScam Malware Targets Android Users via Fake Telegram Premium App

Android Malware 'FireScam' Poses As Telegram Premium to Steal User Data

A newly discovered Android malware, FireScam, is being distributed through phishing websites on GitHub, masquerading as a premium version of the Telegram application. These malicious sites impersonate RuStore, a Russian app marketplace, to deceive users into downloading the infected software.

How FireScam Operates

RuStore, launched by Russian tech giant VK (VKontakte) in May 2022, was developed as an alternative to Apple's App Store and Google Play following Western sanctions that restricted Russian users' access to global platforms. This marketplace hosts apps that comply with Russian regulations and operates under the oversight of the Russian Ministry of Digital Development.

According to security researchers at CYFIRMA, attackers have set up a fraudulent GitHub page mimicking RuStore. This fake website delivers a dropper module named GetAppsRu.apk. Once installed, the dropper requests extensive permissions, allowing it to scan installed applications, access device storage, and install additional software. It then downloads and executes the main malware payload, disguised as Telegram Premium.apk. This secondary payload enables the malware to monitor notifications, read clipboard data, access SMS and call information, and collect other sensitive details.

FireScam’s Advanced Capabilities

Once activated, FireScam presents users with a deceptive WebView-based Telegram login page designed to steal credentials. The malware communicates with Firebase Realtime Database, allowing stolen data to be uploaded instantly. It also assigns unique identifiers to compromised devices, enabling hackers to track them.

Stolen data is temporarily stored before being filtered and transferred to another location, ensuring that traces are erased from Firebase. Additionally, FireScam establishes a persistent WebSocket connection with the Firebase command-and-control (C2) server, enabling real-time command execution. This allows attackers to:

Request specific data from the infected device
Install additional payloads
Modify surveillance parameters
Initiate immediate data uploads

Furthermore, the malware can:

Monitor screen activity and app usage
Track changes in screen on/off states
Log keystrokes, clipboard data, and credentials stored in password managers
Intercept and steal e-commerce payment details

How to Stay Safe

While the identity of FireScam’s operators remains unknown, CYFIRMA researchers warn that the malware exhibits advanced evasion techniques and poses a serious threat to users. To minimize the risk of infection, users should:

Avoid downloading apps from unverified sources, especially those claiming to be premium versions of popular software.
Exercise caution when opening links from unknown sources.
Regularly review and restrict app permissions to prevent unauthorized data access.
Use reliable security solutions to detect and block malware threats.

As attackers continue refining their tactics, staying vigilant against phishing campaigns and suspicious downloads is essential to protecting personal and financial data.

The Digital Markets Act (DMA): A Game Changer for Tech Companies



 

Technology

EU’s Digital Market Act News Social Media Technology

The Digital Markets Act (DMA): A Game Changer for Tech Companies

The Digital Markets Act (DMA) is poised to reshape the European digital landscape. This pioneering legislation by the European Union seeks to curb the dominance of tech giants, foster competition, and create a fairer digital marketplace for consumers and businesses alike. By enforcing strict regulations on major players like Google, Apple, and Meta, the DMA aims to dismantle monopolistic practices and ensure greater choice and transparency.

The DMA targets the "gatekeepers" of the digital economy—large companies that control access to critical digital services. By requiring these firms to unbundle tightly integrated ecosystems, the act provides smaller players an opportunity to thrive.

For instance, companies will no longer be able to self-preference their own products in search rankings or restrict users from installing third-party apps. These changes promise to unlock innovation and drive competition across the digital ecosystem.

Google’s longstanding practice of integrating services such as Maps, Calendar, and Docs with its search engine has faced criticism for sidelining competitors. Under the DMA, Google must separate these services, starting with Maps.

While these integrations have offered users convenience, they have limited market access for alternatives like HERE WeGo and OpenStreetMap. The new regulations could disrupt Google’s user experience but pave the way for smaller mapping solutions to gain traction.

Apple faces significant challenges under the DMA. The legislation mandates opening its App Store to competing platforms, potentially allowing alternative app marketplaces to operate on iOS devices. This could disrupt Apple’s revenue streams and force the company to rethink its tightly controlled ecosystem.

Apple’s adherence to the DMA will redefine its approach to user experience while creating opportunities for developers to access a broader audience.

For consumers, the DMA promises long-term benefits by increasing choice and reducing dependency on dominant players. Initially, the transition may seem inconvenient, but the diversity it fosters will lead to a more innovative digital economy.

The DMA’s implications extend beyond Europe. It sets a precedent for how governments worldwide might regulate tech giants. Countries like the United States and India are closely watching its impact, potentially adopting similar frameworks to tackle monopolistic practices.

The Digital Markets Act is more than just a European regulation — it’s a bold step towards a competitive and equitable digital future. By leveling the playing field, it challenges global tech giants to innovate responsibly while empowering smaller businesses and consumers alike.

Practical Tips to Avoid Oversharing and Protect Your Online Privacy



 

Social Media

Account security Cyber Security Cyber Security and Privacy Data Privacy Digital Footprint Online Privacy Social Media

Practical Tips to Avoid Oversharing and Protect Your Online Privacy

In today’s digital age, the line between public and private life often blurs. Social media enables us to share moments, connect, and express ourselves. However, oversharing online—whether through impulsive posts or lax privacy settings—can pose serious risks to your security, privacy, and relationships.

Oversharing involves sharing excessive personal information, such as travel plans, daily routines, or even seemingly harmless details like pet names or childhood memories. Cybercriminals can exploit this information to answer security questions, track your movements, or even plan crimes like burglary.

Additionally, posts assumed private can be screenshotted, shared, or retrieved long after deletion, making them a permanent part of your digital footprint. Beyond personal risks, oversharing also contributes to a growing culture of surveillance. Companies collect your data to build profiles for targeted ads, eroding your control over your personal information.

The first step in safeguarding your online privacy is understanding your audience. Limit your posts to trusted friends or specific groups using privacy tools on social media platforms. Share updates after events rather than in real-time to protect your location. Regularly review and update your account privacy settings, as platforms often change their default configurations.

Set your profiles to private, accept connection requests only from trusted individuals, and think twice before sharing. Ask yourself if the information is something you would be comfortable sharing with strangers, employers, or cybercriminals. Avoid linking unnecessary accounts, as this creates vulnerabilities if one is compromised.

Carefully review the permissions you grant to apps or games, and disconnect those you no longer use. For extra security, enable two-factor authentication and use strong, unique passwords for each account. Oversharing isn’t limited to social media posts; apps and devices also collect data. Disable unnecessary location tracking, avoid geotagging posts, and scrub metadata from photos and videos before sharing. Be mindful of background details in images, such as visible addresses or documents.

Set up alerts to monitor your name or personal details online, and periodically search for yourself to identify potential risks. Children and teens are especially vulnerable to the risks of oversharing. Teach them about privacy settings, the permanence of posts, and safe sharing habits. Simple exercises, like the “Granny Test,” can encourage thoughtful posting.

Reducing online activity and spending more time offline can help minimize oversharing while fostering stronger in-person connections. By staying vigilant and following these tips, you can enjoy the benefits of social media while keeping your personal information safe.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

Menu Item

Sturnus hacks communication

Attack tactic

Malware distribution

Who is opposing?

Who is supporting?

Impact on encrypted communications in the EU

Who will be affected?

About Max

Other national apps

How to stay safe from pig butchering?

Stopping scammers

How to spot scam link

How to avoid scam link

Always check the URL

Be cautious of URLs you visit regularly

Watch out for short links

How do victims receive scam links?

Text scams

Email

QR code scams

DMs on social media

Confused about leaving Facebook?

How to remove Facebook?

How to leave third-party apps?

How is deactivating different than deactivating a Facebook account?

TikTok Fine and EU

TikTok will contest the decision

TikTok to comply with EU Rules

Malware targets YouTubers

Innocent YouTubers Turned into victims

Blackmail and distributing malware

The infamous SilentCryptoMiner

Zero-click Spyware for WhatsApp

Paragon refused to comment

FBI didn’t respond immediately

Ethical implications concerning spying software

Meta to remove fact-checkers

Republican Party and Meta

Copying X

How FireScam Operates

FireScam’s Advanced Capabilities

How to Stay Safe