--- title: "Realistic Checkout Fraud,Developer Account Ban,Data-Selling Arrest- Cybersecurity News [19 June 2023] | Phish Protection" description: "Here we are with this week" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-25-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-25-of-2023/" --- Quick Answer Here we are with this week's top \[cybersecurity\](/content/cybersecurity-in-a-nutshell) news sharing the latest arrests of cybercriminals, Google's actions against threats actions, and the \*\*latest campaigns\*\*. It is important to stay informed and implement effective \[phishing protection\](/) strategies. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-25-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Realistic%20Checkout%20Fraud%2CDeveloper%20Account%20Ban%2CData-Selling%20Arrest-%20Cybersecurity%20News%20%5B19%20June%202023%5D&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-25-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-25-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-25-of-2023%2F&title=Realistic%20Checkout%20Fraud%2CDeveloper%20Account%20Ban%2CData-Selling%20Arrest-%20Cybersecurity%20News%20%5B19%20June%202023%5D "Share on Reddit") [ ](mailto:?subject=Realistic%20Checkout%20Fraud%2CDeveloper%20Account%20Ban%2CData-Selling%20Arrest-%20Cybersecurity%20News%20%5B19%20June%202023%5D&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-25-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/06/office-365-email-protection.jpg) Here we are with this week’s top [cybersecurity](/content/cybersecurity-in-a-nutshell) news sharing the latest arrests of cybercriminals, Google’s actions against threats actions, and the **latest campaigns**. It is important to stay informed and implement effective [phishing protection](/) strategies. ### Credit Card Theft Through Realistic Checkout Forms Replaces Hackers’ Stealth Tactics [Hackers](/phishing/hackers-now-going-after-software-tools-which-help-workers-collaborate) and threat actors hijack **online marketplaces** to steal credit cards from innocent individuals worldwide. Threat actors add the code to display genuine-looking **fake payment forms** that display as a modal overlaid on the main webpage of these marketplaces and online stores. Researchers at Malwarebytes released a[report](https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art)on this new campaign highlighting that these models are carefully crafted and visually captivating, adding to the sophistication of the campaign. Whenever an individual enters information into the modal, it shows a loading screen that **leads to an error**, redirecting the user to the original payment URL (Uniform Resource Locator). The details entered, such as the card number, expiration date, CVV, and the holder’s name, are sent to the [threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems). If you are a frequent shopper and come across a modal, it is **better to skip** these and look for the original payment link on the online store. ### \*\*\*\* Google Blocks Malware and Fraud Rings by Banning 173K Developer Accounts Last year, Google banned 173,000 developer accounts to block [malware](/content/protection-against-malware/types-of-malware) and fraud rings infecting the Google Play store and **Android devices**. Preventing nearly 1.5 million applications linked to multiple **policy violations**, Google[shared](https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html)that its Google Play Commerce security team was able to block transactions of fraud and abuse, saving its customers over $2 billion in losses. Google has included additional requirements for developers who wish to join the Play Store ecosystem. ![Office 365 email protection](https://media.mailhop.org/phishprotection/images/2023/06/office-365-email-protection.jpg) Now, the developers will have to undergo a phone and email identity verification and have also collaborated with SDK (Software Development Kit) providers to **minimize** sensitive data access and prevent sharing of data so applications on the app store offer **better privacy** to all users. ### \*\*\*\* Ukrainian Individual Apprehended for Selling Data of 300 Million Individuals to Russians The Ukrainian police apprehended a middle-aged man from Netishyn who sold the [personal data](https://edition.cnn.com/2023/06/16/politics/cyberattack-us-government/index.html) and sensitive information of nearly 300 million individuals, including the data of Ukrainian and European citizens. The 36-year-old used Telegram to **promote the stolen information** and advertise it to buyers, asking for $500-$2000 depending on the volume of data. Ukrainian police released an[announcement](https://cyberpolice.gov.ua/news/kiberpolicziya-vykryla-zlovmysnyka-u-zbuti-baz-iz-personalnymy-danymy-gromadyan-ukrayiny-ta-yes-6598/)highlighting that the information included passport data, taxpayer numbers, driver’s licenses, financial information, and birth certificates. The statement also shared that most **buyers** were [Russian](https://www.politico.com/news/2023/01/15/ukraine-cyber-united-nations-russia-00077955) citizens who used prohibited currencies for the payments, leading the police right to the culprit. During the raid, the man attacked a police officer but was brought down. _The police confiscated computers, server equipment, and 36 hard drives with multiple databases._ The man is facing criminal charges and now **faces jail time** of a minimum of 5-10 years. ### Cryptbot Malware Infrastructure Takedown Initiated by Google Google was granted a court order to take down the Cryptbot malware and [info stealer](https://www.cybersecurityconnect.com.au/technology/9230-it-s-a-me-malware-info-stealer-discovered-in-mario-game-installer) after filing a lawsuit against the individuals using the malware to infect its browser and **steal user data**. _Nearly 18 defendants from Pakistan are charged with running malicious and fraudulent websites to trick users into downloading **malicious versions** of Google Chrome and Google Earth Pro._ These malicious versions downloaded the Cryptbot malware on victim systems designed to steal their personal and financial information without their knowledge. To combat the spread of Cryptbot, Google has been granted a[temporary restraining order](https://www.documentcloud.org/documents/23793321-google-cryptbot-disruption-order-to-show-cause-signed), allowing the organization to disrupt these malicious distributions. Google will now **take down domains** associated with the [malware](/content/protection-against-ransomware/how-to-protect-your-computer-from-malware) that has infected nearly 670,000 systems in the past year. ![Ceo fraud](https://media.mailhop.org/phishprotection/images/2023/06/ceo-fraud-1899.jpg) ### Chinese Hackers Adopt New Linux Malware Variants for Espionage Purposes Threat actors deploy malware on **Linux systems** in a new [cyberespionage](https://www.scmagazine.com/brief/email-security/ukrainian-email-servers-subjected-to-russian-apt-cyberespionage-operation) campaign using the PingPull variant and Sword2023 backdoors. **Pingpull** is a RAT (Remote Access Trojan) used by the Chinese state-sponsored threat actor group Gallium that targets the government and financial organizations of Russia, Belgium, Vietnam, Australia, and the Philippines. The Chinese threat actor is using new malware variants, targeting Nepal and South Africa, and using a **previously undocumented** [backdoor](https://www.gizbot.com/news/apple-installed-a-backdoor-to-help-infect-iphones-in-russia-with-spyware-claims-fsb-085999.html), Sword2023\. Sword2023 can upload files onto breach systems, exfiltrate information, and files, and is associated with two different C2 (Command and Control) servers. Gallium is advancing its arsenal and shifting focus to Linux systems. Organizations should define a **comprehensive security strategy** to defend against this and similar threats. ### Resold Corporate Routers Can Expose Networks to Hackers, Warns Security Experts Enterprise-level [networking equipment](https://www.cpomagazine.com/cyber-security/chinese-hackers-able-to-directly-exploit-major-telcos-via-routers-and-networking-equipment-largely-using-published-vulnerabilities/) hides sensitive data that threat actors could use to breach these organizations and **steal customer information**. Cybersecurity researchers at ESET[purchased](https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/) 18 used core routers and found that these routers still had the complete configuration data on the devices that worked adequately. \_Core routers can **make or break** a large organization as they connect to all network devices and support data communication interfaces. \_ Using these configuration settings and the details about the organization, a threat actor could find out how the network was set, including the connections between systems, making it **easier to breach** the [corporate network](https://www.silicon.co.uk/security/cyberwar/cisco-security-incident-breach-corporate-network-471095). The routers also contained credentials to connect to other networks as a trusted party. Organizations should ensure that all discarded or old equipment is reset to **factory defaults** to avoid threat actors using these against them. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Realistic Checkout Fraud,Developer Account Ban,Data-Selling Arrest- Cybersecurity News [19 June 2023]","description":"Here we are with this week's top cybersecurity news sharing the latest arrests of cybercriminals, Google's actions against threats actions.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-25-of-2023/","datePublished":"2023-06-19T08:14:05.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-06-19T08:14:05.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-25-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":913,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/06/office-365-email-protection.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Realistic Checkout Fraud,Developer Account Ban,Data-Selling Arrest- Cybersecurity News [19 June 2023]","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-25-of-2023/"}]} ```