{"id":77267,"date":"2023-04-15T07:00:00","date_gmt":"2023-04-15T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=77267"},"modified":"2025-09-10T22:19:26","modified_gmt":"2025-09-10T19:19:26","slug":"pentagon-leak-sex-traffickers-in-a-family-tracking-app-and-other-cybersecurity-events","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/pentagon-leak-sex-traffickers-in-a-family-tracking-app-and-other-cybersecurity-events\/","title":{"rendered":"Pentagon leak, sex traffickers in a family-tracking app, and other cybersecurity events"},"content":{"rendered":"<p>We\u2019ve gathered the week\u2019s most important cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\" id=\"block-41d02c99-9a21-4328-8c07-a8550d154e80\">\n<li>A suspect in the Pentagon document leak was arrested in the United States.<\/li>\n<li>Hackers stole data from 400,000 Kodi media player users.<\/li>\n<li>Sex traffickers used a popular U.S. family-safety app.<\/li>\n<li>Over a million WordPress sites were infected with Balada Injector malware.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>In the United States, a suspect in the leaking of secret Pentagon documents and U.S. intelligence was arrested.<\/strong><\/h2>\n<p>The FBI arrested 21-year-old US Air Force National Guard airman Jack Teixeira, suspected of leaking secret Pentagon and U.S. intelligence documents. The New York Times reports.<\/p>\n<figure class=\"wp-block-video\"><video controls src=\"https:\/\/u1f987.com\/wp-content\/uploads\/107684_1_13vid-aerial-leaker-arrest_wg_720p.mp4\"><\/video><figcaption>Source: The New York Times.<\/figcaption><\/figure>\n<p>According to the publication, Teixeira was an admin of the Discord server Thug Shaker Central, whose members included fans of \u201cguns, video games and racist memes.\u201d It was on that server that hundreds of pages of secret government documents were posted.<\/p>\n<p>One member told the NYT that he personally knows the person under the handle O.G., who leaked the information. Other members described him as an undisputed leader who had access to intelligence data.<\/p>\n<p>Journalists believe that this person was Teixeira. Interior details in his home matched those in photos of the leaked documents.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A pic of Jack Teixeira he posted on social media \u2014 released by the NYT <a href=\"https:\/\/t.co\/IGZGUnN2Wb\">pic.twitter.com\/IGZGUnN2Wb<\/a><\/p>\n<p>\u2014 Michael A. Horowitz (@michaelh992) <a href=\"https:\/\/twitter.com\/michaelh992\/status\/1646553944531795972?ref_src=twsrc%5Etfw\">April 13, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Pentagon officials say the leak was deliberate. The leak contains information about the war in Ukraine, including assessments of the Ukrainian army&#8217;s condition, U.S. estimates of the possibility of a Ukrainian counteroffensive, and intelligence analysis of \u201cunforeseen scenarios\u201d in the war, including \u201ca strike by Ukraine against the Kremlin.\u201d\u00a0<\/p>\n<p>Additionally, documents concerning China, Iran, South Korea, Israel and other countries leaked online. Experts noted that some documents were edited.\u00a0<\/p>\n<p>If Teixeira is found guilty, he faces decades in prison.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hackers stole data from 400 000 Kodi users<\/strong><\/h2>\n<p>The MyBB open-source Kodi media player forum was breached in a cyberattack. Hackers stole databases containing records, private messages and user credentials, and then attempted to sell them.<\/p>\n<p>The incident occurred in February, but only came to light recently.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"845\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/kodi-breached-1024x845.jpg\" alt=\"kodi-breached\" class=\"wp-image-204396\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/kodi-breached-1024x845.jpg 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/kodi-breached-300x248.jpg 300w, https:\/\/u1f987.com\/wp-content\/uploads\/kodi-breached-768x634.jpg 768w, https:\/\/u1f987.com\/wp-content\/uploads\/kodi-breached.jpg 1359w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Source: <a href=\"https:\/\/u1f987.com\/en\/news\/kamikaze-usb-drive-explodes-a-popular-hacking-forum-shuts-down-and-other-cybersecurity-events\">BreachForums<\/a>.<\/figcaption><\/figure>\n<p>According to the developers, the hackers gained access to the admin console using the credentials of an inactive employee. They then created database backups and downloaded existing backups.<\/p>\n<p>The Kodi forum, currently closed, has about 400,000 members.<\/p>\n<p>The team said that all their passwords should be considered compromised by default.<\/p>\n<p>The administrators plan to deploy a new server for the forum and the project&#8217;s Wiki.<\/p>\n<h2 class=\"wp-block-heading\"><strong>The FBI warned of the dangers of free charging stations in public places<\/strong><\/h2>\n<p>Owners of mobile devices were warned about the dangers of using charging stations at airports, hotels and shopping centres. The FBI issued the alert.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. <a href=\"https:\/\/t.co\/9T62SYen9T\">pic.twitter.com\/9T62SYen9T<\/a><\/p>\n<p>\u2014 FBI Denver (@FBIDenver) <a href=\"https:\/\/twitter.com\/FBIDenver\/status\/1643947117650538498?ref_src=twsrc%5Etfw\">April 6, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the agency, attackers have found ways to inject malware onto devices through public USB ports for monitoring devices.<\/p>\n<p>The FBI advised using only your own portable chargers and a wall outlet.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Over a million WordPress sites were infected with Balada Injector malware<\/strong><\/h2>\n<p>Researchers from Sucuri detected over a million WordPress sites infected with Balada Injector malware.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">In 2022 alone, our external website scanner SiteCheck detected the Balada Injector malware over 141,000 times. The campaign consistently ranks in the top 3 infections we clean from compromised websites. Research by <a href=\"https:\/\/twitter.com\/unmaskparasites?ref_src=twsrc%5Etfw\">@unmaskparasites<\/a><a href=\"https:\/\/twitter.com\/hashtag\/WordPress?src=hash&#038;ref_src=twsrc%5Etfw\">#WordPress<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&#038;ref_src=twsrc%5Etfw\">#infosec<\/a><a href=\"https:\/\/t.co\/toOX1SDNtQ\">https:\/\/t.co\/toOX1SDNtQ<\/a><\/p>\n<p>\u2014 Sucuri Security (@sucurisecurity) <a href=\"https:\/\/twitter.com\/sucurisecurity\/status\/1645501152283303939?ref_src=twsrc%5Etfw\">April 10, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The malware was first spotted in 2017, but its active distribution surged in March this year.<\/p>\n<p>Balada Injector injects malicious code that lets attackers access the site&#8217;s database and steal confidential information. The malware can modify pages and redirect visitors to phishing links, as well as add fake WordPress administrator accounts and leave backdoors for persistent access.<\/p>\n<p>According to Sucuri, most affected sites ran on outdated WordPress versions with vulnerable themes or plugins. Balada Injector spread was aided by the malware&#8217;s ability to bypass basic security measures, including CAPTCHA and simple <span data-descr=\"two-factor authentication\" class=\"old_tooltip\">2FA<\/span>.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Sex traffickers used a popular US family-safety app<\/strong><\/h2>\n<p>The popular U.S. family-location-tracking service Life360 was used by sex traffickers. Forbes uncovered the evidence.<\/p>\n<p>According to the publication, since 2018 the app, which shows the user&#8217;s coordinates in real time on a map, has appeared in at least nine court cases involving sexual crimes.<\/p>\n<p>In 2019, the US DOJ provided a Florida court with statements from victims of Alston Williams, who allegedly used Life360 to monitor minors and adults. He was later sentenced to life imprisonment for crimes related to trafficking in persons.<\/p>\n<p>In 2022, a Sacramento man, Robert Pierre Duncan, was convicted of sexually exploiting a 17-year-old girl. Court documents stated that he used Life360 to track \u201cevery step\u201d she took and \u201cwatch how long [the victim] stayed in the car and where she moved in search of clients.\u201d<\/p>\n<p>In 2023, an 18-year-old Amazon employee in San Diego said that before joining the tech giant she was forced into sex work. According to Forbes documents, the alleged trafficker forced her to bring in at least $6,000 a week and required her to install Life360 on her phone.<\/p>\n<p>Life360 CEO Chris Hulls confirmed that over the last eight months the company received four requests from law enforcement for data related to human-trafficking investigations for sexual exploitation. However, he noted the issue had not been discussed at the leadership level, likely due to its rarity.<\/p>\n<p>Life360 is one of the most popular family-safety apps in the United States. The service has more than 50 million active users in 195 countries in total.<\/p>\n<h2 class=\"wp-block-heading\"><strong>In the dark web, malicious Google Play apps for up to $20,000 were found<\/strong><\/h2>\n<p>Experts at Kaspersky Lab analyzed ads for selling malicious Google Play apps on several dark web forums.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Our latest report revealed that #cybercriminals use #Darknet to sell malicious Google Play #apps for up to US$20,000??<a href=\"https:\/\/t.co\/EFOhQChaqS\">https:\/\/t.co\/EFOhQChaqS<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/1645394791159541761?ref_src=twsrc%5Etfw\">April 10, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Prices for the programs start at $2,000 and go up to $20,000. The cost of a developer account required to upload apps to the store ranges from $60 to $200.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/image001-5.webp\" alt=\"image001-5\" class=\"wp-image-204397\"\/><figcaption>Example of an advertisement for a malware loader for Google Play. Data: \u201cKaspersky Lab.\u201d<\/figcaption><\/figure>\n<p>Most often attackers offer malicious code to be embedded in cryptocurrency trackers, various financial apps, QR code scanners or dating services. Advertisers indicate how many times these programs have been downloaded to show their potential reach.<\/p>\n<p>For an extra fee, attackers can obfuscate the malware\u2019s code to make detection by security solutions harder.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Accounts on Telegram began to be hijacked under the guise of access to adult content<\/strong><\/h2>\n<p>Attackers lure Russian-speaking Telegram users to authorize in a bot that supposedly lets them search for intimate photos. This was reported by Kaspersky Lab experts.<\/p>\n<p>Victims are directed to a phishing page where they are asked for their phone number and verification code. As a result, these data go to cybercriminals.<\/p>\n<p>Subsequently, access to the accounts is used to steal confidential data, blackmail, and send fraudulent messages from the compromised account.<\/p>\n<p>Experts recommended not clicking on links in suspicious messages and enabling two-factor authentication on the account.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Bitrue crypto exchange <a href=\"https:\/\/u1f987.com\/en\/news\/bitrue-crypto-exchange-hacked-for-about-23-million\">hacked for $23 million<\/a>.<\/li>\n<li>Ethermint <a href=\"https:\/\/u1f987.com\/en\/news\/ethermint-fixes-a-vulnerability-that-could-have-cost-tens-of-millions-of-dollars\">patched a vulnerability<\/a> worth tens of millions of dollars.<\/li>\n<li>Justin Sun <a href=\"https:\/\/u1f987.com\/en\/news\/justin-sun-summoned-to-court-in-tron-case\">summoned to court<\/a> in the Tron case.<\/li>\n<li>Russia\u2019s MVD <a href=\"https:\/\/u1f987.com\/en\/news\/russias-interior-ministry-closes-pre-trial-probe-into-embezzlement-at-wex-bitcoin-exchange\">completed an investigation<\/a> into the embezzlement of WEX funds.<\/li>\n<li>Hacker <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-drains-11-6m-from-yearn-finance-defi-protocol\">withdrew $11 million<\/a> from Yearn Finance DeFi protocol.<\/li>\n<li>Former JPMorgan employee <a href=\"https:\/\/u1f987.com\/en\/news\/former-jpmorgan-employee-charged-in-cryptocurrency-fraud-case\">charged with cryptocurrency fraud<\/a>.<\/li>\n<li>SushiSwap <a href=\"https:\/\/u1f987.com\/en\/news\/sushiswap-outlines-plan-to-compensate-users-after-hack\">announced a plan to compensate<\/a> for the breach.<\/li>\n<li>South Korean authorities <a href=\"https:\/\/u1f987.com\/en\/news\/south-korean-authorities-arrest-coinone-employees\">arrested employees<\/a> of Coinone exchange.<\/li>\n<li>Tether <a href=\"https:\/\/u1f987.com\/en\/news\/tether-blocks-address-linked-to-mev-bot-attack-holding-about-3-million\">blocked<\/a> an address related to MEV-bot attacks with a $3 million balance.<\/li>\n<li>BlockSec <a href=\"https:\/\/u1f987.com\/en\/news\/blocksec-recovers-100-eth-stolen-from-sushiswap-hacker\">recovered 100 ETH<\/a> stolen from SushiSwap.<\/li>\n<li>The GDAC exchange <a href=\"https:\/\/u1f987.com\/en\/news\/gdac-cryptocurrency-exchange-hacked-for-nearly-13-million\">suffered a breach worth nearly $13 million<\/a>.<\/li>\n<li>DeFi protocol Terraport Finance <a href=\"https:\/\/u1f987.com\/en\/news\/terraport-finance-defi-protocol-hacked-ten-days-after-launch\">was hacked<\/a> ten days after launch.<\/li>\n<li>The SushiSwap team <a href=\"https:\/\/u1f987.com\/en\/news\/sushiswap-team-reports-vulnerability-in-platforms-smart-contract\">announced a vulnerability in the platform\u2019s smart contract<\/a>.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>\u200b\u200bIn the educational section, \u201cCryptorium,\u201d we discuss the Harmony blockchain platform and the $100 million Horizon cross-chain bridge hack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve gathered the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":77268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-77267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"17","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=77267"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77267\/revisions"}],"predecessor-version":[{"id":77269,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77267\/revisions\/77269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/77268"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=77267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=77267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=77267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}