Threat Briefing: January 31, 2025

This week, law enforcement achieved two significant victories in the fight against cybercrime. The first operation disrupted a major marketplace used to distribute malware and cybercriminal services. In the second, an individual responsible for business email compromises—resulting in over $60 million in losses—was extradited to the U.S.

Meanwhile, Google detailed its efforts to combat malicious activity on the Google Play Store, successfully shutting down several developer accounts and preventing the installation of millions of policy-violating apps in 2024.

User protection is guided by a complex framework of laws, regulations, and policies. This week, a new report shed light on challenges within consumer privacy laws across multiple states.

• Google Play Takes Action Against Malicious Apps and Developers – In 2024, Google Play banned over 158,000 developer accounts and blocked 2.36 million policy-violating apps. Additionally, 1.3 million apps were prevented from accessing excessive or unnecessary sensitive user data. The Play Integrity API, designed to help developers detect app tampering and abuse, led to an 80% average reduction in usage from unverified, untrusted sources. Google also identified over 13 million malicious apps originating outside of Google Play. To enhance security, Google leveraged AI to review apps, detect malware, and block harmful software as needed. Google
• State Consumer Privacy Laws Fall Short in Protecting User Data – A report prepared by the U.S. PIRG Education Fund and the Electronic Privacy Information Center, which reviewed privacy laws for the 19 states which have them, found that eight state laws failed an assessment by the groups conducting the research. Several of the laws were built using a template provided by industry. The report highlighted Maryland and California with having strong privacy laws and three states are currently working to develop new consumer privacy laws. The Record
• Suspect Extradited for $60 Million Business Email Compromise Scheme – A suspect has been extradited from the Dominican Republic to the U.S. for their role in a massive business email compromise (BEC) scheme that caused $60 million in losses. The indictment, covering activity from December 2017 to November 2022, alleges that the individual created over 1,000 fake businesses and opened bank accounts to funnel stolen funds. Money obtained through BEC scams was deposited into these fraudulent accounts and then either withdrawn or wired to an overseas bank in China. U.S. Attorney’s Office, Southern District of New York
• AI Models, Including DeepSeek’s R1, Found Vulnerable to Jailbreak Attacks – Security researchers discovered that the China-based DeepSeek R1 AI model is susceptible to the “Evil Jailbreak” method, which manipulates chatbots into adopting malicious personas. While ChatGPT was previously vulnerable to this technique, it has since been patched. DeepSeek R1 is also exposed to the “Bad Likert Judge” jailbreak, which tricks the model into generating responses based on a Likert scale evaluation. Additionally, Alibaba’s newly released Qwen 2.5 VL model was found to be vulnerable to the Evil Jailbreak exploit. Security Week
• Major Cybercrime Forums Disrupted by International Law Enforcement – A global law enforcement operation dismantled the Cracked and Nulled cybercrime forums, leading to the arrests of two individuals in Spain. These forums, which had around five million registered users, facilitated the sale of malware, stolen data, and hacking tools. Authorities also disrupted a financial processor associated with Cracked and took down a hosting service linked to both forums. The Cracked forum alone reportedly impacted 17 million victims in the U.S. and generated approximately $4 million in illicit revenue. The Record