Грабежи в цифровом мире: атака на Spotify и уязвимости в кибербезопасности Headline: Digital Heists: The Spotify Breach and Vulnerabilities in Cybersecurity

We’ve compiled the most significant cybersecurity news from the past week.

Experts from the «Kaspersky Lab» have reported on a new data stealer called Stealka. This software targets Windows users and is capable of stealing sensitive data and cryptocurrency, hijacking accounts, and installing hidden miners.

Analysts indicate that the malware frequently disguises itself as cracks, cheats, and mods. It requires manual activation by the victim and is disseminated through popular platforms such as GitHub, SourceForge, Softpedia, and Google Sites.

In more sophisticated schemes, cybercriminals create convincing copies of websites, targeting popular search queries. By mimicking trusted resources, the interface informs users of complete virus checks on all uploaded data.

Stealka boasts a wide array of capabilities, with its primary focus on web browser data for Chromium and Gecko engines, including well-known browsers like Chrome, Firefox, Opera, Yandex Browser, Edge, and Brave.

Fraudsters are particularly interested in autofill memory, containing account details and payment card information. Cookies and session tokens allow hackers to bypass two-factor authentication to seize accounts, which are also used for further malware distribution.

According to Kaspersky Lab, Stealka specializes in 115 browser extensions. Some popular software categories at risk include:

The stealer also poses a threat to messaging apps, email clients, note managers, gaming services, and VPNs.

Two extensions in the Chrome Web Store called Phantom Shuttle masquerade as proxy service plugins but actually intercept user traffic and steal confidential data, as reported by Socket.

The target audience for Phantom Shuttle includes users from China, particularly foreign trade specialists who need to test internet connections from various locations within the country. Both extensions are published under the same developer and are marketed as tools for traffic proxying and speed testing, available through a subscription priced between $1.4 and $13.5.

Experts indicate that this software, active since 2017, directs user web traffic through proxy servers controlled by criminals, with access granted via hardcoded credentials. Malicious code is implanted in the legitimate jQuery library.

By «listening» to web traffic, the extensions can capture HTTP authentication requests on every visited site. They dynamically reconfigure proxy settings in Chrome using an auto-configuration script.

In «Default» mode, the malware can filter over 170 domains, including:

Local networks and management domains are added to the exclusion list to avoid disruptions and detection.

Operating like a man-in-the-middle attack, the extension can:

The leading music streaming service has fallen victim to mass scraping by activist pirates from Anna’s Archive.

This group gained considerable notoriety for its campaign to preserve literature, scientific publications, journals, and other materials. They refer to themselves as «the largest truly open library in human history,» providing access to over 61 million books and 95 million articles.

In a publication dated December 20, 2025, titled «Backing up Spotify,» the team claims to have accessed metadata for over 250 million tracks and 86 million audio files from the service.

The volume of stolen files is around 300 TB. The most popular tracks, based on Spotify’s metrics, are presented at 160 kbps, while less popular ones are compressed to 75 kbps.

Representatives of Anna’s Archive explain that this move allowed them to create «the world’s first music archive.» According to the activists, it covers 99.6% of all listens on Spotify.

The group has uploaded the metadata to their torrent site and plans to release audio files later, along with additional metadata and album covers. The archive will be published in order of popularity.

On December 21, the Spotify team confirmed the scraping in a comment to Billboard:

«The investigation into unauthorized access revealed that a third party collected public metadata and used illegal methods to bypass technical copyright protections to gain access to part of the platform’s audio files.»

On December 23, a Spotify spokesperson informed PCMag about the «discovery and blocking of accounts associated with illegal data collection.»

Security researchers revealed a critical data leak in Uzbekistan’s national traffic monitoring system. A network of over a hundred high-resolution cameras employing face and license plate recognition technologies had been publicly accessible without a password for an extended period.

According to expert Anurag Sen, who uncovered the vulnerability, the «intelligent traffic management system» database contains millions of images and unprocessed 4K video recordings. These can reconstruct the travel routes of citizens.

For instance, one driver was monitored for six months: cameras documented their journeys between Tashkent and neighboring areas multiple times a week.

The technological foundation relies on equipment from Chinese company Maxvision and Singaporean manufacturer Holowits. The algorithms not only capture traffic violations but can also identify the identities of drivers and passengers in real-time. The cameras are installed not only in major cities like Jizzakh and Namangan but also at strategically significant border points.

Despite the severity of the data breach, government agencies, including the Ministry of Internal Affairs and the Cyber Incident Response Team UZCERT, had not shut down access to the data or issued official comments at the time of this report.

This incident echoes recent problems faced by the American surveillance giant Flock. It was previously reported that dozens of this provider’s systems in the U.S. were also available online without authorization .

Data leaks of this magnitude pose significant threats to privacy, allowing malicious actors to exploit government infrastructure for stalking and stealing personal information.

During a coordinated cybercrime operation across Africa, conducted under the auspices of Interpol named Sentinel, law enforcement arrested 574 individuals and recovered $3 million associated with email hacking and ransomware activities.

From October 27 to November 27, 2025, police from 19 countries dismantled about 6,000 malicious links and were able to decrypt six variants of ransomware software. The financial losses inflicted by cybercriminals exceeded $21 million.

Key achievements of the Sentinel operation include:

Private entities including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security also participated in the investigation.

The teams helped track IP addresses used in ransomware attacks and extortion cases involving threats to publish intimate materials, and assisted in freezing criminal proceeds.