Spearphishing for developers

I received an interesting email that points to a new direction in targeting developers to exploit them. This email is a reply to a message that I actually wrote to an email list in 2012, that was posted on a public thread on a public list. It also uses the name of a person that posted on that thread: “Paul Eggers”. Oddly, it did not use that person’s actual email from the original thread. [Read More]

Phishing for developers

I recently received a very interesting phishing email directed at developers with apps in Google Play. One open question is, how targeted it was: did anyone else get this? It turns out that Google has been recently stepping up enforcement of certain terms, so it looks like some people are taking advantage of that. It is a pretty sophisticated or manually targeted phishing email since they got the name of the app, email address, and project name all correct. [Read More]