The Guardian’s SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique “codenames” used to identify sources who used the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim’s device. […]

from https://www.bleepingcomputer.com/news/security/phishing-attack-targets-the-guardians-whistleblowing-site/