Tag Archive for: users

LightSpy Malware Attacking Android and iOS Users

/in


A new malware known as LightSpy has been targeting Android and iOS users.

This sophisticated surveillance tool raises alarms across the cybersecurity community due to its extensive capabilities to exfiltrate sensitive user data.

LightSpy is a modular malware implant designed to infiltrate mobile devices. With variants for both Android and iOS platforms, it represents a significant threat to user privacy.

The malware’s extensive functionality allows it to harvest a wide range of personal information from infected devices.

Technical Details of the Attack

LightSpy is engineered to siphon off a variety of data from the victim’s device, including:

  • GPS location data
  • SMS messages
  • Data from messenger apps
  • Phone call history
  • Browser history

Document

Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .

Moreover, LightSpy can remotely execute shell commands and record voice-over IP (VOIP) call sessions, adding to its surveillance capabilities.

Broadcom’s latest blog post highlights the LightSpy malware implant’s technicalities and impact on targeted devices.

The malware is known to spread through various means, including phishing campaigns and compromised websites.

Once a device is infected, LightSpy operates stealthily, often undetected by the user.

The modular nature of LightSpy means it can be updated with new capabilities post-infection, making it a remarkably resilient and adaptable threat.

Impact on Users

The implications of such a malware infection are severe.

Users’ private information can be compromised, leading to potential identity theft, financial loss, and personal safety concerns.

The ability to track browser history and communications in real time provides malicious actors with a wealth of information that can be exploited.

Users are advised to keep their security software up to date and to be cautious of unrequested communications that could serve as potential infection vectors.

The emergence of LightSpy malware is a stark reminder of the evolving…

Source…

Sunbird returns to allow Android users to use iMessage features including blue bubbles

/in


Back in November, the Sunbird messaging app, which powered the Nothing Chats messaging app, shut down due to security concerns. The Sunbird app allowed Android users to use iMessage for messaging even down to having blue bubbles, high-quality images, read receipts, typing indicators, and more. While Sunbird promised users that they would have end-to-end encryption for user messages and files, users’ Apple login info was not encrypted obviously creating a huge security concern.
With 630,000 files vulnerable to this exploit, Sunbird decided to halt all of its services including its Play Store app. But Sunbird is re-launching its iMessage for Android app. In a press release, Sunbird announced that its messaging app has been relaunched and 165,000 Android users are on the waitlist. A small number of invitations have been disseminated.

Video Thumbnail

Sunbird has updated its AV1 Message system which is now AV2 and it is designed to keep messages safe. As Sunbird notes, “Unencrypted messages are never stored anywhere on disk or in a database. When messages are decrypted to be passed to the iMessage and RCS/Google Messages network, they exist in that state only within memory for a limited period of time. In the front-end app, messages are only stored in an encrypted state within the in-app database.”

The bottom line as far as Sunbird is concerned is that “Since November, the Sunbird team has worked to migrate the iMessage implementation off of AV1 to the AV2 architecture. With the adoption of AV2, we believe that we’ve not only resolved the security vulnerabilities previously identified but also provided a secure and privacy-oriented foundation for Sunbird’s iMessage integration moving forward.”

You can join the Waitlist for Sunbird by tapping on this link and pressing on “Join the Waitlist.” You might wonder why this is necessary if Apple will support RCS later this year. The answer is simple; despite Apple adding support for RCS, those using the latter will still have green text bubbles. For those Android users concerned about getting teased for being green, outside of buying an iPhone, using Sunbird might be the next best solution. 
The developers admitted that they could have used the downtime…

Source…

AT&T acknowledges data leak that hit 73 million current and former users

/in


A person walks past an AT&T store on a city street.

Getty Images | VIEW press

AT&T reset passcodes for millions of customers after acknowledging a massive leak involving the data of 73 million current and former subscribers.

“Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T said in an update posted to its website on Saturday.

An AT&T support article said the carrier is “reaching out to all 7.6 million impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information.” AT&T said the leaked information varied by customer but included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes.

AT&T’s acknowledgement of the leak described it as “AT&T data-specific fields [that] were contained in a data set released on the dark web.” But the same data appears to be on the open web as well. As security researcher Troy Hunt wrote, the data is “out there in plain sight on a public forum easily accessed by a normal web browser.”

The hacking forum has a public version accessible with any browser and a hidden service that requires a Tor network connection. Based on forum posts we viewed today, the leak seems to have appeared on both the public and Tor versions of the hacking forum on March 17 of this year. Viewing the AT&T data requires a hacking forum account and site “credits” that can be purchased or earned by posting on the forum.

Hunt told Ars today that the term “dark web” is “incorrect and misleading” in this case. The forum where the AT&T data appeared “does not meet the definition of dark web,” he wrote in an email. “No special software, no special network, just a plain old browser. It’s easily discoverable via a Google search and immediately shows many PII [Personal Identifiable Information] records from the AT&T breach. Registration is then free for anyone with the only remaining barrier being obtaining…

Source…

Attention Android users: A malware posing as McAfee security app can steal your sensitive data

/in


New Delhi,UPDATED: Apr 4, 2024 19:00 IST

Security researchers have found that a trojan malware has been posing as the McAfee security app. The malware only affects Android users, and aims to steal personal data like passwords, credit card details, photos, videos, and other sensitive information. This was first reported by Bleeping Computer.

The trojan malware is reportedly a more powerful version of the Vultur malware. Vultur was among the earliest Android banking malware to incorporate screen recording abilities and include functions like keylogging and interacting with a victim’s device screen. Its primary focus was to target banking apps for keylogging and remote control. The discovery of Vultur was initially made by ThreatFabric in late March 2021.

The malware is being circulated via Google Play Store. Apparently, the malware was first distributed on the Android app store in 2022 and has since been active on the platform.

How does the malware work?

The malware pretty much looks like a promotion message for the MacAfee security app, and it is quite easy to fall for. Usually, an Android user will receive an SMS that will claim to have found an unauthorised transaction in your bank account, urging them to call a provided number for assistance.

When you call that number, users will get connected to the scammers, who will send a follow-up SMS with a link to download a malicious version of the McAfee Security app containing the Brunhilda malware dropper.

By installing this fake app, it will gain access to your device’s ‘Accessibility Services’, which will eventually connect it to the malware’s main server. And once that happens, the attackers can access any information on your device remotely.

How to stay safe from such malware?

To ensure you are safe from such malware, never download any app from random links sent to you. Don’t even download apps off browsers. Only download official apps through the Google Play Store. It is also good to always check reviews and ratings of an app before you download it, which can give you a good sense of the authenticity of the app. Also, always pay attention to the developer details of every app before you download it.

Published By:

Nandini…

Source…