Tag: AllNew | SpinSafe

This sneaky Android malware has an all-new way to avoid being detected

March 17, 2024/in Mobile Security

Cybersecurity researchers have found a new version of a well-known Android banking trojan malware which sports quite a creative method of hiding in plain sight.

PixPirate targets mostly Brazilian consumers with accounts on the Pix instant payment platform, which allegedly counts more than 140 million customers, and services transactions north of $250 billion.

The campaign’s goal was to divert the cash to attacker-owned accounts. Usually, banking trojans on Android would try to hide by changing their app icons and names. Often, the trojans would assume the “settings” icon, or something similar, tricking the victims into looking elsewhere, or simply into being too afraid to remove the app from their device. PixPirate, on the other hand, gets rid of all of that by not having an icon in the first place.

Running the malware

The big caveat here is that without the icon, the victims cannot launch the trojan, so that crucial part of the equation is left to the attackers.

The campaign consists of two apps – the dropper, and the “droppee”. The dropper is being distributed on third-party stores, shady websites, and via social media channels, and is designed to deliver the final payload – droppee – and to run it (after asking for Accessibility and other permissions).

Droppee, which is PixPirate’s filename, exports a service to which other apps can connect to. The dropper connects to that service, allowing it to run the trojan. Even after removing the dropper, the malware can still run on its own, on certain triggers (for example, on boot, on network change, or on other system events).

The entire process, from harvesting user credentials, to initiating money transfer, is automated, and done in the background without the victim’s knowledge or consent. The only thing standing in the way, the researchers claim, are Accessibility Service permissions.

It is also worth mentioning that this method only works on older versions of Android, up to Pie (9).

Via BleepingComputer

More from TechRadar Pro

Source…

All-New Security Program and Hacking Mitigation Plans to Fight Impersonators

July 24, 2022/in Computer Security

Press release content from MarketersMEDIA. The AP news staff was not involved in its creation.

Click to copy

Las Vegas, NV, United States – July 23, 2022 —

The American Sweepstakes Network has administered and implemented contests, game promotions, and sweepstakes for the U.S.A.’s biggest marketers for over 30 years. The team’s experience is simply uncopiable — although, some have tried. With the rise of fraudsters attempting to impersonate companies and scam customers, the company has tightened its cybersecurity belts and implemented brand-new hacking mitigation plans to keep clients safe.

From enhancing the verification system to staying on top of PCI regulations, The American Sweepstakes Network is more secure than ever before.

Fraud Prevention and Instant Code Verification

Sweepstakes fraud isn’t new, but as the world becomes ever digital, it’s common to see an alarming increase in dishonorable companies.

Red flags like Greendot Cards and MoneyGram should always be avoided, and The American Sweepstakes Network has made it its core mission to ensure customers report any of these transaction requests to the US Fraud Report database ww.usfraudreport.com and or directly to our legal department.

Additionally, the team has included an instant code verification system to further enhance its ongoing cybersecurity efforts. If you’ve received a claim code that allegedly identifies you as a prize winner, simply input the number and hit “Verify.”

The Company-Wide Hacking Mitigation Plan

Company impersonators and computer hacking go hand-in-hand. While many have fallen prey to several cyberattacks, the team is committed to enhancing security and protection and thus offering a new lease of life.

By employing an effective hacking mitigation plan, users can rest easy knowing their sensitive information is safe.

The American Sweepstakes Network began by conducting a risk assessment, acknowledging the vulnerabilities that allowed unauthorized individuals into the system.

Identification led to fixing the common vulnerabilities before trying to tackle the more complex problems through…

Source…

All-new Windows 10 malware is excellent at evading detection

December 4, 2020/in Computer Security

Security researchers at Kaspersky have discovered a new malware strain developed by the hacker-for-hire group DeathStalker that has been designed to avoid detection on Windows PCs.

While the threat actor has been active since at least 2012, DeathStalker first drew Kaspersky’s attention back in 2018 because of its distinctive attack characteristics which didn’t resemble those employed by cybercriminals or state-sponsored hackers.

The group is known for using a wide range of malware strains and complex delivery chains in its attacks but the tactics used to evade detection are what really make it stand out.

Kaspersky discovered DeathStalker’s new PowerPepper implant in May of this year while conducting research into other attacks that utilized the group’s PowerShell-based Powersing implant. Since its discovery, new versions of PowerPepper have been developed and deployed by the group which also adapted the malware’s delivery chains to reach new targets.

PowerPepper malware

The new PowerPepper malware is an in-memory Windows PowerShell-based backdoor that has the capability to allow its operators to execute shell commands remotely from a command-and-control (C2) server.

As is the case with DealthStalker’s previous work, PowerPepper tries to evade detection or sandboxes execution on Windows 10 using various tricks such as detecting mouse movements, filtering a client’s MAC addresses and adapting its execution flow depending on which antivirus products are installed on a target system. The malware is spread via spear phishing email attachments or by links to documents that contain malicious Visual Basic for Application (VBA) macros that execute PowerPepper and gain persistence on infected systems.

PowerPepper also uses a number of delivery chain evasion tricks such as hiding payloads in Word embedded shapes properties, using Windows Compiled HTML (CHM) files as archives for malicious files, masquerading and obfuscating persistent files, hiding payloads within images using steganography, getting lost in Windows shell commands translation and executing via a signed binary proxy execution.

Kaspersky’s Pierre Delcher provided further insight on how PowerPepper communicates with its C2 server…

Source…

All-new Avast Internet Security 2014 – CNET

October 17, 2013/in Internet Security

All-new Avast Internet Security 2014
CNET
Avast just released the 2014 updates to its family of antivirus and internet security software with a redesigned UI that is clean and pleasing to the eye, not to mention its attempt to be your one stop hub for all of your security needs. As the #1 most …
avast! 2014 boasts new look and better protectionPC Authority
Avast Celebrates 25th Birthday, Releases New AntivirusTechWeekEurope UK
AVAST Releases avast! 2014Dark Reading
Softonic EN
all 13 news articles »

“internet security” – read more

Tag Archive for: AllNew

Running the malware

More from TechRadar Pro