Tag Archive for: Avoid

This sneaky Android malware has an all-new way to avoid being detected


Cybersecurity researchers have found a new version of a well-known Android banking trojan malware which sports quite a creative method of hiding in plain sight.

PixPirate targets mostly Brazilian consumers with accounts on the Pix instant payment platform, which allegedly counts more than 140 million customers, and services transactions north of $250 billion.

The campaign’s goal was to divert the cash to attacker-owned accounts. Usually, banking trojans on Android would try to hide by changing their app icons and names. Often, the trojans would assume the “settings” icon, or something similar, tricking the victims into looking elsewhere, or simply into being too afraid to remove the app from their device. PixPirate, on the other hand, gets rid of all of that by not having an icon in the first place.

Running the malware

The big caveat here is that without the icon, the victims cannot launch the trojan, so that crucial part of the equation is left to the attackers.

The campaign consists of two apps – the dropper, and the “droppee”. The dropper is being distributed on third-party stores, shady websites, and via social media channels, and is designed to deliver the final payload – droppee – and to run it (after asking for Accessibility and other permissions).

Droppee, which is PixPirate’s filename, exports a service to which other apps can connect to. The dropper connects to that service, allowing it to run the trojan. Even after removing the dropper, the malware can still run on its own, on certain triggers (for example, on boot, on network change, or on other system events).

The entire process, from harvesting user credentials, to initiating money transfer, is automated, and done in the background without the victim’s knowledge or consent. The only thing standing in the way, the researchers claim, are Accessibility Service permissions.

It is also worth mentioning that this method only works on older versions of Android, up to Pie (9).

Via BleepingComputer

More from TechRadar Pro

Source…

Vigilance needed to avoid the hacking


A few days ago, I got an email from my doctor’s office, reminding me of a coming appointment.

The email encouraged me to check in electronically – complete with a delusory enticement to “avoid the wait.”

The doctor’s office, or rather the health care behemoth that owns the doctor’s office, encouraged me to fill out a full health questionnaire on its “user-friendly” portal. It would like me to pay for services that way, too, because nobody wants the fuss of human interchange or the hoary drill of a personal check, a clear indication of AARP membership.

I’ve become deeply suspicious of these electronic portals, and not just because I’m uncomfortable answering questions about how many sex partners I’ve had. (A response to which I lose either way).

Despite their declarations of defending a patient’s privacy with their last breath, hospital systems seem scandalously easy to hack, putting patient lives and financial security at risk.

The number of U.S. hospital systems known to have been hit by ransomware in 2023 doubled from 2022, cybersecurity firm Emsisoft reported. One of them was a shattering breach of Prospect Medical Holdings, owner of Waterbury Hospital, which paralyzed the hospitals’ operations for nearly six weeks. Full extent of the damage may never be fully known, but we already know that 110,000 Connecticut residents and 24,000 employees of the California-based hospital chain may have had some of their personal information, including Social Security numbers, compromised.

More than 6 million Americans had their medical data stolen or exposed in more than 400 cyberattacks, the U.S. Department of Health and Human Services reported last year. Increasingly, the perpetrators are not rogue hackers in suburban basements but organized criminal gangs and foreign agents.

And my doctor’s office wants me to pay online?

C’mon. I may still use stamps, but I’m no dupe.

Last year, the president of the American Hospital Association said the record number of hacks of hospitals was putting patients at risk. It already has. A state Department of Public Health investigation into Waterbury Hospital found numerous deficiencies and violations over the…

Source…

Can CRI members really avoid paying ransomware ransoms?


  • The International Counter Ransomware Initiative met this week and outlined how its members would combat the growing threat of cybercrime.
  • Among the commitments was a recommendation for CRI members not to pay ransoms.
  • This will be accomplished through training and knowledge sharing among the CRI members.

Ransomware has the ability to entirely upend a business and without proper disaster recovery, a business could be forced to cough up and pay the ransom attackers demand.

This week, 50 members of the International Counter Ransomware Initiative (CRI) met in Washington, D.C for the third convening of the initiative. South Africa is a member of this group. During this meeting the group outlined the development of capabilities to disrupt attackers and the infrastructure they use to conduct said attacks.

There are some great suggestions here such as mentoring and training new CRI members, using artificial intelligence to counter ransomware and even share information about attacks between CRI members.

In addition, there was mention of adopting a policy where governments who are members of the CRI declare that they won’t pay ransoms.

“Through the Policy Pillar, CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example. CRI members endorsed a statement that relevant institutions under our national government authority should not pay ransomware extortion demands. CRI members intend to implement the Financial Action Task Force (FATF)’s Recommendation 15 on the regulation of virtual assets and related service providers, which would help stem the illicit flow of funds and disrupt the ransomware payment ecosystem,” reads a briefing published by The White House.

This sounds great but the fact of the matter is that many companies still pay ransoms. In its The State of Ransomware 2023 report, Sophos found that 46 percent of the 3 000 IT and cybersecurity leaders surveyed reported that ransomware ransoms were being paid.

While not paying a ransom is regarded as best practice in the cybersecurity space, as we mentioned, if there aren’t proper backups of data, disaster response and…

Source…

Update WinRAR right now to avoid a huge security exploit


WinRAR, one of the most popular compression software options available on the planet, is currently at risk of a huge exploit. The app has been around for years, and while many have downloaded it, most probably don’t keep it updated to the latest version, as they only open it when compressing or uncompressing files.

If you use WinRAR, though, it’s recommended that you update it immediately to the latest version of the available software, as government-backed hackers in China and Russia have exploited a known vulnerability in outdated versions of the app. With over 500 million users, the pool of available victims for bad actors is massive.

Google’s Threat Analysis Group (TAG) revealed this week that it has observed a number of government-backed hacking campaigns that utilize the bug as far back as early 2023. Organizations and users running the popular compression software should update it immediately to avoid these issues, as the WinRAR exploit exists in all versions prior to version 6.23.

computer hack
A computer screen with a warning sign is shown. Image source: WhataWin/Adobe

“The cybercriminals are exploiting a vulnerability that allows them to spoof file extensions,” Andrey Polovinkin, a malware analyst with Group-IB shared in a blog post back in August. “They are able to hide the launch of malicious script within an archive masquerading as a ‘.jpg’, ‘.txt’, or any other file format.”

This is a huge issue and one that users will want to rectify immediately by updating WinRAR. WinRAR also shared a note when it released the latest version, thanking Group-IB and the Zero Day Initiative for making them aware of this long-standing vulnerability so that they could patch it.

Most users don’t update their software as regularly as updates are released, and while it isn’t always the case, this latest WinRAR exploit is a great reminder of why you should always make sure to update software, even if you don’t use it outside of very specific points. We’ve seen several new…

Source…