Tag Archive for: Banking

Mobile Banking Trojan Campaigns Target Indian Android Users

/in


Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime

Hackers Use Messaging Apps WhatsApp, Telegram to Bait Victims

Mihir Bagwe (MihirBagwe) •
November 21, 2023    

Mobile Banking Trojan Campaigns Target Indian Android Users
Microsoft is warning about banking Trojans spread on social media. (Image: Shutterstock)

Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India – a development facilitated by ubiquitous QR codes and a national digital identity program known as Aadhaar that covers nearly every Indian.

Microsoft said in a Monday blog post that mobile malware infections aren’t a new threat to Indian users, but they “pose a significant threat” of financial loss and data theft.

Fraudsters use WhatsApp and Telegram to distribute malicious apps masquerading as legitimate banks, government services and utilities software. Hackers are using a relatively new tactic of directly sharing malicious Android app files with the mobile users over messaging platforms.

Ongoing campaigns led to the discovery of two fraudulent applications designed to deceive Indian banking customers.

Targeting Account Information

Threat actors used WhatsApp in a recent, widely circulated phishing campaign to deliver a fake banking app disguised as a “know your customer” app that tricks users into submitting…

Source…

Hackers hit Wall Street arm of Chinese banking giant ICBC

/in


Bank of America Chairman and CEO Brian Moynihan analyzes Q3 earnings, the Fed’s rate campaign, consumer spending, the state of small business and the macroeconomic landscape.

A U.S. subsidiary of China’s biggest bank was hacked this week, threatening a temporary logjam for some trades in the Treasury bond market.

ICBC Financial Services, a New York-based entity owned by the Industrial and Commercial Bank of China, was the victim of a ransomware attack on Wednesday. The unit largely focuses on clearing, which means ensuring that transactions previously agreed by traders go through, and on lending and borrowing through repurchase agreements—a form of collateralized funding that forms a vital part of the financial system. 

CYBERATTACK OF MAJOR MORTGAGE SERVICER LEAVES CUSTOMERS WITHOUT ONLINE PAYMENT OPTION

The company was forced to disconnect and isolate some of its I.T. systems after the attack. But it said it was able to clear all trades involving U.S. Treasurys that were executed on Wednesday, and repo financing that took place on Thursday.

Josh Birenbaum, deputy director for the Center on Economic and Financial Power at the Foundation for Defense of Democracies, discusses why trading partners find it increasingly difficult to do business in and with Beijing.

The incident shines a spotlight on the financial connections between China and the U.S., which persist despite political tensions and economic rivalry between the two countries. Chinese institutions hold more than $800 billion of Treasury bonds, even after a yearslong reduction in their holdings, and the country’s biggest banks are active in the U.S. government-bond market.

BOEING LOOKING INTO HACKING GANG’S RANSOMWARE THREAT

ICBC Financial Services forms part of the plumbing of the U.S. Treasury market as a member of the government-securities division of the Fixed Income Clearing Corporation. The FICC clears all trades in government bonds among members, which include household names such as Goldman Sachs and JPMorgan Chase, as well as smaller interdealer brokers.

SlateStone Wealth chief market strategist Kenny Polcari joined ‘Varney & Co.’ to discuss the U.S. economy, arguing that Treasury yields are…

Source…

GoldDigger Disguises as Fake Android App To Steal Banking Credentials

/in


GoldDigger Disguises as Fake Android App To Steal Banking Credentials

GoldDigger, a new Android Trojan, imitates a fraudulent Android application and has been discovered to spoof both a Vietnamese government portal and a local energy provider.

Since at least June 2023, this specific Trojan has been active. Stealing banking credentials is its major objective.

It takes advantage of the Accessibility Service to steal personal data, intercept SMS traffic, and carry out other tasks for the user. The Trojan may be accessed remotely as well. 

Researchers from Group-IB’s Threat Intelligence team discovered this Android Trojan targeting Vietnamese financial institutions. Three Android Trojans, including GoldDigger, are now operating in the Asia Pacific.

Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Tactics Of The GoldDigger Trojan

Implementing a sophisticated protection system is one of GoldDigger’s key characteristics. The Trojan can greatly restrict static and dynamic malware analysis and elude detection due to Virbox Protector, a powerful protection solution for applications.

Banking Trojans’ primary objective is to infect as many devices as they can and access user accounts.

GoldDigger’s TTP
GoldDigger’s TTP

The “Install from Unknown Sources” feature is disabled by default on all Android devices, preventing the installation of apps from unofficial sources. APKs can be installed from sources other than the Google Play Store if the “Install from Unknown Sources” feature is enabled.

To download and install GoldDigger, the “Install from Unknown Sources” feature must be turned on on the victim’s device.

Fake website distributing GoldDigger
Fake website distributing GoldDigger

The GoldDigger Trojan prompts the user to enable Accessibility Service when it is run. The accessibility features offered by Android are designed to make using mobile devices easier for people with impairments. 

These services include speech-to-text,…

Source…