Tag: Banking | Page 6

New Chameleon banking trojan is stealing account info — what you need to know

April 13, 2023/in Computer Security

A newly discovered Android banking trojan could be hiding among your other apps. One with the ability to change its app icon as it steals your passwords, text messages and other sensitive data.

According to a new report (opens in new tab) by the cybersecurity firm Cyble, security researchers discovered a new banking trojan that they have dubbed “Chameleon,” based on the commands used by the malware powering it.

The Chameleon banking trojan has been active since January of this year, and (like other Android malware) it abuses the operating system’s Accessibility Service to perform malicious activities. However, one thing that sets it apart from other banking trojans is the fact that Chameleon pretends to be other popular apps and can even change its icon to hide in plain sight.

So far, Cyble’s researchers have observed the banking trojan using the icons of ChatGPT, Chrome and other apps though it also uses pictures of popular cryptocurrencies like Bitcoin or Litecoin to disguise itself as well.

Stealing account info and disabling Google Play Protect

Based on Cyble’s investigation, it appears that malicious apps used to spread the Chameleon banking trojan are distributed through hacked websites, Discord attachments and Bitbucket hosting services.

Even though Chameleon is still relatively new and is in the early stages of development, it already has a wide range of malicious capabilities and the banking trojan can perform keylogging, launch overlay attacks, harvest SMS text messages, prevent itself from being uninstalled, steal cookies and automatically uninstall itself.

Another interesting capability already found in Chameleon is its lock grabber which can steal a victim’s device password.

One thing that makes this new malware strain particularly dangerous is that it can disable Google Play Protect on an infected smartphone. For those unfamiliar, Google Play Protect is Google’s own Android antivirus app which scans both your existing apps and any new apps you download for malware and removes them.

Another interesting capability already found in Chameleon is its lock grabber which can steal a victim’s device password. Surprisingly, the lock grabber can even identify whether…

Source…

Fans of third-party YouTube apps should watch out for Nexus banking malware

March 26, 2023/in Computer Security

It first appeared in June last year and is now being openly advertised by its creators on hacker forums to increase its reach. Nexus’ primary targets are 450 banking and cryptocurrency apps.

It’s being distributed through phishing websites posing as legitimate websites of YouTube Vanced, a discontinued third-party YouTube app. It uses all the tricks in the books to gain your banking info and take over your financial accounts.

Nexus asks for 50 permissions and abuses at least 14 of them

It is capable of performing overlay attacks, i.e. replicating a legitimate interface to trick you into entering your credentials, and uses keylogging to record your keystrokes. It can even steal SMS messages to get access to two-factor authentication codes and can abuse Accessibility Services to steal information from crypto wallets, 2-Step Verification codes generated by Google Authenticator, and website cookies. The trojan can also delete messages received by you.

After it’s installed on a device, Nexus connects to its command-and-control (C2) server. C2s are used by cybercriminals to control malware, launch attacks, and receive stolen data.

Nexus is said to be in the beta stage but it’s already being used by many threat actors to carry out nefarious activities. Cybercriminals who do not know how to make their own malware can rent it for $3,000 a month.

It looks like the developer is from a CIS (Commonwealth of Independent States) country and has prohibited the trojan’s use in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

Nexus is capable of updating itself and Cleafy thinks it is a real threat and can infect hundreds of Android devices in the world.

To protect yourself from infections, try to only download apps from Google Play and enable Google Play Protect. Use strong passwords and enable biometric security features where possible and be very careful when granting permissions.

Source…

South Korean Android Banking Menace – FakeCalls

March 14, 2023/in Mobile Security

Research by: Bohdan Melnykov, Raman Ladutska

When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be high profile, just careful selection of the audience and the right market can be enough.

This “stay-low-aim-high” approach is what the Check Point Research team saw in our recent Android malware research. We encountered an Android Trojan named FakeCalls, a malware that can masquerade as one of more than 20 financial applications and imitate phone conversations with bank or financial service employees – this attack is called voice phishing. FakeCalls malware targeted the South Korean market and possesses the functionality of a Swiss army knife, of being able not only to conduct its primary aim but also to extract private data from the victim’s device.

Voice phishing attacks have a long history in the South Korean market. According to the report published on the South Korean government website, financial losses due to voice phishing constituted approximately 600 million USD in 2020, with the number of victims reaching as many as 170,000 people in the period from 2016 to 2020.

We discovered more than 2500 samples of the FakeCalls malware that used a variety of combinations of mimicked financial organizations and implemented anti-analysis (also called evasions) techniques. The malware developers paid special attention to the protection of their malware, using several unique evasions that we had not previously seen in the wild.

In our report, we describe all of the encountered anti-analysis techniques and show how to mitigate them, dive into the key details of the malware functionality and explain how to stay protected from this and similar threats.

Before we get to the technical details, let’s discuss how voice phishing works in the example of FakeCalls malware.

The idea behind voice phishing is to trick the victim into thinking that there is a real bank employee on the other side of the call. As the victim thinks that the application in use is an internet-banking application…

Source…

Police Banking on Phone-Hacking Tool to Solve Cold Case

March 4, 2023/in Computer Security

(TNS) — For years, a locked cellphone belonging to the suspect in a Pasadena, California, homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.

As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

The simmering debate over cellphone privacy first spilled into the mainstream in 2016 after a mass shooting in San Bernardino.

At the time, Apple was resisting the FBI’s demands that it help unlock the iPhone 5C belonging to the shooter, Syed Rizwan…

Source…

Tag Archive for: Banking

Nexus asks for 50 permissions and abuses at least 14 of them