Tag Archive for: Banking

Pasadena police banking on phone-hacking tool to solve cold case murder

/in


An engineer shows devices and explains the technology developed by the Israeli firm Cellebrite's technology on November 9, 2016 in the Israeli city of Petah Tikva. It only takes a few seconds for an employee of Cellebrite's technology, one of the world's leading hacking companies, to take a locked smartphone and pull the data from it. / AFP / JACK GUEZ (Photo credit should read JACK GUEZ/AFP via Getty Images)

An engineer displays devices developed by the Israeli firm Cellebrite in 2016. It takes only a few seconds for an employee of Cellebrite, one of the world’s leading hacking companies, to take a locked smartphone and pull the data from it. (Jack Guez/ AFP via Getty Images)

For years, a locked cellphone belonging to the suspect in a Pasadena homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.

As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

The simmering debate over cellphone privacy first spilled into the…

Source…

S’pore police: Don’t download files from unknown sources on phones, risks of losing private pics & vids, banking & social media credentials real – Mothership.SG

/in


Follow us on Telegram for the latest updates: https://t.me/mothershipsg

The Singapore police and the Cyber Security Agency of Singapore (CSA) has issued an advisory to remind the public of the dangers of downloading files from unknown sources that can lead to malware installation on victims’ mobile devices.

This may result in confidential and sensitive data, such as banking credentials, being stolen.

Don’t download things from sketchy sources

The advisory said malware may infect mobile devices through various means, including through the downloading of free software from unknown sources, opening of unknown email attachments and visiting of malicious websites.

Users should also be wary if they are asked to download unknown or suspicious Android Package Kit (APK) files onto their mobile devices.

This files may appear with seemingly genuine naming conventions, such as GooglePlay23Update.apk or GooglePlay.apkUpdate.apk.

These are not official APK files released by Google even though they contain the references to “GooglePlay”, the advisory warned.

Plenty of risks

Upon installation of the mobile malware, users’ mobile devices may be exposed to the following risks:

• Significant decline in the mobile devices’ performance

• Unauthorised access to the mobile devices’ systems/ data that allow attackers to remotely control infected mobile devices, possibly resulting in loss of user control

• Unauthorised installation or uninstallation of applications

• Interception of SMSes

• Receipt of unwanted push notifications or warnings

• Exfiltration of confidential and sensitive data stored in infected mobile devices such as banking credentials, stored credit card numbers, social media account credentials, private photos and/ or videos, among other information.

Attackers can use such information to gain unauthorised access to users’ social media accounts to perpetrate impersonation scams or perform fraudulent financial transactions that results in reputational and monetary losses.

Prevention methods

Members of the public are advised to take the following steps to ensure that their mobile devices are adequately protected against malware:

• Only download and install…

Source…

Godfather Android Banking Trojan Steals Through Mimicry

/in


Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime

Trojan Impersionates More than 400 Financial and Crypto Exchange Apps

Akshaya Asokan (asokan_akshaya) •
December 21, 2022    

Godfather Android Banking Trojan Steals Through Mimicry
Image: Shutterstock

A banking Trojan is on a rampage thanks to its ability to mimic the appearance of more than 400 applications including leading financial and crypto exchange applications in 16 countries.

See Also: Finding a Password Management Solution for Your Enterprise

Research from security intelligence firm Group-IB says the Trojan, dubbed Godfather, reappeared in September with slightly modified WebSocket functionality after a three month pause in circulation.

Godfather is an upgraded version of the Anubis banking Trojan, whose code leaked online in 2019 (see: Botnet Watch: Anubis Mobile Malware Gets New Features). Godfather gets around Android security updates limiting Anubis through an updated command and control communication protocol. Its operators also removed several functionalities found in Anubis, such as the ability of the Trojan to encrypt files, record audio, or parse GPS data.
Group-IB researchers aren’t entirely sure how Godfather infects devices, but suspect one method is malicious apps on the Google Play store.

A signature feature of Godfather is using fake login pages that appear like the real thing to trick unsuspecting users into giving up credentials. Godfather transmits credentials onto the real financial service app while also exfiltrating any push notification one-time passcodes used for second-factor authentication. The object is to gain access to accounts with money, and drain them.

The Trojan establishes persistence by…

Source…

Godfather Banking Trojan Masquerades as Legitimate Google Play App

/in


A type of Android malware that’s been targeting banking users worldwide since March has resurfaced with advanced obfuscation methods, masquerading as a legitimate application on the Google Play store with more than 10 million downloads, researchers have found.

Godfather is a banking Trojan that is best known for targeting banking users in European countries, but its latest activity shows an increased sophistication in its ability to fly under the radar of common malware-detection methods, researchers from Cyble Research & Intelligence Labs (CRIL) said in a blog post on Dec. 20.

Once it’s successfully installed on a victim’s device, Godfather initiates a series of typical banking Trojan behaviors, including stealing banking and crypto-exchange credentials, the researchers said. But it also steals sensitive data such as SMSs, basic device details — including data from installed applications — and the device’s phone number, and it can perform a number of nefarious actions silently in the background.

“Apart from these, it can also control the device screen using VNC [virtual network computing], forwarding incoming calls of the victim’s device and injecting banking URLs,” the Cyble researchers wrote.

The latest sample of Godfather that researchers discovered was encrypted using custom encryption techniques that could evade detection by common antivirus products — a new tactic of the threat actors behind the malware, the researchers said.

Targeting Businesses & Consumers

Upon further examination, the researchers found that the malware was using an icon and name similar to the legitimate Google Play app MYT Music, which already has logged more than 10 million downloads. Indeed, threat actors often hide malware on Google Play, despite Google’s best efforts in the last several years to keep bad apps off its store before users are affected by it.

MYT Music was written in the Turkish language and thus researchers assume the Godfather sample they discovered is targeting Android users in Turkey. However, they suspect other versions of the malware continue to be active and targeting banking users worldwide.

Though banking Trojans tend to affect consumers more than the enterprise, business…

Source…