Tag Archive for: banks

Big banks’ proposed digital wallet payment system likely to fail

/in


A group of leading banks is partnering with payment service Zelle’s parent company to create their own “digital wallet” connected to consumer credit and debit cards to enable online or retail store payments.

The new payment service, however, must compete with entrenched digital wallets such as Apple Pay and Google Pay that are embedded on mobile devices and already well established. It’s also not the first attempt for some in the consortium to create a digital wallet payment service.

The consortium includes Wells Fargo & Co., Bank of America, JPMorgan Chase, and four other financial services companies, according to The Wall Street Journal. The digital wallet, which does not yet have a name, is expected to launch in the second half of this year.

The system will be managed by Zelle’s parent company, Early Warning Services LLC (EWS). It will have about 150 million Visa and Mastercard credit and debit cards connected at launch, with plans to add other card networks later, according to an EWS blog.

“Early Warning is working closely with financial institutions to build a wallet that provides consumers a secure and easy way to pay,” James Anderson, EWS’ managing director of Wallet, said in the blog. “The wallet will also aim to deliver better business outcomes for merchants — including higher transaction approval rates and more completed sales.”

The consortium’s digital wallet will be a standalone service, not something under Zelle’s service, according to reports. It’s expected to compete with other digital wallet payment services such as Apple Pay, Google Pay, and Neo. And it will be up against other digital wallets run by banks, such as Revolut, Monzo and Curve and payment organizations that offer PayPal and Venmo.

Source…

Banks targeted by Android-based malware

/in


Banks targeted by Android-based malware

Financial institutions worldwide have become the target of a new version of a popular spyware tool designed to infect Android devices.

SpyNote is a popular malware that allows users to spy on and modify infected android devices. It infects devices by deceiving android users under the guise that it is another app, such as Facebook or WhatsApp.

It is also capable of accessing the camera, meaning users are able to directly spy on the device’s owner, raising concerns beyond financial safety.

SpyNote.C is the latest version, and according to ThreatFabric, it is the first release of the spyware that has placed a particular interest in targeting financial institutions, disguising itself as a banking app.

Several institutions have been affected to date, with SpyNote.C disguising itself as the banking app for several organisations, including HSBC, Deutsche Bank, Kotak Bank, and BurlaNubank.

It will also ask users for a wide range of accessibility permissions, which, when granted, will extract two-factor authentication codes through the Google Authenticator app, and steal app credentials by tricking a user into logging in and providing their details.

Between August 2021 and October 2022, at least 80 people reportedly purchased SpyNote.C, which was being sold on a Telegram channel under the alias CypherRat.

In the final quarter of 2022, reports of SpyNote.C attacks dramatically increased after the code for CypherRat was leaked onto GitHub. Bad actors also targeted other bad actors, pretending to sell the software.

ISCOVER

Researchers at ThreatFabric have suggested that because of the leak, more and more versions of SpyNote will appear.

Furthermore, they predict that “SpyNote will keep using Accessibility Service to collect essential data from users’ devices and that it will be able to develop towards a successful distribution”, whilst additional security measures to protect the software continue to be developed.

Android users should remain aware of the software, only download applications from trusted sources, such as the Google Play Store rather than third-party websites, and be wary of what permissions applications ask for.

Source…

Cybercrime group targeting banks in African Francophone countries

/in


A cybercriminal group continues to target banks and financial institutions in Francophone countries across Africa, with attacks spreading since the outfit was first observed in 2018. 

In a report published Thursday by Symantec, the researchers examined a recent campaign by a group they’ve named Bluebottle, which several other cybersecurity firms have investigated in recent years. 

“Three different financial institutions in three African nations were compromised in the activity seen by Symantec, with multiple machines infected in all three organizations,” the researchers said. “The effectiveness of its campaigns means that Bluebottle is unlikely to stop this activity. The attackers appear to be French speaking, so the possibility of them expanding this activity to French-speaking nations in other regions also cannot be ruled out.”

Symantec found that the group does not use custom malware in its attacks and demonstrates several similarities to the campaign uncovered by the cybersecurity company Group-IB, which tracked attacks on financial institutions in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and others.

Group-IB documented a campaign by the same group – tracked by the company as OPERA1ER – that lasted three years, in which the group stole at least $11 million and potentially as much as $30 million in 30 different attacks on banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. 

Image: Group-IB

Both campaigns also had tools with industry-specific, and region-specific, domain names. The campaign tracked by Symantec lasted from about May 2022 to September 2022 and involved the use of GuLoader, a remote access trojan used frequently over the last two years. 

Symantec was unable to identify the initial infection vector but said the earliest malicious files they found on victim networks had French-language, job-themed file names. 

These files were likely used as lures to begin the attack, the researchers explained, noting that in some cases, the malware was named to trick the user into thinking it was a PDF file. 

Examples of file…

Source…

Godfather Android Malware Targets 400+ Banks and Crypto Exchanges

/in


This site may earn affiliate commissions from the links on this page. Terms of use.

After fading away for several months, the newly prevalent Godfather Android malware is back with a vengeance, targeting more than 400 international financial firms. The trojan generates fake login pages to harvest customer login details, and that’s just the start. Godfather also mimics Google’s pre-installed security tools in an attempt to gain full control over devices.

Godfather was discovered by malware analytics firm Group I-B, with the first samples appearing in June 2021. It is believed this malware grew out of another popular bank hacker known as Anubis. Godfather circulated at low levels until June 2022, when it vanished. It appears the operators were simply preparing a new version. Godfather was back with a vengeance in September of this year, targeting a whopping 400 financial companies: 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchanges.

When installed on a device, Godfather will generate fake login pages, which it can use to get usernames and passwords. Many banks and crypto firms have additional login requirements, and that’s where Godfather’s other mechanisms come in handy. After installation, the malware masquerades as a Google Play Protect alert. Thinking this is a legitimate popup from Android’s default security suite, some users will grant the malware accessibility control. At that point, Godfather can record the screen, read SMS, fire off fake notifications, make calls, and more — everything you need to compromise a bank account or crypto vault.

Godfather’s fake Play Protect popup.

The malware appears to be spreading via decoy apps in the Play Store. Group I-B has not determined who created and profits from Godfather, but it heavily suspects that they are Russian speakers. There’s a kill switch in the malware that checks the OS language setting. If it finds the default language is one of those spoken in former Soviet states (other than Ukrainian), it will shut down instead of stealing data. It’s not exactly a smoking gun, but it’s pretty suspicious.

After evaluating Telegram channels, Group I-B believes that Godfather is an example of…

Source…