Tag: bypass | SpinSafe

Gmail And YouTube Hackers Bypass Google’s 2FA Account Security

April 12, 2024/in Computer Security

Hackers are taking over Google accounts despite 2FA protection

SOPA Images/LightRocket via Getty Images

Desperate Gmail and YouTube users are turning to official and unofficial Google support forums after hackers take over their accounts, bypassing two-factor authentication security and then locking them out. Time and time again, the attackers appear to be part of a cryptocurrency scam supposedly giving away Ripple’s XRP to those responding.

Google Users Take To Support Forums As 2FA Hackers Target Gmail And YouTube Accounts

If you scan the various support forums for Google products such as Gmail and YouTube, including Google’s own official forums and those on Reddit, you will always see desperate people asking about account recovery. These usually relate to someone forgetting the password, having their phone stolen, changing telephone numbers and so on. However, when you see a pattern emerging of people whose accounts have been hacked despite having 2FA activated and being unable to recover their accounts, you know something out of the ordinary is happening.

“They changed the two-factor authentication… account recovery is not working and sends me on a loop.”

“The hackers changed the password and the phone number and also edited the two-factor authentication settings.”

“My account, which was 2FA authenticated, can’t login, password-box says in password changed 25 hrs ago. Cannot recover because the genius hacker has changed the recovery email to the same email, and deleted my number too.”

Aside from the number of accounts compromised despite having 2FA protection in place, there appears to be another common denominator in the form of Ripple Labs cryptocurrency—or, rather, scams leveraging XRP.

Ripple Labs Issues XRP Cryptocurrency Scam Warning

Ripple has taken to X in an attempt to spread awareness of the increasing spate of attacks against Gmail and YouTube accounts which are then used to entrap readers and viewers with a variety of scams. The most…

Source…

Apple Zero-Day Exploits Bypass Kernel Security

March 7, 2024/in Internet Security

Apple has released emergency security updates to fix two critical iOS zero-day vulnerabilities that cyberattackers are actively using to compromise iPhone users at the kernel level.

According to Apple’s security bulletin released March 5, the memory-corruption bugs both allow threat actors with arbitrary kernel read and write capabilities to bypass kernel memory protections:

CVE-2024-23225: Found in the iOS Kernel
CVE-2024-23296: Found in the RTKit component

While Apple, true to form, declined to offer additional details, Krishna Vishnubhotla, vice president of product strategy at mobile security provider Zimperium, explains that flaws like these present exacerbated risk to individuals and organizations.

“The kernel on any platform is crucial because it manages all operating system operations and hardware interactions,” he explains. “A vulnerability in it that allows arbitrary access can enable attackers to bypass security mechanisms, potentially leading to a complete system compromise, data breaches, and malware introduction.”

And not only that, but kernel memory-protection bypasses are a special plum for Apple-focused cyberattackers.

“Apple has strong protections to prevent apps from accessing data and functionality of other apps or the system,” says John Bambenek, president at Bambenek Consulting. “Bypassing kernel protections essentially lets an attacker rootkit the phone so they can access everything such as the GPS, camera and mic, and messages sent and received in cleartext (i.e., Signal).”

Apple Bugs: Not Just for Nation-State Rootkitting

The number of exploited zero-days for Apple so far stands at three: In January, the tech giant patched an actively exploited zero-day bug in the Safari WebKit browser engine (CVE-2024-23222), a type confusion error.

It’s unclear who’s doing the exploiting in this case, but iOS users have become top targets for spyware in recent months. Last year, Kaspersky researchers uncovered discovered a series of Apple zero-day flaws (CVE-2023-46690, CVE-2023-32434, CVE-2023-32439) connected to Operation Triangulation, a sophisticated, likely state-sponsored cyber-espionage campaign that deployed TriangleDB spying implants on iOS devices at a variety of…

Source…

New Chameleon Android malware variant emerges with fingerprint lock bypass capability

December 25, 2023/in Mobile Security

A new variant of Chameleon Android malware has been found in the wild with new features, notable among them the ability to bypass fingerprint locks.

The Chameleon Android banking trojan first entered the scene in early 2023 with a primary focus on mobile banking applications in Australia and Poland but has since expanded into other countries, including the U.K. and Italy. The malware uses multiple loggers but has somewhat limited functionality.

Earlier versions of Chameleon could perform actions on behalf of the victim, with those behind the malware able to undertake account and device takeover attacks. As detailed Dec. 21 by researchers at ThreatFabric, Chameleon has traditionally abused the Android Accessibility Service to steal sensitive information from endpoints and mount overlay attacks.

However, the new version comes with two changes: the ability to bypass biometric prompts and the ability to display an HTML page to enable accessibility service in devices implementing Android 13’s “Restricted Settings” feature. According to the researchers, the enhancements elevate the sophistication and adaptability of the new Chameleon variant, making it a more potent threat in the ever-evolving landscape of mobile banking trojans.

The new Chameleon variant starts by scanning to see if the OS is Android 13 or newer. If it is, the malware then prompts the user to turn on accessibility services, going so far as to guide the user through the process. Once complete, the malware can then perform unauthorized actions on the user’s behalf.

That’s not a particularly unique ability among malware families, but the next part is where it gets interesting: the ability to interrupt biometric operations on the targeted device and bypass fingerprint locks.

The method employs the KeyguardManager application programming interface and AccessibilityEvent, an Android system-level event that provides information about changes in the user interface to assess the screen and keyguard status. Keyguard in Android is a system component responsible for managing device security, such as screen lock and authentication mechanisms.

The malware evaluates the keyguard’s state concerning various…

Source…

Hackers Will Be Quick to Bypass Gmail’s Blue Check Verification System

June 20, 2023/in Computer Security

Google has introduced new blue verified check marks for Gmail addresses. According to Google, the new feature helps protect inboxes against malicious and unwanted emails and increases confidence that those emails are from legitimate sources. Gmail users who added Google’s Brand Indicators for Message Identification (BIMI) feature will now see a check mark icon instead of the verified brand logo.

Creating a verification process makes sense — until hackers and spammers decide to make it their mission to find flaws in the capability. Bypassing blue check marks will be another chapter in the long history of business email compromise schemes designed to propagate malicious code. By sending out emails with impersonated blue check marks, legacy security protection layers will likely pass the message to the suspecting victims.

Another Layer of Protection or Just Another Layer?

Hackers can create fake email accounts that look like they have been verified by Google. They can create a new account and then use a tool to generate a fake verification badge. Once the account has been created, the hacker can then send phishing emails or other malicious messages that appear to come from a legitimate source.

Hackers can use social engineering to trick users into revealing their passwords. They can send emails that appear to be from a legitimate source, such as a bank, government agency, or customer service representative. Or they may create a message that offers a free gift or discount. The email typically will contain a link that takes the user to a fake website that looks like the real thing. Once the user enters their login credentials, the hacker can then use them to access the user’s Gmail account.

Hackers can use malware to steal login credentials. This can be done by sending emails that contain attachments infected with malware. Once the user opens the attachment, the malware will be installed on their computer. The malware can then be used to steal the user’s login credentials for Gmail and other online accounts.

Also, don’t be surprised when hackers send phishing emails with an artificial Gmail verification process to potential victims, fooling them into thinking they’re helping them earn…

Source…

Tag Archive for: bypass

Google Users Take To Support Forums As 2FA Hackers Target Gmail And YouTube Accounts

Ripple Labs Issues XRP Cryptocurrency Scam Warning

Apple Bugs: Not Just for Nation-State Rootkitting

Another Layer of Protection or Just Another Layer?