Tag Archive for: campaigns

Mobile Banking Trojan Campaigns Target Indian Android Users

/in


Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime

Hackers Use Messaging Apps WhatsApp, Telegram to Bait Victims

Mihir Bagwe (MihirBagwe) •
November 21, 2023    

Mobile Banking Trojan Campaigns Target Indian Android Users
Microsoft is warning about banking Trojans spread on social media. (Image: Shutterstock)

Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India – a development facilitated by ubiquitous QR codes and a national digital identity program known as Aadhaar that covers nearly every Indian.

Microsoft said in a Monday blog post that mobile malware infections aren’t a new threat to Indian users, but they “pose a significant threat” of financial loss and data theft.

Fraudsters use WhatsApp and Telegram to distribute malicious apps masquerading as legitimate banks, government services and utilities software. Hackers are using a relatively new tactic of directly sharing malicious Android app files with the mobile users over messaging platforms.

Ongoing campaigns led to the discovery of two fraudulent applications designed to deceive Indian banking customers.

Targeting Account Information

Threat actors used WhatsApp in a recent, widely circulated phishing campaign to deliver a fake banking app disguised as a “know your customer” app that tricks users into submitting…

Source…

CISA Identifies Known Exploited Vulnerabilities Linked to Ransomware Campaigns

/in


The Cybersecurity and Infrastructure Security Agency has launched new resources to help organizations identify vulnerabilities and misconfigurations linked to ransomware campaigns.

The agency said Thursday it has added a “Known to be Used in Ransomware Campaigns” column to its catalog of known exploited vulnerabilities and a “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table to its Stop Ransomware website.

The table features a short description of the misconfiguration and a column identifying the cyber performance goal action for each vulnerability.

With the new offerings, CISA aims to help critical infrastructure organizations boost their cyber resilience by providing mitigations against specific KEVs, misconfiguration and weaknesses targeted in ransomware campaigns.

Chinese APT group ToddyCat launches new cyber-espionage campaigns

/in


Researchers warn of renewed attacks against high-profile organizations launched by a Chinese APT actor known in the industry as ToddyCat. The group has been refining its tactics as well as malware toolset since 2020 when it was originally discovered.

In a new report this week, researchers from security firm Check Point Software Technologies documented a ToddyCat campaign they dubbed “Stayin’ Alive” that targeted organizations from Asian countries primarily from the telecom and government sectors.

“The Stayin’ Alive campaign consists of mostly downloaders and loaders, some of which are used as an initial infection vector against high-profile Asian organizations,” the Check Point researchers said. “The first downloader found called CurKeep, targeted Vietnam, Uzbekistan, and Kazakhstan. As we conducted our analysis, we realized that this campaign is part of a much wider campaign targeting the region.”

In a separate report this week, researchers from Kaspersky Lab also documented a new generation of malware loaders used by ToddyCat in recent attacks, including some that seem to be tailored for each victim. The Kaspersky researchers originally uncovered ToddyCat activities in late 2020 after the group targeted high-profile Asian and European organizations.

DLL side-loading a favored ToddyCat technique

One of ToddyCat’s favorite techniques of deploying malware on computers is through a technique called DLL side-loading. This involves finding a legitimate executable from an application that searches for a particular DLL file in the same directory and then replacing that DLL with a malicious one.

Because the originally executed file belongs to a legitimate application or service, it’s likely to be digitally signed and whitelisted in some security products. The attackers hope that the subsequent loading of a malicious DLL by a legitimate executable won’t be detected or blocked.

In the past ToddyCat exploited vulnerabilities in publicly exposed Microsoft Exchange servers, but it also delivers malware through spear-phishing emails that have malicious archives attached. These archives contain the legitimate executables together with the rogue…

Source…

WatchGuard report reveals decline in malware despite more campaigns

/in


A recent Internet Security Report by WatchGuard Technologies, a global leader in unified cybersecurity, has unveiled some startling trends in the realm of cyber threats. The report, which analysed data from Q2 2023, highlights a decrease in endpoint malware volumes even as campaigns grow more expansive. It also points to a rise in double-extortion attacks and the continued exploitation of older software vulnerabilities by threat actors.

Corey Nachreiner, chief security officer at WatchGuard, emphasised the evolving nature of cyber threats. “The data analysed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively,” he said. Nachreiner added that there is “no single strategy that threat actors wield in their attacks” and organisations must employ a “unified security approach” for their best defence.

One of the most alarming findings is that 95% of malware now arrives over encrypted connections. This means that organisations not inspecting SSL/TLS traffic at their network perimeter are likely missing most malware. The report also found that zero-day malware dropped to an all-time low of 11% of total malware detections. However, the share of evasive detections increased to 66% when inspecting malware over encrypted connections.

In terms of endpoint malware, the volume has decreased by a slight 8% in Q2 compared to the previous quarter. Despite this, detections increased in volume by 22% and 21% when caught by 10 to 50 systems or 100 or more systems, respectively. “The increased detections among more machines indicate that widespread malware campaigns grew from Q1 to Q2 of 2023,” the report stated.

Double-extortion attacks have seen a significant rise, increasing 72% quarter over quarter. This comes even as ransomware detections on endpoints declined by 21% quarter over quarter and 72% year over year. The Threat Lab also noted the emergence of 13 new extortion groups.

The report also highlighted the resurgence of Glupteba, a multi-faceted loader, botnet, information stealer, and…

Source…