Tag Archive for: Crypto

Xenomorph malware now targets banks and crypto apps in Canada, other regions

/in


Security researchers at cybersecurity company ThreatFabric discovered a new campaign leveraging the ‘Xenomorph’ malware on Android.

The campaign targets people in the U.S., Canada, Spain and other regions, and Xenomorph uses overlays that look like various financial institutions to steal peoples’ banking credentials. It also targets cryptocurrency wallets.

Bleeping Computer reported on ThreatFabric’s findings, offering a brief overview of Xenomorph’s history since it appeared in 2022. The malware has gone through a few revisions, and the newest campaign using it tries to get it onto devices by tricking people into downloading a fake Chrome update. A pop-up warns people that they’re using an outdated version of Google Chrome and encourages them to update the browser. However, if people tap the pop-up’s update button, it installs the Xenomorph malware instead.

The main takeaway for Android users should be to avoid installing Chrome updates — or anything for that matter — from a website pop-up. For the vast majority of Android users, updates from Chrome and other apps will come via the Play Store and only the Play Store.

Once installed, ThreatFabric says Xenomorph uses ‘overlays’ to steal information. The malware comes loaded with roughly 100 overlays targeting different sets of banks and crypto apps depending on the targeted region.

Moreover, the recent versions of Xenomorph include new features to enhance it. That includes a  ‘mimic’ feature that gives the malware the ability to act as another application. Mimic includes a built-in activity called ‘IDLEActivity,’ which can act as a WebView to show legitimate web content. These capabilities replace the need for the malware to hide icons from the app launcher after installation, behaviour that can be flagged as suspicious by security tools.

Xenomorph also has a ‘ClickOnPoint’ feature that allows the malware’s operators to simulate taps on specific parts of the screen. That allows operators to move past confirmation screens or perform other simple actions without triggering security warnings.

The last new feature researchers found was an ‘antisleep’ tool to prevent a device from…

Source…

WinRAR patches zero-day bug that targeted stock and crypto traders

/in


The developers behind file compression software WinRAR have patched a zero-day vulnerability that allowed hackers to install malware onto unsuspecting victims’ computers, enabling them to hack into their crypto and stock trading accounts.

On Aug. 23, Singapore-based cybersecurity firm Group-IB reported a zero-day vulnerability in the processing of the ZIP file format by WinRAR.

The zero-day vulnerability tracked as CVE-2023-38831 was exploited for approximately four months, allowing hackers to install malware when a victim clicked on files in an archive. The malware would then allow hackers to breach online crypto and stock trading accounts, according to the report.

Using the exploit, the threat actors were able to create malicious RAR and ZIP archives that displayed seemingly innocent files such as JPG images or PDF text documents. These weaponized ZIP archives were then distributed on trading forums targeting crypto traders, offering strategies such as “best Personal Strategy to trade with Bitcoin.”

“Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023.”

The report confirmed that the malicious archives found their way onto at least eight public trading forums infecting at least 130 devices, however, the victim’s financial losses were unknown.

WinRar exploit infection chain. Source: Group-IB

On execution, the script launches a self-extracting (SFX) archive that infects the target computer with various malware strains, such as the DarkMe, GuLoader and Remcos RAT.

These provide the attacker with remote access privileges on the infected computer. DarkMe malware has previously been used in crypto and financially motivated attacks.

The researchers notified RARLABS which patched the zero-day vulnerability in WinRAR version 6.23, released on Aug. 2.

Related: Crypto investors under attack by new malware, reveals Cisco Talos

In August, smartphone giant BlackBerry identified several malware families that actively aimed to hijack computers to mine or steal cryptocurrencies.

The same month also revealed a newly discovered remote access tool called HVNC (Hidden Virtual Network Computer) that…

Source…

Winrar Zero-Day Hack Exposes Crypto Accounts

/in


(MENAFN– CoinXposure)
The developers of the file compression software WinRAR have rectified a zero-day vulnerability that allowed hackers to install malware on the computers of unsuspecting victims and access their cryptocurrency and stock trading accounts.

On August 23, the singapore-based cybersecurity company Group-IB disclosed a zero-day vulnerability in WinRAR’s handling of the ZIP file format.

The zero-day vulnerability identified as CVE-2023-38831 was exploited for approximately four months, allowing attackers to install malware when a victim clicked on archive files.

According to the report, the malware would then enable hackers to compromise online crypto and stock trading accounts.

Using the exploit, threat actors were able to generate maliciRAR and ZIP archives containing files that appeared to be harmless, such as JPG images and PDF documents.

These weaponized ZIP archives were then disseminated on trading forums aimed at crypto traders, containing trading strategies such as“Best Personal Strategy for Trading with Bitcoin.

The report affirmed that maliciarchives made their way onto at least eight public trading forums, infecting at least 130 devices; however, the financial losses sustained by the victim are unknown.

WinRar exploit infection chain. Source: Group-IB

See also cristiano ronaldo, binance partner for“forevercr7” 2 months ago

Upon execution, the script initiates a self-extracting (SFX) archive that infects the target computer with varistrains of malware, including DarkMe, GuLoader, and Remcos RAT.

These grant the perpetrator remote access privileges on the compromised system. DarkMe malware has been utilized in the past for cryptographic and financial-motivated attacks.

The researchers informed RARLABS, which rectified the zero-day vulnerability in the August 2 release of WinRAR version 6.23.

In August, BlackBerry identified several malware families that actively targeted computers to mine or pilfer cryptocurrencies.

In the same month, a newly discovered remote access tool dubbed HVNC (Hidden Virtual Network Computer) was discovered for sale on the dark web. This tool allows hackers to compromise Apple operating…

Source…

Will it break crypto security within a few years?

/in


Digital Security, We Live Progress, Privacy

Current cryptographic security methods watch out – quantum computing is coming for your lunch.

Cameron Camp

27 Jul 2023
 • 
,
3 min. read

Quantum computing: Will it break crypto security within a few years?

If the rapid pace at which groups like Google are spooling up amped-up quantum computers continues, so too drops the shot clock to fix or replace cryptographic algorithms used to secure just about everything before they become quite crackable. The reason: The fundamental structure of computing – the bit – gets revamped to contain massive amounts of data each in a thing called qubit (short for ‘quantum bit’). After claiming quantum supremacy back in 2019, Google Quantum AI has now built the second generation of a computer that can digest and process an insane amount of them in record time, allowing them to hammer away at authentication until it breaks.

And this is just the beginning.

Quantum computing is a famously quirky – but promising – technology, highly susceptible to tricky noise problems that have bedeviled the tech, which tend to cause them to go berserk. But get them quiet enough to be maximally useable, and you fundamentally change computing power, by orders of magnitude.

To do that, a new system of minimizing noise and still getting usable information processed utilizes a scheme called random circuit sampling (RCS), which allows 70-qubit processing, vs. the last generation’s 53-qubit on the Sycamore quantum processor. That’s a HUGE difference in processing power. There are substantial efforts to push toward even higher qubit processing if the tech can either make quantum less noisy, optimize its performance amidst increased noise, or, most likely, both.

Even with the current level of computing power, however, the team estimates, “we conclude that our demonstration is firmly in the regime of beyond-classical quantum computation.” Basically, that means whatever supercomputers the world is using now will rapidly become dinosaurs, somewhat akin to condensing the computing power of yesterday’s mainframe into a smartphone you probably have sitting in your pocket. And it’s not just the scale of the…

Source…