Tag Archive for: discovers

Kaspersky discovers Ghimob banking malware targets mobile users worldwide – Back End News

/in


When monitoring a Windows campaign from Guildma banking malware, Kaspersky researchers found URLs distributing not only a malicious .ZIP file for Windows, but also a malicious file that appeared to be a downloader to install Ghimob, a new banking Trojan.

Upon infiltrating Accessibility Mode, Ghimob can gain persistence and disable manual uninstallation, capture data, manipulate screen content, and provide full remote control to the actors behind it. According to experts, the developers of this “very typical” mobile Remote Access Trojan (RAT) are heavily focused on users in Brazil but have big plans to expand across the globe. The campaign is still active.

“Latin American cybercriminals’ desire for a mobile banking Trojan with a worldwide reach has a long history,” said Fabio Assolini, security expert at Kaspersky. “We have already seen Basbanke, then BRata, but both were heavily focused on the Brazilian market. In fact, Ghimob is the first Brazilian mobile banking Trojan ready for international expansion.”

Kaspersky explains threats in APAC’s manufacturing industry

Kaspersky’s report shows phishing rampant on social media, messaging apps

Guildma, a threat actor, which is part of the infamous Tétrade series, known for its scalable malicious activities both in Latin America and other parts of the world, has been working actively on new techniques, developing malware, and targeting fresh victims.

Spying on 153 mobile apps

Its new creation — the Ghimob banking Trojan — lures victims into installing the malicious file through an email which suggests that the person receiving it has some kind of debt. The email also includes a link for the victim to click on so they can find out more information. Once the RAT is installed, the malware sends a message about the successful infection to its server. The message includes the phone model, whether it has lock screen security, and a list of all installed apps that the malware can target. In total, Ghimob can spy on 153 mobile apps, mainly from banks, fintech companies, cryptocurrencies, and exchanges.

When it comes to functions, Ghimob is a spy in the victim’s pocket. Developers can remotely…

Source…

Let’s Encrypt discovers CAA bug, must revoke customer certificates

/in
Unfortunately, most if not all Let's Encrypt users will need to manually force-renew their certificates before Wednesday. It's at least an easy process.

Enlarge / Unfortunately, most if not all Let’s Encrypt users will need to manually force-renew their certificates before Wednesday. It’s at least an easy process. (credit: Adobe)

On Leap Day, Let’s Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.

The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain’s DNS should prohibit it. As a result, Let’s Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can’t be certain are legitimate, saying:

Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you’ll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you’re not able to renew your certificate by March 4, the date we are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate.

Let’s Encrypt uses Certificate Authority software called Boulder. Typically, a Web server that services many separate domain names and uses Let’s Encrypt to secure them receives a single LE certificate that covers all domain names used by the server rather than a separate cert for each individual domain.

Read 6 remaining paragraphs | Comments

Biz & IT – Ars Technica