Tag Archive for: disguises

GoldDigger Disguises as Fake Android App To Steal Banking Credentials


GoldDigger Disguises as Fake Android App To Steal Banking Credentials

GoldDigger, a new Android Trojan, imitates a fraudulent Android application and has been discovered to spoof both a Vietnamese government portal and a local energy provider.

Since at least June 2023, this specific Trojan has been active. Stealing banking credentials is its major objective.

It takes advantage of the Accessibility Service to steal personal data, intercept SMS traffic, and carry out other tasks for the user. The Trojan may be accessed remotely as well. 

Researchers from Group-IB’s Threat Intelligence team discovered this Android Trojan targeting Vietnamese financial institutions. Three Android Trojans, including GoldDigger, are now operating in the Asia Pacific.

Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Tactics Of The GoldDigger Trojan

Implementing a sophisticated protection system is one of GoldDigger’s key characteristics. The Trojan can greatly restrict static and dynamic malware analysis and elude detection due to Virbox Protector, a powerful protection solution for applications.

Banking Trojans’ primary objective is to infect as many devices as they can and access user accounts.

GoldDigger’s TTP
GoldDigger’s TTP

The “Install from Unknown Sources” feature is disabled by default on all Android devices, preventing the installation of apps from unofficial sources. APKs can be installed from sources other than the Google Play Store if the “Install from Unknown Sources” feature is enabled.

To download and install GoldDigger, the “Install from Unknown Sources” feature must be turned on on the victim’s device.

Fake website distributing GoldDigger
Fake website distributing GoldDigger

The GoldDigger Trojan prompts the user to enable Accessibility Service when it is run. The accessibility features offered by Android are designed to make using mobile devices easier for people with impairments. 

These services include speech-to-text,…

Source…

New Android spyware disguises itself as a ‘system update’


Security researchers claim there’s a powerful new Android malware that—masquerading as a critical system update—can take complete control of a victim’s device and steal their data.

In a report by TechCrunch, researchers at mobile security firm Zimperium, which discovered the malicious app, said the malware was found bundled in an app called ‘System Update’ that had to be installed outside of Google Play. Once the victim installs the malicious app, the malware communicates with the operator’s Firebase server, used to remotely control the device.

For all latest news, follow The Daily Star’s Google News channel.

The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos using the phone’s cameras. The malware also tracks the victim’s location, searches for document files and grabs copied data from the device’s clipboard.

The malware hides from the victim and tries to evade capture by reducing how much network data it consumes by uploading thumbnails to the attacker’s servers rather than the full image. The malware also captures the most up-to-date data, including location and photos.

Zimperium CEO Shridhar Mittal said the malware was likely part of a targeted attack, stating “It’s easily the most sophisticated we’ve seen,”.

He also confirmed the malicious app was never installed on Google Play. 

 

Source…

Engineers design transistor that disguises key computer chip hardware from hackers


A hacker can reproduce a circuit on a chip by discovering what key transistors are doing in a circuit – but not if the transistor “type” is undetectable.

transistor types

Purdue University photo/John Underwood

Purdue University engineers have demonstrated a way to disguise which transistor is which by building them out of a sheet-like material called black phosphorus. This built-in security measure would prevent hackers from getting enough information about the circuit to reverse engineer it.

Reverse engineering chips is a common practice – both for hackers and companies investigating intellectual property infringement. Researchers also are developing x-ray imaging techniques that wouldn’t require actually touching a chip to reverse engineer it.

The approach that Purdue researchers have demonstrated would increase security on a more fundamental level. How chip manufacturers choose to make this transistor design compatible with their processes would determine the availability of this level of security.

How to fool a hacker?

A chip computes using millions of transistors in a circuit. When a voltage is applied, two distinct types of transistors – an N type and a P type – perform a computation. Replicating the chip would begin with identifying these transistors.

“These two transistor types are key since they do different things in a circuit. They are at the heart of everything that happens on all our chips,” said Joerg Appenzeller, Purdue’s Barry M. and Patricia L. Epstein Professor of Electrical and Computer Engineering.

“But because they are distinctly different, the right tools could clearly identify them – allowing you to go backwards, find out what each individual circuit component is doing and then reproduce the chip.”

If these two transistor types appeared identical upon inspection, a hacker wouldn’t be able to reproduce a chip by reverse engineering the circuit.

Appenzeller’s team showed in their study that camouflaging the transistors by fabricating them from a material such as black phosphorus makes it impossible to know which transistor is which. When a voltage toggles the transistors’ type, they appear exactly the same to a hacker.

Building a…

Source…

Coronavirus phishing attack disguises as a message from the Center for Disease Control

Once again we’re reminded that cold-hearted scammers and fraudsters don’t have any qualms about exploiting human misery, and are prepared to do anything if it might net them a rich reward.

Graham Cluley