Tag Archive for: Flags

NCC flags banking app malware

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team has flagged a malware, XENOMORPH, that installs trojan in banking apps on the android platform to steal login details, raid bank accounts, and read personal SMS.

According to the commission, owners of compromised devices must take the extreme measure of doing factory resetting of infected devices.

The NCC-CSIRT, citing Zscaler ThreatLabz, said, “The Todo: Day Manager hijacks your login info from banking apps, and can even read your SMS messages. It installs a banking trojan malware called Xenomorph that allows the app to intercept your two-factor verification codes (typically delivered over text) to raid your logins – and bank account.

“Xenomorph performs overlay attacks by exploiting accessibility permissions in Android, resulting in the overlaying of fraudulent login screens on banking apps aimed at exfiltrating credentials. The Android app makes itself intentionally difficult to delete. You need to search your phone for it immediately and uninstall it.

“It starts with asking users to enable access permission. Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it un-installable from the phone.”

All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.

Contact: [email protected]

Source…

Cyber security: NCC-CSIRT flags Blackbyte Ransomware

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has flagged a high-impact threat to Windows operating system, the Blackbyte Ransomware, which has the capacity to bypass protections by disabling more than 1,000 drivers used by various security solutions.

This was disclosed in a statement by NCC spokesperson Reuben Muoka on Saturday.

The NCC-CSIRT said the BlackByte ransomware gang, which is using a new technique that researchers called, “Bring Your Own Vulnerable Driver,” is exploiting the security issue that allowed it to disable drivers that prevent multiple Endpoint Detection and Response (EDR) and antivirus products like Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security, from operating normally.

Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code execution flaw tracked as CVE-2019-16098.

The “Bring Your Own Vulnerable Driver” (BYOVD) method is effective because the vulnerable drivers are signed with a valid certificate and run with high privileges on the system.

Two notable recent examples of BYOVD attacks include Lazarus, abusing a buggy Dell driver and unknown hackers abusing an anti-cheat driver/module for the Genshin Impact game.

The NCC-CSIRT advisory recommended that system administrators protect against BlackByte’s new security bypassing trick by adding the particular MSI driver to an active blocklist, monitoring all driver installation events, and scrutinising them frequently to find any rogue injections that do not have a hardware match.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

:

Source…

Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users

/in


Facebook is contacting about 1 million users of its platform about their account details potentially being compromised by malicious Android or iOS applications.

In a blog post on Oct. 7, Facebook’s parent company Meta said its researchers had detected 400 malicious Android and iOS apps over the past year that were designed to steal usernames and passwords belonging to Facebook users and to compromise their accounts. The poisoned apps were uploaded to Google’s and Apple’s app stores and masqueraded as legitimate games, VPN services, photo applications, and other utilities.

When users downloaded and attempted to use one of the malicious apps, it would prompt them to enter the user’s Facebook username and password. If a user entered their credentials, attackers would gain full access to the individual’s account, private information, and their friends on the social media platform, Meta said.

“This is a highly adversarial space, and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” David Agranovich, Meta’s director of threat disruption, and Ryan Victory, malware discovery and detection and engineer, wrote in the blog post. 

Meta reported the apps to Apple and Google, and the researchers noted, “We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials and are helping them to secure their accounts.”

Posed as Legitimate Apps

Many of the iOS and Android apps that Meta detected on Apple and Google’s mobile stores purported to have some fun or useful functionality, like music players and cartoon image editors. A plurality (42%) posed as photo editors, some of which claimed they could turn a user’s photo into a cartoon. 

About 15% purported to be business utilities, such as VPNs that claimed to help users access blocked content and websites or to boost their Internet browsing speeds; 14% were phone utilities, such as flashlight apps that purportedly helped brighten the phone’s flashlight. 

Mobile games accounted for about 11% of the 400 or so malicious apps that Meta’s researchers discovered. Fake reviews might have…

Source…

Australia flags privacy overhaul after huge cyber attack on Optus

/in


Australian Prime Minister Anthony Albanese speaks at the Sydney Energy Forum in Sydney, Australia July 12, 2022. Brook Mitchell/Pool via REUTERS/File Photo

Register now for FREE unlimited access to Reuters.com

SYDNEY, Sept 26 (Reuters) – Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country’s second-largest telecoms firm.

Optus, owned by Singapore Telecoms Ltd (STEL.SI), said last week that home addresses, drivers’ licences and passport numbers of up to 10 million customers, or about 40% of the population, were compromised in one of Australia’s biggest data breaches.

The attacker’s IP address, or unique identifier of a computer, appeared to move between countries in Europe, the company said, but declined to detail how security was breached. Australian media reported an unidentified party had demanded $1 million in cryptocurrency for the data in an online forum but Optus has not commented on its authenticity.

Register now for FREE unlimited access to Reuters.com

Albanese called the incident “a huge wake-up call” for the corporate sector, saying there were some state actors and criminal groups who wanted to access people’s data.

“We want to make sure … that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well,” he told radio station 4BC.

Cybersecurity Minister Clare O’Neil said Optus was responsible for the breach and noted such lapses in other jurisdictions would be met with fines in the hundreds of millions of dollars, an apparent reference to European laws that penalise companies 4% of global revenue for privacy breaches.

“One significant question is whether the cyber security requirements that we place on large telecommunications providers in this country are fit for purpose,” O’Neil told parliament.

Optus said it would offer the most affected customers free credit monitoring and identity protection with credit agency Equifax Inc (EFX.N) for a year. It did not say how many customers the offer applied to.

The telco…

Source…