Tag Archive for: Fraudulent

Ursnif Leverages Cerberus Android Malware to Automate Fraudulent Bank Transfers in Italy

/in


Contributed to this research: Segev Fogel, Amir Gendler and Nethanella Messer.

 

IBM Trusteer researchers continually monitor the evolution and attack tactics in the banking sector. In a recent analysis, our team found that an Ursnif (aka Gozi) banking Trojan variant is being used in the wild to target online banking users in Italy with mobile malware. Aside from the Ursnif infection on the victim’s desktop, the malware tricks victims into fetching a mobile app from a fake Google Play page and infects their mobile device with the Cerberus Android malware.

 

The Cerberus malware component of the attack is used by Ursnif’s operators to receive two-factor authentication codes sent by banks to their users when account updates and money transfer transactions are being confirmed in real-time. Cerberus also possesses other features and can enable the attacker to obtain the lock-screen code and remotely control the device.

 

Cerberus is an overlay-type mobile malware that emerged in mid-2019 but initially lacked advanced capabilities. It has evolved over time to eventually feature the ability to hijack SMS content and control devices remotely, alongside other sophisticated data theft features. Cerberus was peddled in the underground as commodity malware until the summer of 2020, taking over the market share of Anubis, a previous pay-per-use malware.

 

In September 2020, Cerberus’ development team decided to disband, spurring an auction attempt that aimed to sell off the source code to the highest bidder, starting at $100,000. The code did not sell but was instead shared with the malware’s customer base, which meant it was publicly leaked. That intentional release of the source code gave rise to numerous malware campaigns involving Cerberus and likely also led to this combined attack with the Ursnif banking Trojan.

A Combination Attack From Desktop to Smartphone

Ursnif is a very long-standing staple in the cybercrime arena, possibly the oldest banking Trojan that’s still active today. Recent campaigns featuring this malware have been most notable in Italy, where it is typically delivered to business email recipients in attachments that…

Source…

Mobile Security is Here to Defeat Those Viruses!

/in



NH has seen about 10,000 fraudulent jobless claims

/in


State officials said they are dealing with a new type of fraud targeting the unemployment system.>> Download the FREE WMUR appAuthorities said they have a unit that is dedicated to investigating this fraud, and what they’ve seen is historic.Criminals have taken advantage of the pandemic to target unemployment systems all over the country with false benefit claims, officials said.“The type of fraud that we’ve seen is all related to identity thefts, and so that’s a different type of fraud than we’ve seen before, and it’s really the result of these large scale data breaches,” Richard Lavers, deputy commissioner of New Hampshire Employment Security, said.Those breaches usually target large retailers and result in the theft of hundreds of thousands of identities.Lavers said since the start of the pandemic, New Hampshire has seen about 10,000 of these fraudulent claims, but they’ve been able to sniff out almost all of them.“In 99% of these cases, we’ve detected the fraud prior to it paying out. So other states have not been as fortunate. We’ve seen other states that have paid out hundreds of millions of dollars,” Lavers said. New Hampshire has paid about 100 fake claims worth $370,000, Lavers said. That money is gone.“These are dollars that the state will never be able to collect. These are dollars that will quickly find their way offshore and they’re not dollars that we’ll ever be able to recoup,” Lavers said.Lavers said the public can also help by practicing good internet security and reporting anything that’s unemployment-related and looks suspicious.

CONCORD, N.H. —

State officials said they are dealing with a new type of fraud targeting the unemployment system.

>> Download the FREE WMUR app

Authorities said they have a unit that is dedicated to investigating this fraud, and what they’ve seen is historic.

Criminals have taken advantage of the pandemic to target unemployment systems all over the country with false benefit claims, officials said.

“The type of fraud that we’ve seen is all related to identity thefts, and so that’s a different type of fraud than we’ve seen before, and it’s really the result of these large scale data breaches,”…

Source…