Tag Archive for: Groups

Hacking group’s new malware abuses Google and Facebook services

/in


Molerats

Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data.

The hackers have been active since at least 2012 and are considered to be the low-budget division of a larger group called the Gaza Cybergang.

Two backdoors and a downloader

The Molerats threat actor used in recent operations two new backdoors – called SharpStage and DropBook, and one previously undocumented malware downloader named MoleNet.

Designed for cyberespionage, the malware attempts to avoid detection and takedown efforts by using Dropbox and Facebook services to steal data and receive instructions from the operators. Both backdoors implement Dropbox to extract stolen data.

The attack starts with an email luring political figures or government officials in the Middle East (Palestinian Territories, UAE, Egypt, Turkey) to download malicious documents.

One of the lures in campaigns delivering the new malware was a PDF file referencing the recent talks between Israeli Prime Minister Benjamin Netanyahu and His Royal Highness Mohammed bin Salman, Saudi Crown Prince.

The document showed only a summary of the content and instructed the recipient to download password-protected archives stored in Dropbox or Google Drive for the full information.

Two of these files were SharpStage and DropBook backdoors, which called a Dropbox storage controlled by the attacker to download other malware. A third one was another backdoor, Spark, also used by Molerats in previous campaigns.

Commands over Facebook

A technical report from Cybereason’s Nocturnus Team [PDF] notes that the Python-based DropBook backdoor distinguishes from other tools in Molerats’ arsenal because it receives instructions only through fake accounts on Facebook and Simplenote, the note-taking app for iOS.

The hackers control the backdoor through commands published in a post on Facebook. They used the same method to provide the token necessary to connect to the Dropbox account. Simplenote acts as a backup in case the malware cannot retrieve the token from Facebook.

With commands coming from multiple sources on a…

Source…

Facebook removes 2 hacking groups from Bangladesh, Vietnam

/in


(MENAFN – IANS) p>New Delhi, Dec 11 (IANS) Facebook has removed two hacking groups operating from Bangladesh and Vietnam from its platform that were distributing malware and compromising people’s accounts across the Internet.

The Bangladesh-based group targeted local activists, journalists and religious minorities, including those living abroad, to compromise their accounts and have some of them disabled by Facebook for violating its Community Standards.

“Our investigation linked this activity to two non-profit organisations in Bangladesh: Don’s Team (also known as Defense of Nation) and the Crime Research and Analysis Foundation (CRAF). They appeared to be operating across a number of internet services,” said Nathaniel Gleicher, Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager at Facebook.

APT32, an advanced persistent threat actor based in Vietnam, targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organisations, news agencies and a number of businesses with malware.

“Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hanh Tinh Company Limited, Planet and Diacauso),” Facebook said in a statement late on Thursday.

APT32 has deployed a wide range of adversarial tactics across the internet.

“The people behind these operations are persistent adversaries, and we expect them to evolve their tactics. However, our detection systems and threat investigators, as well as other teams in the security community, keep improving to make it harder for them to remain undetected,” said Gleicher.

–IANS

na/in

MENAFN11122020000231011071ID1101265008


Legal Disclaimer: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly…

Source…

ESET Research uncovers APT-C-23 group’s new Android spyware masked as Threema and Telegram – Security Magazine

/in

ESET Research uncovers APT-C-23 group’s new Android spyware masked as Threema and Telegram  Security Magazine
“android security news” – read more

Amazon deletes anti-union listing, watches workers’ “secret” social groups

/in
An Amazon Flex driver delivers an armload of packages in Cambridge, Mass., on Dec. 18, 2018.

Enlarge / An Amazon Flex driver delivers an armload of packages in Cambridge, Mass., on Dec. 18, 2018. (credit: Pat Greenhouse | The Boston Globe | Getty Images)

Amazon is working extremely hard to counter both internal unionization efforts and external bad press even as working conditions for its Flex drivers seem to get ever more desperate amid the persistent pandemic, a set of new reports reveals.

The Internet’s biggest everything store has been busy during the COVID-19 pandemic. As in-person retail bottomed out, online retail skyrocketed and Amazon hired an additional 175,000 warehouse, grocery, and delivery workers to keep up with the sharply increased demand this year provided.

One of the ways Amazon gets packages to your doorstep is through Amazon Flex. The program is basically like Uber, but for Amazon: drivers use Amazon’s app and their own cars to collect packages from Amazon facilities and deliver them to local homes. Typically, drivers sign up for a scheduled two-to-four-hour delivery block or shift, but Flex also makes “Instant Offers,” which are immediate, on-demand deliveries drivers can pick up like an Uber or Lyft fare.

Read 19 remaining paragraphs | Comments

Biz & IT – Ars Technica