Tag Archive for: Hiding

Hackers Hiding Keylogger, RAT Malware in SVG Image Files


Critical Infrastructure Security
,
Cybercrime
,
Endpoint Security

New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RAT

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

Threat actors are hiding malware in SVG image files to evade detection and deliver ransomware, download a banking Trojan and distribute malware.

See Also: Live Webinar | Secrets Detection: Why Coverage Throughout the SDLC is Critical to Your Security Posture

Cofense Intelligence researchers in January observed a two-month campaign that used SVG files to deliver Agent Tesla Keylogger and XWorm RAT malware. The researchers advise security teams to remind users to watch for unexpected downloads upon opening an SVG file, the telltale sign of a compromise.

The Scalable Vector Graphic file format uses mathematical equations to describe images, which enables them to be scaled without loss of image quality and makes them suitable for diverse design applications.

AutoSmuggle, an open-source tool released in May 2022, enables threat actors to embed malicious files within SVG or HTML content, bypassing security measures such as secure email gateways and increasing the chances of successful malware delivery.

The use of SVG files for malware delivery was first observed in 2015, but researchers said hackers have refined their tactics to bypass security measures and successfully distribute harmful payloads. SVG files distributed Ursnif malware in 2017 and were used to smuggle .zip archives…

Source…

Google tests a ‘Private Space’ feature on Android phones, allowing secure hiding of apps


Minute Mirror - Subscribe
Minute Mirror - Subscribe

For Android smartphones, Google is actively developing a feature called “Private Space” that will allow users to safely conceal apps. This feature, which is expected in a future Android OS update, allows users to hide files and apps from other users, similar to Samsung’s Secure Folder feature that has been around for six years.

This feature, found in the Security & Privacy settings, enables users to create a protected Android user profile using biometrics or a password/PIN. Mishaal Rahman found this development in the Android 14 QPR2 beta. This feature improves privacy when sharing the device by hiding not just the presence of the app but also its notifications.

To preserve the covert use of the “Private Space” feature, Google is thinking of implementing a search bar trigger to reveal these apps.
The possible inclusion of the feature in Android 15 may indicate that smartphone makers will use it more widely, giving more people access to Samsung’s Secure Folder-like features. Rahman points out that not all features were activated in the most recent beta because it’s still in development.

Source…

Chinese Hackers Are Hiding in Routers in the US and Japan


WIRED broke the news on Wednesday that SoundThinking, the company behind the gunshot-detection system ShotSpotter, is acquiring some assets—including patents, customers, and employees—from the firm Geolitica, which developed the notorious predictive policing software PredPol. WIRED also exclusively reported this week that the nonprofit Electronic Privacy Information Center is calling on the US Justice Department to investigate potentially biased deployment of ShotSpotter in predominantly Black neighborhoods.

As the US federal government inches closer to a possible shutdown, we took a look at the sprawling conservative media apparatus and deep bench of right-wing hardliners in Congress that are exploiting their leverage to block a compromise in the House of Representatives.

Satellite imaging from the Conflict Observatory at Yale University is providing harrowing insight and crucial information about the devastation wrought in the city of Khartoum by Sudan’s civil war. Meanwhile, researchers from the cybersecurity firm eQualitie have developed a technique for hiding digital content in satellite TV signals—a method that could be used to circumvent censorship and internet shutdowns around the world. And the productivity data that corporations have increasingly been gathering about their employees using monitoring software could be mined in an additional way to train AI models and eventually automate entire jobs.

Plus, there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A China-linked hacking group, dubbed BlackTech, is compromising routers in the US and Japan, secretly modifying their firmware and moving around company networks, according to a warning issued by cybersecurity officials this week. The United States Cybersecurity and Infrastructure Security Agency (CISA), the NSA, FBI, and Japan’s National Police Agency and cybersecurity office issued the joint alert saying the BlackTech group was “hiding in router firmware.”

The officials said they had seen the Chinese-linked actors using their access to the routers to move from “global subsidiary…

Source…

Billions of Android and iPhone owners urged to check signs a criminal is hiding in your device – don’t lose everything


SECURITY experts have warned smartphone users about major signs that criminals are hoping to hack their device.

Androids and iPhones are pretty safe gadgets but no device is fully hackproof, according to cybersecurity experts at Trend Micro.

Hackers have several techniques when it comes to infiltrating smartphonesCredit: Getty

They wrote in a recent blog post: “Unfortunately, no device can ever be 100% hackproof, and the iPhone is no exception.”

The blog lists three potential ways that a hacker can infiltrate your phone.

They’re all pretty common and you may have some of the red flags on your device right now.

EVIL APPS

The first hacking route the experts pointed out was “malicious apps.”

It’s normal to download apps onto your smartphone, but cybercriminals rely on you not checking what you’re downloading.

You have to be wary of all apps you download onto your device and make sure you’ve double checked the permissions that they want to access.

Try reading the apps reviews and only downloading from the Google Play Store or Apple App Store.

DANGEROUS WI-FI

The Trend Micro experts also warned against using insecure Wi-Fi networks, especially public Wi-Fi.

Most read in Phones & Gadgets

Cybercriminals can take advantage of your need to be online and steal data from your device.

Even the FBI has warned to be wary of public Wi-Fi.

“Preventing internet-enabled crimes and cyber intrusions requires each of us to be aware and on guard,” the FBI wrote in a recent announcement.

“Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network.”

PHISHING MESSAGES

The third threat on the list could be lurking in your email app or text message inbox.

Phishing emails and texts sit waiting on devices, often containing dangerous links, and attachments.

Delete any suspicious messages without clicking on links or revealing any private information.

Source…