Tag Archive for: Leverages

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims


Dec 15, 2022Ravie LakshmananMobile Security /

Money-Lending Apps

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices.

Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps.

MoneyMonger “takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis,” Zimperium researchers Fernando Sanchez, Alex Calleja , Matteo Favaro, and Gianluca Braga said in a report shared with The Hacker news.

“Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.”

The campaign, believed to be active since May 2022, is part of a broader effort previously disclosed by Indian cybersecurity firm K7 Security Labs.

None of the 33 apps used in the deceptive scheme have been distributed through the Google Play Store. The money lending applications, instead, are available through unofficial app stores or sideloaded to the phones via smishing, compromised websites, rogue ads, or social media campaigns.

CyberSecurity

Once installed, the malware poses a risk as it’s designed to prompt the users to grant it intrusive permissions under the pretext of guaranteeing a loan, and harvest a wide range of private information.

The collected data – which includes GPS locations, SMSes, contacts, call logs, files, photos, and audio recordings – is then used as a pressure tactic to force victims into paying excessively high-interest rates for the loans, sometimes even in cases after the loan is repaid.

To make matters worse, the threat actors subject the borrowers to harassment by threatening to reveal their information, call people from the contact list, and send abusive messages and morphed photos from the infected devices.

The scale of the campaign is unclear owing to the use of sideloading and third-party app stores, but the rogue apps are estimated to have racked up over 100,000 downloads through the distribution vector.

“The extremely…

Source…

New research collaboration leverages edge computing to meet defence and security challenges


Professor David Lie (ECE) is collaborating with researchers from across Canada to develop edge computing solutions to address defence and security challenges.

The project — A Platform for Secure and Dependable Hierarchical Edge Processing on 5G — has received $1.5 million in funding over three years from Canada’s Department of National Defence (DND).

Edge computing refers to the processing of data near its originating source, not in distant servers. The project proposes a hierarchy of data centres that provides computation and storage at the peripheries, shifting from a country level all the way down to a neighbourhood level. The strategy aims to mitigate the high latency of cloud-based applications caused by limited internet bandwidth.

“Imagine you’re trying to run an intelligent transportation system, where vehicles are sending and receiving large amounts of data to the cloud in real time,” says Lie. “Today, the cloud’s architecture means there’s some distance between the servers and the vehicles. Even at the speed of an electron, there are processing delays, and that makes a difference when you’re dealing with a moving vehicle. Edge computing can reduce those delays.”

As part of its Innovation for Defence Excellence and Security (IDEaS) Program, DND is supporting the creation of ‘micro-nets’ — self-organized multidisciplinary teams of at least three eligible organizations/institutions who carry out interdisciplinary research on aspects of a science and technology challenge of common interest.

In addition to Lie, the team includes Professor Eyal de Lara, Chair of U of T’s Department of Computer Science, as well as Professor Oana Balmau of the School of Computer Science at McGill University, Professor Julien Gascon-Samson of the Software and IT Engineering Department at ÉTS Montréal / University of Québec, and Professor Aastha Mehta of the Department of Computer Science at the University of British Columbia.

Together, they will design a new platform based on localized data centres situated near the field of use. The idea is that these centres would better deliver reliable, predictable and secure performance for future high-performance…

Source…

North Korean Lazarus Hacking Group Leverages Supply Chain Attacks To Distribute Malware for Cyber Espionage


North Korean threat actor Lazarus group has resorted to supply chain attacks similar to SolarWinds and Kaseya to compromise the regime’s targets, according to cybersecurity firm Kaspersky.

Kaspersky’s Q3 2021 APT Trends report says that “Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload.”

The APT group compromised a South Korean think tank using two remote access trojan (RAT) variants BLINDINGCAN and COPPERHEDGE. The DHS Cybersecurity & Infrastructure Security Agency (CISA) had issued security alerts AR20-232A and AR20-133A over these trojans.

According to the researchers, Lazarus’ recent activity is part of a broader international campaign leveraging supply chain attacks.

Identified by US-CERT and the FBI as HIDDEN COBRA, the group was suspected to be responsible for the WannaCry ransomware and the Sony Picture Entertainment hacking that escalated tensions between the US and North Korea.

Lazarus’ supply chain attacks target atypical victims

Experts believe that Lazarus is expanding its victim base beyond that of Asian government agencies and policy think tanks.

Kaspersky researchers discovered that the hacking group had targeted a Latvian tech firm developing asset monitoring solutions, an atypical victim for Lazarus.

During the attack, the North Korean APT deployed a compromised downloader “Racket” signed with a stolen digital certificate. The hacking group had stolen the digital certificate from a US-based South Korean security company.

According to Kaspersky, the APT compromised multiple servers and uploaded several malicious scripts in the process. The group used the malicious scripts to control the trojans installed on downstream victims.

“North Korea once again figures prominently in an attack, although it doesn’t appear to be the government this time, at least not directly,” said Saryu Nayyar, CEO at Gurucul.

“Government-sponsored attacks continue to be a major issue for other governments and enterprises. Both types of organizations need to be cognizant of the potential for high-powered attacks and respond appropriately. Early…

Source…