Tag Archive for: Malware

Fujitsu Confirms It Was Hacked Via Malware, Says Probe Ongoing


Fujitsu Limited reported that the attack, which exposed employee and customer information, came from malware that impacted an unspecified number of the company’s work PCs.


Tokyo-based Fujitsu Limited Friday said it suffered a data breach, which resulted in files containing customer information that could have been accessed by unauthorized people.

Fujitsu, in the English translation of an online statement, wrote that it confirmed the presence of malware on several of its work computers, and after an internal investigation, found that “files containing personal information and customer information could be illegally taken out.”

“After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers. Additionally, we are currently continuing to investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked,” Fujitsu wrote.

[Related: 10 Major Cyberattacks And Data Breaches In 2023]

Fujitsu also said it has reported the breach to Japan’s Personal Information Protection Commission, and that it has yet to receive reports whether information about the company’s personnel or its customers has been misused.

Japan’s Personal Information Protection Commission, the chairman of which is appointed by Japan’s Prime Minister, provides security policies, mediation of complaints, and international cooperation.

So far, based on the statement, it appears that the impact of the breach is limited to Japan, but it could be more widespread.

CRN reached out to Fujitsu for more information, but had not received a response by press time.

Fujitsu is a global electronics and IT manufacturer with 124,000 employees and annual revenue of about $25 billion.

2024 has been a big year for data breaches. The U.S. alone in January saw 336 publicly disclosed security incidents, which according to security provider IT Governance was 7 percent of the world’s total…

Source…

Malware Alert! Hackers Attacking Indian Android users


A new malware campaign has been identified targeting Android users in India.

This sophisticated attack distributes malicious APK packages to compromise personal and financial information. The malware, available as a Malware-as-a-Service (MaaS) offering, underscores the evolving threat landscape in the digital age.

Symantec, a global leader in cybersecurity, has stepped up to protect users from this emerging threat.

The Rise of Malicious APKs

The campaign has been meticulously designed to spread malware through APK packages disguised as legitimate applications.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

These applications, which appear to offer services such as customer support, online bookings, billing, or courier services, are vehicles for a range of malicious activities.

Once installed, the malware targets the theft of banking information, SMS messages, and other confidential data from victims’ devices.

This strategy of disguising malicious software as harmless applications is not new but remains highly influential.

The attackers exploit the trust users place in app downloads, particularly those offering valuable services.

Broadcom has recently released a report on a Malware-as-a-Service (MaaS) campaign specifically targeting Android users in India.

The attack represents a threat to the security of Android devices in the region and can potentially cause significant damage to individuals and organizations.

Symantec has identified the malware through its robust security systems, classifying it under two main categories:

Mobile-based Threats:

  • Android.Reputation.2
  • AppRisk: Generisk

Web-based Threats:

The campaign’s infrastructure, including observed domains and IPs, falls under security categories protected by…

Source…

Zero-click malware: the emergence of AI worms


We investigate how AI worms operate without user interaction and could spread zero-click malware.

A few weeks after Microsoft admitted that nation-state actors were using its AI and the UN warned that North Korea earned $3B from 58 cyberattacks to fuel its nuclear program, it was revealed that an AI worm had been engineered to infiltrate generative AI ecosystems.

Researchers recently shared with Wired how they developed generative AI worms that could autonomously spread between AI systems. The AI worm, somewhat aptly named Morris II, after the first-ever recorded computer worm, can seamlessly target AI-powered email assistants without the user’s knowledge.

Researchers also showed how the worm could autonomously trigger the AI to release personal data, send spam emails, and replicate itself across the digital ecosystem through crafted prompts hidden inside legitimate communications. Welcome to the convergence of AI and cyber attacks. But what are AI worms, and how do they work?

The evolution of malware: introducing AI worms

Traditional malware requires interaction with unsuspecting users. Typically, this involves tricking their target into clicking a malicious link or downloading an infected file. However, AI worms exploit the functionalities of AI models to propagate themselves without any direct human intervention.

What makes AI worms deadly is that they can autonomously navigate and infiltrate systems without needing users to do anything. The operational framework of AI worms is ingeniously simple yet profoundly effective. These worms can manipulate AI systems into unwittingly executing malicious actions by embedding adversarial self-replicating prompts within AI-generated content. These actions range from extracting sensitive information to disseminating the worm across a network, amplifying the potential for damage.

Zero-click worms in AI: unveiling the hidden threats within genAI

In this pivotal study by Stav Cohen from the Israel Institute of Technology, Ron Bitton from Intuit, and Ben Nassi at Cornell Tech, the researchers revealed the dangers and capabilities of zero-click worms. These revelations illuminated the significant vulnerabilities within the genAI ecosystem….

Source…

This sneaky Android malware has an all-new way to avoid being detected


Cybersecurity researchers have found a new version of a well-known Android banking trojan malware which sports quite a creative method of hiding in plain sight.

PixPirate targets mostly Brazilian consumers with accounts on the Pix instant payment platform, which allegedly counts more than 140 million customers, and services transactions north of $250 billion.

The campaign’s goal was to divert the cash to attacker-owned accounts. Usually, banking trojans on Android would try to hide by changing their app icons and names. Often, the trojans would assume the “settings” icon, or something similar, tricking the victims into looking elsewhere, or simply into being too afraid to remove the app from their device. PixPirate, on the other hand, gets rid of all of that by not having an icon in the first place.

Running the malware

The big caveat here is that without the icon, the victims cannot launch the trojan, so that crucial part of the equation is left to the attackers.

The campaign consists of two apps – the dropper, and the “droppee”. The dropper is being distributed on third-party stores, shady websites, and via social media channels, and is designed to deliver the final payload – droppee – and to run it (after asking for Accessibility and other permissions).

Droppee, which is PixPirate’s filename, exports a service to which other apps can connect to. The dropper connects to that service, allowing it to run the trojan. Even after removing the dropper, the malware can still run on its own, on certain triggers (for example, on boot, on network change, or on other system events).

The entire process, from harvesting user credentials, to initiating money transfer, is automated, and done in the background without the victim’s knowledge or consent. The only thing standing in the way, the researchers claim, are Accessibility Service permissions.

It is also worth mentioning that this method only works on older versions of Android, up to Pie (9).

Via BleepingComputer

More from TechRadar Pro

Source…