Tag Archive for: popular

Check your Android phone immediately and delete these popular apps now

/in


Android phone users have been hit by yet another worrying warning that could leave personal details in the hands of hackers. Security experts at Synopsys Cybersecurity Research Center (CyRC) have discovered three popular applications that appear to have a serious flaw which could allow online crooks to gain full access to vital data such as user names and passwords.

The apps, which are all available via the Google Play Store, have been downloaded over two million times which is why this latest news is so serious.

All of the software included in the warning offers the ability to transform Android phones into remote keyboards or a mouse for PCs. It’s that handy functionally which is why the applications have proven to be so popular.

However, CyRC says its research has uncovered weak or missing authentication mechanisms and insecure communication vulnerabilities in all three of the apps. This means they could be easy to exploit with hackers then able to use the apps to eavesdrop on keystrokes and see exactly what people are inputting, such as passwords, on their PCs.

It’s a pretty scary flaw and here is the full list of apps affected

• Telepad versions 1.0.7 and prior

• PC Keyboard versions 30 and prior

• Lazy Mouse versions 2.0.1 and prior

READ MORE: Google bans another popular Android app and all UK phone owners must delete it now

Although the developers don’t appear to have meant to have released anything malicious the applications remain vulnerable even though they have been warned about the problems.

CyRC has confirmed that it has reached out to the creators of the apps multiple times but has not received a response.

It appears that all three of the applications remain widely used but they are neither maintained nor supported, and evidently, security was not a factor when these applications were developed.

If you think you have them on your Android phone and are worried but the lack of security, CyRC is recommending you remove them immediately.

Speaking about the threat, Synopsys Cybersecurity Research Center (CyRC) said: “We have exposed multiple vulnerabilities in three applications that enable an Android device to be used as a remote keyboard and mouse for their computers.

“Lazy…

Source…

42,000 phishing domains discovered masquerading as popular brands

/in


Security researchers at Cyjax have uncovered a highly sophisticated and large scale phishing campaign in which the threat actors used as many as 42,000 phishing domains to distribute malware and gain ad revenue.

Campaign Details

Cyjax researchers noted that the threat actors have links to China and have been active since 2017. So far, the attackers, identified as the Fangxiao group, have spoofed over 400 brands from the banking, retail, travel, transport, pharmaceutical, energy, and finance sectors.

The group operates an extensive network comprising 42,000 domains used for impersonating famous brands. Their latest campaign aims to generate revenue from users who pay for traffic. At least 24,000 survey/landing domains have been used by the attackers to promote this scam since March 2022.

How does the Attack Works?

Fangxiao lures unsuspecting users to the malicious domains through WhatsApp messaging, informing them that they have won a prize. The users are redirected to fake dating sites, Amazon via affiliate links, adware, and giveaway sites. These sites appear convincing enough to the user. This brand impersonation campaign spoofs well-reputed names like McDonald’s, Unilever, Emirates, Knorr, and Coca-Cola.

Once visitors access the spoofed version of authentic brand sites, they are redirected to ad sites created by Fangxiao to generate money through fake surveys, promising the victim to win a prize upon completing it. Sometimes, the attacker may force Triada malware to be downloaded on the device when the victim clicks the Complete Registration button.

42,000 phishing domains discovered masquerading as popular brands
  1. Brand Protection is Essential for Cybersecurity
  2. Microsoft, PayPal & Facebook most targeted brands in phishing scams
  3. 240 top Microsoft Azure-hosted subdomains hacked to spread malware
  4. Hundreds of counterfeit branded shoe stores hacked with web skimmer

“As victims are invested in the scam, keen to get their ‘reward,’ and the site tells them to download the app, this has likely resulted in a significant number of infections,” Cyjax’s report (PDF) read.

Domain Analysis

The group uses 42,000 domains registered in 2019 through GoDaddy, Namecheap, and Wix….

Source…

Fake versions of popular apps spreading Monero miner malware for years: report

/in


Check Point Research (CPR), the research team of American-Israeli cybersecurity provider Check Point Software Technologies, has uncovered a Monero mining malware dubbed “Nitrokod” that has been sneakily infecting computers across 11 countries since 2019.

In a report, the research team stated the malware often masqueraded as desktop versions of popular applications such as Google Translate, YouTube Music, and Microsoft Translate. These spoof versions are available on dozens of free software download websites, including Softpedia and Uptodown.

In the case of the fake Google Translate desktop app, on which the team based their findings, the research notes that the Turkish-based entity that operates the digital asset mining malware campaign is counting on the lack of an official desktop app to attract users to the app.

“Most of the programs Nitrokod offers are popular software that do not have an official desktop version. For example, the most popular Nitrokod program is the Google Translate desktop application. Google has not released an official desktop version, making the attackers’ version very appealing,” the report said.

The study found that the malware campaign has remained undetected until now due to how it operates. The malware delays initiating the stealth digital asset mining operation for several weeks after the initial software download. It does this by using a scheduled task mechanism that triggers the malware installation over several days and steps while deleting traces of the installation.

Surprisingly, the hackers do not even have to build fake apps from scratch as they are easily created from the official web pages of the owners using a Chromium-based framework that allows them to spread functional programs.

Monero getting increasingly linked to cyber criminals

Check Point estimates that at least one hundred thousand victims across Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia, and Poland have been inadvertently mining Monero (XMR) with their CPU.

Meanwhile, this is not the first time malwares that insidiously mine the privacy token have been found infecting machines. In an incident in…

Source…

This popular game gives hackers access to your entire PC

/in


Hackers have been abusing the anti-cheat system in a massively popular game, and you don’t even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game’s anti-cheat measures in order to disable antivirus programs on the target machine. From there, they’re free to conduct ransomware attacks and take control of the device.

An overview of the Genshin Impact hack.
Trend Micro

Trend Micro prepared a lengthy report about this new hack, describing the way it works in great detail. The attack can be carried out using a Genshin Impact driver called “mhypro2.sys.” As mentioned above, the game doesn’t need to be installed on the targeted device. The module can operate independently and doesn’t need the game in order to run.

Researchers have found proof of threat actors using this vulnerability to conduct ransomware attacks since July 2022. While it’s unclear how the hackers are initially able to gain access to their target, once they’re in, they’re able to use the Genshin Impact driver in order to access the computer’s kernel. A kernel generally has full control over everything that happens in your system, so for threat actors to be able to access it is disastrous.

The hackers used “secretsdump,” which helped them snatch admin credentials, and “wmiexec,” which executed their commands remotely through Windows’ own Management Instrumentation tool. These are free and open-source tools from Impacket that anyone could get their hands on if they wanted to.

With that out of the way, the threat actors were able to connect to the domain controller and implant malicious files onto the machine. One of these files was an executable called “kill_svc.exe” and it was used to install the Genshin Impact driver. After dropping “avg.msi” onto the desktop of the affected computer, four files were transferred and executed. In the end, the attacker was able to completely kill the computer’s antivirus software and transfer the ransomware payload.

After some hiccups, the adversaries were able to fully load the driver and the ransomware onto a network share with the goal of mass deployment,…

Source…