Tag Archive for: poses

New Malware Poses Serious Threat to Android Users, All Details Here

/in


The primary method of spreading this malware is through SMS texts containing shortened URLs.

Recently, cybersecurity experts uncovered an updated version of the Android XLoader malware, which has been attributed to a threat actor known as ‘Roaming Mantis.’ This new variant is particularly concerning as it can self-execute without requiring any interaction from the user. The primary method of spreading this malware is through SMS texts containing shortened URLs. When a user clicks on the link, they are directed to a webpage urging them to download an Android installation file (APK) for a supposed mobile app.

According to a report by BleepingComputer, researchers at McAfee have provided detailed insights into this new iteration of the XLoader malware. One notable feature of this variant is its ability to automatically initiate itself after installation. To deceive users, the malware disguises itself as ‘Chrome’ with an italicized ‘r.’ Upon installation, the app prompts users to grant it continuous background operation and requests permission to be designated as the default SMS app. Notably, prompts are presented in multiple languages including English, French, Japanese, Hindi, and German.

The concerning aspect of this malware lies in its autonomous behaviour, which allows it to engage in malicious activities without the need for user interaction. Among its capabilities is the pilfering of sensitive information such as passwords, text messages, photos, contacts, and hardware details like the device’s IMEI, SIM, and serial number.

Source…

MoqHao Evolution Poses Immense Threat to Android Users

/in


Cybersecurity threat experts have recently discovered a new variant of the malware named XLoader, commonly known as MoqHao, that has the ability to automatically infect devices without any user interaction. Being termed the MoqHao evolution, this is a new version of the infamous android malware that has been long linked with Roaming Mantis, a financially motivated group of hackers based in China.

In this article, we will explore the background of MoqHao Evolution in detail and see how it operates differently from its earlier variants.

 

MoqHao Evolution – A Timeline


MoqHao is a mobile-based android threat that is used for phishing purposes and first appeared as a cybersecurity threat in 2015. Threat actors behind the malware-initiated attacks based on phishing activities through SMS, also referred to as “smishing,” in Asia. The major locations that were the target of MoqHao were Japan, South Korea, and Bangladesh. 

However, it later moved to European countries as well, like France and Germany. This received the attention of many cybersecurity threat experts. They deemed it as a serious threat to users because this notorious Android malware had robbed thousands of users by tricking them. 

Recent reports have mentioned that this Android malware now operates in 27 regional languages. This is a considerable increase from the 4 regional languages at the start, and highlights the widespread nature of the target users.


What Has Changed In MoqHao?


The biggest difference between the previous variants of this Android malware and the latest one is that it now does not need user interaction to infect the device. The earlier variants needed the user to launch this malware manually. After the user clicks on the installation link that is received through their phone’s SMS app, this new cybersecurity threat leads to the automatic execution of malicious code.


How The Evolved MoqHao Operates?


Understanding how the malware operates is essential for developing cybersecurity strategies. It masks itself as legitimate apps like the Chrome web browser by employing Unicode strings. However, if users are careful enough, they can identify it as the name of the software appears slightly…

Source…

Government must urgently awaken to threat ransomware poses to UK national security

/in


In May 2021, president Joe Biden declared a national state of emergency after a ransomware attack by Russian DarkSide forced one of the United States’ largest and most vital oil lines to shut down for six days.

Today in the UK we are at high risk of a catastrophic cyber-attack at any moment. Ransomware is a type of malicious software — ‘malware’ — designed to damage and destroy computer systems, usually to facilitate extortion.

It can cause severe disruption to the delivery of core government services, including healthcare and child protection, as well as ongoing economic losses. Swathes of UK critical national infrastructure (CNI) – much of which is operated by the private sector — remain vulnerable to ransomware, especially where sectors still rely on legacy IT systems. 

Victims have described going ‘back to a pre-computer era of the 1950s in mere minutes’ as they were locked out of digital systems and forced to resort to pen and paper. A coordinated and targeted attack has the real potential to bring the country to a standstill. 

The majority of ransomware attacks against the UK are from Russian-speaking perpetrators, and the government is almost certain that Russian actors sought to interfere in the 2019 general elections. With new UK and US elections on the horizon, we can expect to see the integrity of our democratic systems tested again soon.

But as the Joint Committee on National Security Strategy that I chair reports today, the UK’s response to this national security threat is severely lacking. Our main legislative framework, the Computer Misuse Act, is irresponsibly outdated – it was introduced before the arrival of the internet – and government missed another chance to rectify this in the latest King’s Speech.

The agencies tasked with detecting, responding to, and recovering from ransomware attacks – and degrading further attack capabilities – are under-resourced and lacking key skills and capabilities: a…

Source…

EV Charger Hacking Poses a ‘Catastrophic’ Risk

/in


Such cracks could conceivably permit hackers to access vehicle data or consumers’ credit card information, says Ken Munro, a cofounder of Pen Test Partners. But perhaps the most worrying weakness to him was that, as with the Concordia testing, his team discovered that many of the devices allowed hackers to stop or start charging at will. That could leave frustrated drivers without a full battery when they need one, but it’s the cumulative impacts that could be truly devastating.

“It’s not about your charger, it’s about everyone’s charger at the same time,” he says. Many home users leave their cars connected to chargers even if they aren’t drawing power. They might, for example, plug in after work and schedule the vehicle to charge overnight when prices are lower. If a hacker were to switch thousands, or millions, of chargers on or off simultaneously, it could destabilize and even bring down entire electricity networks. 

“We’ve inadvertently created a weapon that nation-states can use against our power grid,” says Munro. The United States glimpsed what such an attack might look like in 2021 when hackers hijacked Colonial Pipeline and disrupted gasoline supplies nationwide. The attack ended once the company paid millions of dollars in ransom.

Munro’s top recommendation for consumers is to not connect their home chargers to the internet, which should prevent the exploitation of most vulnerabilities. The bulk of safeguards, however, must come from manufacturers.

“It’s the responsibility of the companies offering these services to make sure they are secure,” says Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation, a digital rights nonprofit. “To some degree, you have to trust the device you’re plugging into.”

Electrify America declined an interview request. With regard to the issues Malcolm and the Kilowatts documented, spokesperson Octavio Navarro wrote in an email that the incidents were isolated and the fixes were quickly deployed. In a statement, the company said, “Electrify America is constantly monitoring and reinforcing measures to protect ourselves and our customers and focusing on risk-mitigating station and…

Source…