Tag: posing | SpinSafe

Attention Android users: A malware posing as McAfee security app can steal your sensitive data

April 5, 2024/in Mobile Security

New Delhi,UPDATED: Apr 4, 2024 19:00 IST

Security researchers have found that a trojan malware has been posing as the McAfee security app. The malware only affects Android users, and aims to steal personal data like passwords, credit card details, photos, videos, and other sensitive information. This was first reported by Bleeping Computer.

The trojan malware is reportedly a more powerful version of the Vultur malware. Vultur was among the earliest Android banking malware to incorporate screen recording abilities and include functions like keylogging and interacting with a victim’s device screen. Its primary focus was to target banking apps for keylogging and remote control. The discovery of Vultur was initially made by ThreatFabric in late March 2021.

The malware is being circulated via Google Play Store. Apparently, the malware was first distributed on the Android app store in 2022 and has since been active on the platform.

How does the malware work?

The malware pretty much looks like a promotion message for the MacAfee security app, and it is quite easy to fall for. Usually, an Android user will receive an SMS that will claim to have found an unauthorised transaction in your bank account, urging them to call a provided number for assistance.

When you call that number, users will get connected to the scammers, who will send a follow-up SMS with a link to download a malicious version of the McAfee Security app containing the Brunhilda malware dropper.

By installing this fake app, it will gain access to your device’s ‘Accessibility Services’, which will eventually connect it to the malware’s main server. And once that happens, the attackers can access any information on your device remotely.

How to stay safe from such malware?

To ensure you are safe from such malware, never download any app from random links sent to you. Don’t even download apps off browsers. Only download official apps through the Google Play Store. It is also good to always check reviews and ratings of an app before you download it, which can give you a good sense of the authenticity of the app. Also, always pay attention to the developer details of every app before you download it.

Published By:

Nandini…

Source…

Android malware posing as Google Chrome could steal your photos, contacts, and more — how to spot the fake

February 11, 2024/in Mobile Security

An updated version of the XLoader malware for Android devices doesn’t require any user interaction to launch once installed, according to researchers at McAfee (via BleepingComputer). Of course, you still need to click the malicious link in an SMS message to download and install the malware, but this XLoader variant doesn’t require users to manually launch the malware anymore.

Right now, the malware is being distributed through SMS texts on Android devices. If you’re targeted, the SMS text will include a shortened URL that, if clicked on, will direct you to a website to download an Android APK installation file for a mobile app. McAfee says that, “While the app is installed, their malicious activity starts automatically.”

The malware will run silently in the background, gaining access to all kinds of personal, private data on your Android device, including photos, messages, contacts, and potentially banking information. Luckily, the malware is pretty easy to spot and you might already be protected if Google’s Play Protect service is enabled on your Android device. Here’s what to look for, and how to see if Play Protect is active.

How to spot the new XLoader malware

XLoader—also known as MoqHao malware—is likely created by ‘Roaming Mantis,’ a financially-motivated threat actor, and McAfee identified some malicious pop-up messages in the malware’s code in English, Korean, French, Japanese, German, and Hindi, which indicates the malware’s current targets.

If you’re in an area that primarily speaks one of those languages, you might be at risk, but the warning signs that something’s off are pretty clear. In permission requests during the malicious app’s first launch, it’ll masquerade as Google Chrome, but you’ll notice some letters are bolded while others aren’t.

android malware posing as chrome

(Image credit: McAfee)

After those initial requests, the malicious app will ask you to set “chrome” as your default SMS app, citing the reason “to prevent spam” to convince you it’s the right decision. Again, you’ll spot randomly bolded letters here as a warning sign that something’s off.

android malware posing as google chrome

(Image credit: McAfee)

You should be on the lookout for suspicious-looking phishing URLs from Pinterest profiles, as this is a primary way…

Source…

Attackers set up rogue GitHub repos with malware posing as zero-day exploits

June 14, 2023/in Internet Security

In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware.

The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms.

“The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware,” researchers from security firm VulnCheck, who found the rogue repositories, said in a report.

“It’s unclear if they have been successful but given that they’ve continued to pursue this avenue of attacks, it seems they believe they will be successful.”

While attacks that target security researchers are not a new development, they are relatively rare and more likely to be the work of advanced persistent threat (APT) groups looking to gain access to sensitive information that researchers have access to.

This was the case with a campaign reported by Google’s Threat Analysis Group in 2021 where a government-backed North Korean entity created a web of fake accounts posing as security researchers on Twitter, Telegram, LinkedIn, and other social media platforms and used them to promote proof-of-concept exploits for existing vulnerabilities that were posted on a blog and in YouTube videos.

How the GitHub fake account campaign works

The fake accounts were used to contact other real researchers and invite them to collaborate. As part of the communication, a Visual Studio project with proof-of-concept exploit code was shared, but this project also included a malicious DLL that deployed malware on the victim’s computer.

Separately, some researchers who visited the blog had their up-to-date systems exploited suggesting the attackers had access to some zero-day exploits.

Source…

Hamas Hackers Posing as Women to Con Snr Israeli Officials into Installing Malware

April 9, 2022/in Computer Security

A Middle Eastern hacking group supposedly connected to Hamas uses malware to steal sensitive data from Windows and Android devices of high-ranking Israeli officials.

Sophisticated Catfish Campaign Targeting Israeli Officials

Cybereason’s Nocturnus researcher team has reported a new malware campaign where Israeli government officials are targeted with catfishing lures. Apparently, the Hamas-linked Advanced Persistent Threat group/APT-C-23 is engaged in a sophisticated catfishing campaign specifically targeting high-ranking Israeli officials. The group is also known as Arid Viper, Desert Falcon, and FrozenCell.

Hamas Hackers Posing as Women to Con Snr Israeli Officials into Installing Malware — One of the fake Facebook profiles used by hackers to trick Israeli government officials (Image credit: Cybereason)

Israeli Officials Keep Getting Catfished

It is worth noting that APT-C-23 has a history of successfully catfishing Israeli military and government officials. The group’s campaign goes all the way back to 2015 when Trend Micro revealed that “Arid Viper” successfully targeted Israeli officials with ‘Porn Star Video’ malware.

In 2015 again, an independent security research firm, Blue Coat Systems Inc. (Blue Coat), confirmed that “Desert Falcons” successfully carried out a four-month spying campaign after breaching Israeli military servers. In their campaign, the group also used sensual photos of IDF’s women division to lure officials.

In 2017, Israeli authorities acknowledged that Hamas hacked dozens of IDF soldiers’ phones using seductive female images. In their campaign, hackers posted seductive pictures of young Israeli women on social media to attract IDF soldiers and successfully obtained classified information in return.

In 2018, the Times of Israel reported that the smartphones of hundreds of IDF soldiers were compromised by Hamas. According to the newspaper, IDF blamed Palestinian hackers for spying on its soldiers with spyware-infected World Cup and dating apps and using photos of attractive women.

In January 2020, Hamas hackers managed to lure more Israeli soldiers into falling prey to their Honey Trap operation in which several hundred Israeli soldiers got their smartphones infected with malware….

Source…

Tag Archive for: posing

How does the malware work?

How to stay safe from such malware?

How the GitHub fake account campaign works

Sophisticated Catfish Campaign Targeting Israeli Officials

Israeli Officials Keep Getting Catfished