Tag Archive for: spreading

Fake apps are spreading a new Android trojan called Octo Banking

/in


Fake apps are a pain in the keister. Sadly, fake apps are one of the primary tools hackers use to gain access to millions of mobile devices across the globe. They have gotten good at creating fake apps that draw users in with eye candy and time waster promises. Fake apps exist on both Android and iOS, so everyone is a target.

Estimated reading time: 2 minutes

This time though, Android users are the target as several fake apps that have been installed more than 50,000 times are targeting banks and financial institutions. This latest Android trojan is known as Octo Banking. Like many trojans, Octo Banking is phishing for your data and hopes you’ll fall for their methods to click on links that will eventually find your data.

The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a “lite” replacement for its Exobot predecessor, Dutch mobile security firm ThreatFabric said in a report shared with The Hacker News.

Exobot is also likely said to have paved the way for a separate descendant called Coper, that was initially discovered targeting Colombian users around July 2021, with newer infections targeting Android users in different European Countries.

“Coper malware apps are modular in design and include a multi-stage infection method and many defensive tactics to survive removal attempts,” Cybersecurity company Cyble noted in an analysis of the malware last month.

Like other Android banking trojans, the rogue apps are nothing more than droppers, whose primary function is to deploy the malicious payload embedded within them.

The Hacker News

The Hacker News has an excellent write-up that will provide you with much more information, so check them out for the full story.

What do you think of fake apps being used to plant the Android trojan Octo Banking? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.

Last Updated on April 10, 2022.

Android Trojan

Source…

Research claims Samsung Galaxy Store apps are spreading malware

/in


According to Max Weinbach of Android Police, “Samsung is hosting literal malware on the Galaxy Store.”

It is becoming harder and harder to evade online scams, especially those involving Android applications. According to an analysis from Android Police’s Max Weinbach, Samsung is hosting several infected Android apps on its official Galaxy Store that may insert malware into your phone.

Showbox Movie Apps Laden with Malware

Weinbach came across the shady apps while searching the Galaxy Store for Hulu app noted that several Showbox-based applications were available on the Galaxy Store. Some of them triggered Google Play Protect’s warning after getting installed.

When one of the apps at VirusTotal was examined, it generated more than one dozen low-grade alerts ranging from adware, malware, trojans to riskware. Moreover, a few of these malicious apps requested more permissions, such as accessing call logs, contacts, and the telephone.

The researcher then posted about this on Twitter, and Android Police further explored the issue.

Samsung Galaxy Store Apps Spreading Malware

What is the Issue?

Android Police identified that the app Weinbach tweeted about is a replication of an old movie piracy app known as Showbox. Many of these apps were available on the Galaxy Store just a week before. However, as of December 30th, none of the apps was available, indicating that the South Korea-based Samsung must have acted after the reports circulated.

Potential Dangers

Reportedly, the Galaxy Store comes pre-installed with all the latest smartphones manufactured by the company, therefore if people have downloaded the infected app, they could be exposed to numerous kinds of risks. At least two shady Showbox apps were identified during the analysis.

Further probe revealed that the app’s ad tech could perform dynamic code execution, and while the app may not directly contain malware, it can download/execute other codes, including malware.

According to Android security analyst Linuxct, though there are few legit use cases for this functionality, it is possible to weaponize them.

“So at any moment it may become a trojan/malware, hence it’s unsafe and thus why so many vendors flagged it in VT/Play…

Source…

Got a text about your 3rd vaccine dose? It’s a front for spreading malware

/in


Updated 10/11/2021 – Tanglebot malware started spreading last month through fake text messages regarding COVID-19 regulations and vaccinations. Cybercriminals behind this tricky scheme are now sending bogus messages claiming you’re about to experience local power outages. If you click links found inside these messages, your device will be infected with Tanglebot malware. Keep reading for more details and how to avoid falling victim.

As if we didn’t have enough to worry about with the Delta variant of COVID-19, we also have to deal with crooks taking advantage of people during the pandemic. All sorts of scams are coming to light, from tried-and-true methods to new ones created just for these challenging times.

Crooks don’t always directly focus on COVID-19 itself. The Federal Trade Commission reported on a scam involving text messages that inform people their unemployment insurance benefits are running out. If there was ever a time for people to panic and make uninformed decisions, this is it. Tap or click here to check out the details of this phishing scam.

A new scam has surfaced involving text messages that address COVID-19. Bad actors are luring potential victims with phony messages about COVID regulations and third doses of the vaccine in hopes of getting them to download malware. Read on for details.

Phishing, smishing

A report from analysts at Cloudmark points to a new threat involving malware attacks launched via text messages. This particular scam combines SMS (short message service, or text messages) and phishing and is thus known as smishing.

Phishing attacks attempt to gain a victim’s trust by imitating brands and companies they know or support. In this case, the crooks are posing as an ambiguous official or government entity.

Messages claim to include COVID regulations and information on the third dose of vaccines. But the text is malicious and contains links that infect your device with malware.

If the malware infects your device, the crooks can steal data and take over your phone. This…

Source…

Meat plant closures spreading after cyberattack on JBS – Silicon Valley

/in


By Fabiana Batista, Michael Hirtzer and Elizabeth Elkin | Bloomberg

A cyberattack on JBS SA, the largest meat producer globally, has forced the shutdown of some of the world’s largest slaughterhouses, and there are signs that the closures are spreading.

JBS’s five biggest beef plants in the U.S. — which altogether handle 22,500 cattle a day — have halted processing following a weekend attack on the company’s computer networks, according to JBS posts on Facebook, labor unions and employees. Those outages alone have wiped out nearly a fifth of America’s production.

Slaughter operations across Australia were also down, according to a trade group. One of Canada’s largest beef plants was idled for a second day.

It’s unclear exactly how many plants have been affected by the attack globally as JBS has yet to release details that granular. The prospect of more extensive shutdowns around the world is already upending agricultural markets and raising concerns about food security as hackers increasingly target critical infrastructure. In the U.S., JBS accounts for about a quarter of all beef capacity and roughly a fifth of all pork capacity. Livestock futures slumped while pork prices rose.

The Brazilian meat giant shut its North American and Australian computer networks after an organized assault on Sunday on some of its servers, the company said by email. Without commenting on operations at its plants, JBS said the incident may delay certain transactions with customers and suppliers.

“Retailers and beef processors are coming from a long weekend and need to catch up with orders,” Steiner Consulting Group said in its Daily Livestock Report. “If they suddenly get a call saying that product may not deliver tomorrow or this week, it will create very significant challenges in keeping plants in operation and the retail case stocked up.”

JBS closed meat processing facilities in Utah, Texas, Wisconsin and Nebraska and canceled shifts at plants in Iowa and Colorado on Tuesday, according to union officials and employees. Union Facebook posts also said some kill and fabrication shifts in the U.S. have also been canceled. Pork and chicken facilities across the nation are also…

Source…