Tag Archive for: Steals

Billions of iPhone and Android owners warned over ‘cursed movie’ – one click steals your money and puts you in danger

/in


IT’S almost time for the Oscars and cyber criminals are hoping to cash in on unsuspecting movie fans.

Security experts at Kaspersky are warning that one of the most popular Oscar-nominated movies is being used to steal people’s data and even money.

Security experts are warning about a fake movie scamCredit: Getty

Scammers are said to be creating fake websites that offer victims a fake chance to stream nominated movies for free.

The aim is to steal personal and banking information from victims and sell this on the dark web.

Kaspersky experts have found several websites that aim to do just that.

They ask for “small subscription fees” and promise access to movies but will actually just steal your bank information.

The experts warn that victims then become vulnerable to unauthorized transactions.

Movies being offered by scammers include Everything Everywhere All at Once and Avatar 2.

If an offer to stream a movie seems too good to be true it probably is.

Olga Svistunova, a security expert at Kaspersky, said: “The Oscars 2023 is lucrative for cybercriminals who intensify their malicious activity every year.

Most read in Phones & Gadgets

“It’s crucial to be extra cautious during this event and double-check the authenticity of any website offering free streaming of movies.

“Don’t fall for fake websites or giveaway scams that trick users into giving away their personal information.

“Always use reputable streaming services and double-check website authenticity.”

Kaspersky advises checking the authenticity of websites before you enter any personal data.

You should also be wary of sites that promise early viewings of movies before they’re released.

Source…

Godfather Android Banking Trojan Steals Through Mimicry

/in


Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime

Trojan Impersionates More than 400 Financial and Crypto Exchange Apps

Akshaya Asokan (asokan_akshaya) •
December 21, 2022    

Godfather Android Banking Trojan Steals Through Mimicry
Image: Shutterstock

A banking Trojan is on a rampage thanks to its ability to mimic the appearance of more than 400 applications including leading financial and crypto exchange applications in 16 countries.

See Also: Finding a Password Management Solution for Your Enterprise

Research from security intelligence firm Group-IB says the Trojan, dubbed Godfather, reappeared in September with slightly modified WebSocket functionality after a three month pause in circulation.

Godfather is an upgraded version of the Anubis banking Trojan, whose code leaked online in 2019 (see: Botnet Watch: Anubis Mobile Malware Gets New Features). Godfather gets around Android security updates limiting Anubis through an updated command and control communication protocol. Its operators also removed several functionalities found in Anubis, such as the ability of the Trojan to encrypt files, record audio, or parse GPS data.
Group-IB researchers aren’t entirely sure how Godfather infects devices, but suspect one method is malicious apps on the Google Play store.

A signature feature of Godfather is using fake login pages that appear like the real thing to trick unsuspecting users into giving up credentials. Godfather transmits credentials onto the real financial service app while also exfiltrating any push notification one-time passcodes used for second-factor authentication. The object is to gain access to accounts with money, and drain them.

The Trojan establishes persistence by…

Source…

Scammer steals thousands of dollars worth of laptops from South Florida business – WSVN 7News | Miami News, Weather, Sports

/in


(WSVN) – A South Florida business has become the victim of a highly sophisticated scam. Kevin Ozebek exposes the scheme in tonight’s 7 Investigates.

Jake Luther’s company supplies items big and small to a host of clients.

Jake Luther: “Anything from toilet paper at your local museum or sandblasting a trailer for the military.”

So Jake was ecstatic when he got an email from a man saying he was Rodney Cartwright, the senior procurement executive at the National Gallery of Art in Washington, D.C.

Jake Luther: “It was from a dot-gov email address. From there it says, ‘We’d like you to bid on the opportunity to supply us with laptops for a new office expansion.’ We looked him up, we looked up the address, we looked up the National Gallery of Art. Everything lined up.”

Since the museum houses one of the most prestigious art collections in the country, Jake jumped at the chance.

He replied with a bid to send 63 laptops for $97,900.

A few days later, he got an email saying the bid was approved.

Jake Luther: “I was planning for my wedding, so we had a bunch of expenses coming up, so to me, being a Christian guy, this is a blessing from God.”

From his Cutler Bay office, Jake ordered the computers and sent them to a warehouse in Nashua, New Hampshire.

He was told it was the gallery’s distribution center.

Jake Luther: “During this time, he came back to me, and he was like, ‘You know, there’s a chance that we’re doing another expansion. It’s our final one. We need to order like another 60 more units.’”

So Jake sent 60 more laptops for $116,000 to Nashua.

He then focused on his upcoming wedding.

Jake Luther: “When I got back from my honeymoon, we’re about the 30-day mark where this contract should be paid out through wire transfer, which is relatively typical for these type of deals.”

But the money never came, and Jake stopped getting responses from the man he thought was Rodney Cartwright.

Jake Luther: “It’s one of my lowest emotional moments. It was like I could feel my head pounding, I could hear ringing in my ears. I immediately got on my knees and didn’t know what to do.”

Jake then tracked down the real Rodney Cartwright at the museum and…

Source…

BlackByte ransomware affiliate also steals victims’ data • The Register

/in


At least one affiliate of the high-profile ransomware-as-a-service (RaaS) group BlackByte is using a custom tool to exfiltrate files from a victim’s network, a key step in the fast-growing business of double-extortion.

The exfiltration tool, dubbed Exbyte, is written in Go for Windows computers, and is designed to upload files to the Mega cloud storage service, according to researchers in Symantec’s Threat Hunter Team this month.

Exbyte lets the affiliate speedily grab a victim’s sensitive internal documents and stash them out of sight, yet another indication of BlackByte’s rising status in the always-dynamic ransomware world. A victim’s network is compromised, and the intruders siphon off data using Exbyte and then lock up the network using BlackByte.

“Following the departure of a number of major ransomware operations such as Conti and Sodinokibi [also known as REvil], BlackByte has emerged as one of the ransomware actors to profit from this gap in the market,” the Symantec team wrote in a report. “The fact that actors are now creating custom tools to use in BlackByte attacks suggests that is may be on the way to becoming one of the dominant ransomware threats.”

BlackByte emerged in July 2021 and quickly became a significant group in the RaaS space. The US government’s Cybersecurity and Infrastructure Security Agency (CISA) and FBI in February issued an alert [PDF], noting that the ransomware had been used multiple times to attack US and foreign businesses, including at least three organizations in critical infrastructure sectors – government, financial, and food and agriculture – in the United States.

The BlackByte group also was behind an attack on the San Francisco 49ers football team in February.

Symantec says the BlackByte RaaS operation is run by a crew it calls Hecamede and that in recent months, the ransomware has been…

Source…