Tag: Thousands | Page 3

New Android malware family has infected thousands of devices – here’s what we know

December 29, 2023/in Mobile Security

Cybersecurity researchers from McAfee hae uncovered over a dozen malicious apps lurking in the Google Play Store.

The researchers claim these apps were carrying a potent piece of malware, capable of stealing sensitive data from the infected Android devices and possibly even running ad fraud.

The apps were downloaded at least 330,000 times.

Accessibility Service

According to the researchers, the backdoor is called “Xamalicious”, and has so far been discovered in thee following apps:

– Essential Horoscope for Android – 100,000 installs

– 3D Skin Editor for PE Minecraft – 100,000 installs

– Logo Maker Pro – 100,000 installs

– Auto Click Repeater – 10,000 installs

– Count Easy Calorie Calculator – 10,000 installs

– Dots: One Line Connector – 10,000 installs

– Sound Volume Extender – 5,000 installs

After being labeled as malicious, Google removed these apps from its app repository.

While Google’s action is commendable, the move doesn’t protect users who already downloaded the apps in the past, with some reportedly having been available for download since mid-2020. They will have to remove those manually and use an anti-virus program or cleaner to remove up any loose ends.

The majority of the victims were found in the US, the UK, Germany, Spain, Australia, Brazil, Mexico, and Argentina.

To operate properly, the malware asks the victim to grant it Accessibility Service permissions, which is often a red flag and should help most people identify a malicious app from a legitimate one.

That being said, with Accessibility enabled, the malware is able to grab device and hardware information, including Android ID, brand, CPU, model, OS version, language, developer options status, SIM details, and firmware. Furthermore, it can identify the device’s physical location, ISP name, organization, and services. It also comes with a few features to help it determine if it’s installed on a genuine device or an emulator.

Finally, the malware can pull a second-stage payload from the C2 server.

Via BleepingComputer

More from TechRadar Pro

Source…

Cybercriminals using fewer than 1% of thousands of potential exploits

December 20, 2023/in Internet Security

More than 26,000 vulnerabilities were disclosed in 2023, but cybercriminals only needed fewer than 1% of them, a Qualys Threat Research Unit report reveals. Almost half of exploited vulnerabilities were unknown to cyber defenders.

Statistics from 2023 reveal that malicious actors act fast when exploiting vulnerabilities before they get patched.

Over 26,000 vulnerabilities were disclosed in 2023, which is 5.6% more compared to the previous year. However, Qualys found that fewer than one percent of them contributed to the highest risk and were routinely exploited by threat groups.

Among 206 weaponized vulnerabilities, 109 were known to the US cyber defense agency CISA, while the rest 109 were unknown.

Ransomware groups such as LockBit and Cerber routinely exploited even fewer than that, only 20 vulnerabilities, despite having over 7,000 discovered vulnerabilities with a proof-of-concept exploit code that could result in successful exploitation. Cyber gangs did not use the lower quality code to ensure the highest likelihood of successful attacks.

Additionally, 15 vulnerabilities were exploited by malware and botnet groups.

“Many of these vulnerabilities, such as those found in MOVEit Transfer, Windows SmartScreen, and Google Chrome, are exploitable remotely, obviating the need for physical access to the targeted system,” researchers said.

Remote code execution is the most preferred type of exploit, with 60 vulnerabilities exploited in the wild. The five most prevalent types, comprising over 70% of weaponized vulnerabilities, also included security feature bypass, privilege escalation, buffer manipulation, and input validation and parsing.

Less time to react

The report reveals that network defenders must act with urgency. While the average time to exploit vulnerabilities in 2023 stands at 44 days, in numerous cases, exploits were available on the very same day vulnerabilities were published. The Modus operandi of attackers is shifting, leaving less time for response.

“25 percent of these security vulnerabilities were immediately targeted for exploitation, with the exploit being published on the same day as the vulnerability itself was publicly disclosed,”…

Source…

Chinese police step up fight against hackers, with thousands captured

November 30, 2023/in Computer Security

Chinese police have intensified the fight against hacker crimes over the past year, leading to the capture of more than 7,000 suspects, the Ministry of Public Security said on Thursday.

Police officers across the country have solved 2,430 criminal cases involving hackers since the start of last year, which has contributed to protecting data security and maintaining order in cyberspace, Li Tong, deputy head of the ministry”s cybersecurity bureau, told a news conference.

Hacker crimes mainly include illegal intrusion into computer information systems, illegal acquisition of computer information system data, illegal control of computer systems and the provision of programs and tools for intrusion.

Statistics released by the ministry on Thursday showed that the number of hacking cases solved by Chinese police has risen three consecutive years, with an average annual growth rate of 27.7 percent.

While directly infiltrating and sabotaging computer information systems, criminals have also been discovered to have provided technical support and material information for other illegal activities such as telecom fraud, online gambling and online pornography, Shi You, a bureau official, said.

He said the methods used by hacking criminals have diversified with the rapid development of technologies, including artificial intelligence and blockchain, adding that thousands of hacker tools are circulating online.

“Most of the tools come with detailed tutorials and user-friendly interfaces, allowing people to carry out criminal activities such as vulnerability scanning and Trojan implantation without needing to have a high level of technical expertise,” Shi said.

The average age of hackers had also been decreasing year by year, he added, revealing that there have been cases of elementary school students being proficient in using hacker tools.

Huang Xiaosu, another bureau official who specializes in technologies, said the victims of such crimes frequently have computer systems with security loopholes or have failed to install risk prevention software.

“Some victims had little security awareness, as they used simple passwords that were easy for hackers to attack,” she added.

To…

Source…

The Best Amazon Cyber Monday Deals (Of The Thousands We’ve Scanned So Far)

November 26, 2023/in Mobile Security

What we like: Our top pick for the best local-video baby monitor. Offers clear video, audio, and talk-back, as well as intuitive controls, a solid battery life, and the ability to add cameras. Can remotely pan the camera from side to side and tilt it up and down. We like that the included white noise, lullabies, and night-lights can remain useful into the toddler years and beyond.

Source…

Tag Archive for: Thousands

Less time to react