Tag Archive for: trojan

Van Nuys man indicted for allegedly selling ‘trojan’ malware to help others crack computers – Daily News

/in


Federal authorities on Thursday announced the arrest of a Van Nuys man who allegedly schemed to market and sell malware that gave purchasers control over computers and enabled them to access victims’ private communications, their login credentials and other personal information.

Edmond Chakhmakhchyan, 24, allegedly used the screen name “Corruption.” He was arrested Wednesday by special agents with the FBI. During his arraignment in federal court, he pleaded not guilty to charges contained in a two-count indictment and was ordered back to court on June 4. His bond was set at $70,000.

The indictment charges Chakhmakhchyan with one count of conspiracy to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer and to intentionally access a computer to obtain information, as well as one count of advertising a device as an interception device. Each count carries a maximum sentence of five years in federal prison.

The indictment alleges an agreement between the malware’s creator and Chakhmakhchyan in which the defendant allegedly would post ads for the Hive remote access trojan, or RAT, on the Hack Forums website, accept Bitcoin payments for licenses to use the Hive RAT and provide customer service to those who purchased the licenses.

Customers purchasing the malware would transmit Hive RAT to protected computers and gain unauthorized control over and access to those devices, allowing the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission, according to the indictment.

Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” about four years ago and advertised online the RAT’s many features.

Source…

Mobile Banking Trojan Campaigns Target Indian Android Users

/in


Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime

Hackers Use Messaging Apps WhatsApp, Telegram to Bait Victims

Mihir Bagwe (MihirBagwe) •
November 21, 2023    

Mobile Banking Trojan Campaigns Target Indian Android Users
Microsoft is warning about banking Trojans spread on social media. (Image: Shutterstock)

Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India – a development facilitated by ubiquitous QR codes and a national digital identity program known as Aadhaar that covers nearly every Indian.

Microsoft said in a Monday blog post that mobile malware infections aren’t a new threat to Indian users, but they “pose a significant threat” of financial loss and data theft.

Fraudsters use WhatsApp and Telegram to distribute malicious apps masquerading as legitimate banks, government services and utilities software. Hackers are using a relatively new tactic of directly sharing malicious Android app files with the mobile users over messaging platforms.

Ongoing campaigns led to the discovery of two fraudulent applications designed to deceive Indian banking customers.

Targeting Account Information

Threat actors used WhatsApp in a recent, widely circulated phishing campaign to deliver a fake banking app disguised as a “know your customer” app that tricks users into submitting…

Source…

Don’t trust that update! Untold number of Android users duped by dangerous SpyNote trojan

/in


Android users have been put on spyware high-alert as a banking trojan by the name of SpyNote has recently returned to the limelight.

The Android-based malware has been a background security threat for users since 2022. However, now in its third revision and with source code of of one of its variants (known as ‘CypherRat’) having leaked online in January of 2023, detections of this spyware have spiked throughout the year.

Source…

GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets • The Register

/in


Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system’s accessibility features to steal info that enables theft of personal information.

The security research outfit wrote that the trojan, named GoldDigger, currently targets Vietnamese banking apps – but includes code suggesting its developers plan wider attacks. Between June 2023, when it spotted GoldDigger, and late August, Group-IB identified 51 financial organization applications targeted by the trojan. The security form is unsure how many devices have been infected, or how much money has been stolen.

The malware makes its way onto devices after users visit fake websites that manipulate them into downloading the app. Once installed, GoldDigger requests access to Android’s Accessibility Service – the feature designed to assist users with disabilities by allowing apps to interact with each other and modify the user interface.

Permission to use the Accessibility Service means GoldDigger can monitor and manipulate a device’s functions and view personal information such as banking app credentials and the content of SMS messages, and send that info to command-and-control servers. A code snippet found by the researchers suggests the malware attempts to bypass two factor authentication, and is designed to fool banking apps that it is making legitimate transactions.

“We have not confirmed that the Trojan operators use these capabilities at the time of writing. However, based on the behavior of other known Trojans similar to GoldDigger, we don’t think they differ significantly,” explained Group-IB.

“We are definitely observing a significant increase in the Android malware strains abusing the Accessibility Service. For Android malware trends, there is a noticeable shift away from the traditional use of web fakes,” Sharmine Low, malware analyst at Group-IB, told The Register. Low said using the Accessibility Function was a “much more invasive approach compared to generating individual web fake files for each specific target.”

GoldDigger’s developers have left clues that their ambitions may reach beyond Vietnam. The malware includes translations…

Source…