Tag Archive for: users

Malware Alert! Hackers Attacking Indian Android users


A new malware campaign has been identified targeting Android users in India.

This sophisticated attack distributes malicious APK packages to compromise personal and financial information. The malware, available as a Malware-as-a-Service (MaaS) offering, underscores the evolving threat landscape in the digital age.

Symantec, a global leader in cybersecurity, has stepped up to protect users from this emerging threat.

The Rise of Malicious APKs

The campaign has been meticulously designed to spread malware through APK packages disguised as legitimate applications.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

These applications, which appear to offer services such as customer support, online bookings, billing, or courier services, are vehicles for a range of malicious activities.

Once installed, the malware targets the theft of banking information, SMS messages, and other confidential data from victims’ devices.

This strategy of disguising malicious software as harmless applications is not new but remains highly influential.

The attackers exploit the trust users place in app downloads, particularly those offering valuable services.

Broadcom has recently released a report on a Malware-as-a-Service (MaaS) campaign specifically targeting Android users in India.

The attack represents a threat to the security of Android devices in the region and can potentially cause significant damage to individuals and organizations.

Symantec has identified the malware through its robust security systems, classifying it under two main categories:

Mobile-based Threats:

  • Android.Reputation.2
  • AppRisk: Generisk

Web-based Threats:

The campaign’s infrastructure, including observed domains and IPs, falls under security categories protected by…

Source…

The 21 apps Android users should delete immediately over malware concerns


A list of more than 20 apps designed for Android users known to contain malware has been released.

The list was released by Malware Fox, an anti-malware program.

“Currently, there is no better medium with a huge user base than Android,” Malware Fox said.

Stream local 7NEWS free on 7plus 7plus

“Over the last decade, Android has become a soft target for cyberattackers to carry out illicit activities.

“It is because Android is an open-source program, making it highly customisable, unlike iOS.

“It is easy for cybercriminals to infiltrate an Android device using malicious apps.”

The compromised apps contain one of four types of malware.

Harly Trojan obtains data about the user’s device, especially data about the mobile network.

This malware is found in:

  • Fare Gamehub and Box
  • Hope Camera-Picture Record
  • Same Launcher and Live Wallpaper
  • Amazing Wallpaper
  • Cool Emoji Editor and Sticker

Joker Spyware gathers contact lists, SMS messages, and details about affected devices.

This malware also has the capacity to register the device for premium services without consent, monetising the malware infection.

It is found in:

  • Simple Note Scanner
  • Universal PDF Scanner
  • Private Messenger
  • Premium SMS
  • Blood Pressure Checker
  • Cool Keyboard
  • Paint Art
  • Color Message

Autolycos Malware is a Trojan spyware that is known for subscribing victims to paid services.

This malware is found in:

  • Vlog Star Video Editor
  • Creative 3D Launcher
  • Wow Beauty Camera
  • Gif Emoji Keyboard
  • Instant Heart Rate Anytime
  • Delicate Messenger

Fleckpe is another Trojan spyware that is known for subscribing victims to paid services.

This malware is found in:

  • Beauty Slimming Photo Editor
  • GIF Camera Editor Pro

Days after McAfee warning

The warning comes just days after computer security company McAfee warned Android users about new malware.

A new variant of Xloader malware, otherwise known as MoqHao, makes it easier for hackers to access your phone’s data.

While previous versions of Xloader required the phone user to download and open the malware, the new programming means the malware can silently run in the background straight…

Source…

Attack wrangles thousands of web users into a password-cracking botnet


Attack wrangles thousands of web users into a password-cracking botnet

Getty Images

Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks.

A web search for the JavaScript that performs the attack showed it was hosted on 708 sites at the time this post went live on Ars, up from 500 two days ago. Denis Sinegubko, the researcher who spotted the campaign, said at the time that he had seen thousands of visitor computers running the script, which caused them to reach out to thousands of domains in an attempt to guess the passwords of usernames with accounts on them.

Visitors unwittingly recruited

“This is how thousands of visitors across hundreds of infected websites unknowingly and simultaneously try to bruteforce thousands of other third-party WordPress sites,” Sinegubko wrote. “And since the requests come from the browsers of real visitors, you can imagine this is a challenge to filter and block such requests.”

Like the hacked websites hosting the malicious JavaScript, all the targeted domains are running the WordPress content management system. The script—just 3 kilobits in size—reaches out to an attacker-controlled getTaskURL, which in turn provides the name of a specific user on a specific WordPress site, along with 100 common passwords. When this data is fed into the browser visiting the hacked site, it attempts to log into the targeted user account using the candidate passwords. The JavaScript operates in a loop, requesting tasks from the getTaskURL reporting the results to the completeTaskURL, and then performing the steps again and again.

A snippet of the hosted JavaScript appears below, and below that, the resulting task:

const getTaskUrl = 'hxxps://dynamic-linx[.]com/getTask.php';
const completeTaskUrl = 'hxxps://dynamic-linx[.]com/completeTask.php';

[871,"https://REDACTED","redacted","60","junkyard","johncena","jewish","jakejake","invincible","intern","indira","hawthorn","hawaiian","Source…

Fancy Bear sniffs out Ubiquiti router users


The American authorities have warned users of Ubiquiti’s EdgeRouter products that they may be at risk of being targeted by the Russian state threat actor Fancy Bear, also known as APT28 and Forest Blizzard/Strontium.

In a coordinated advisory, to which partner agencies including the UK’s National Cyber Security Centre (NCSC) and counterparts in Belgium, Brazil, France, Germany, Latvia, Lithuania, Norway, Poland and South Korea also put their signatures, the FBI, National Security Agency (NSA) and US Cyber Command urged users of the affected products to be on their guard.

Fancy Bear, and Forest Blizzard (Strontium), have used compromised EdgeRouters globally to harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear phishing landing pages and custom tools,” read the advisory.

Users of EdgeRouters have been told to perform a factory reset, upgrade to the latest firmware version, change default usernames and credentials, and implement strategic firewall rules on WAN-side interfaces.

Ubiquiti EdgeRouters have become popular among users and threat actors alike thanks to a user-friendly, Linux-based operating system. Unfortunately, they also contain two highly dangerous flaws – the devices often ship with default credentials and have limited firewall protections, and they do not automatically update their firmware unless the user has configured them to do so.

Fancy Bear is using compromised routers to harvest victim credentials, collect digests, proxy network traffic and host spear phishing landing pages and other custom tools. Targets of the operation include academic and research institutions, embassies, defence contractors and political parties, located in multiple countries of interest to Russian intelligence, including Ukraine.

“No part of a system is immune to threats,” said NSA cyber security director Rob Joyce. “As we have seen, adversaries have exploited vulnerabilities in servers, in software, in devices that connect to systems, in user credentials, in any number of ways. Now, we see Russian state-sponsored cyber actors abusing compromised routers and we are joining this CSA to provide mitigation recommendations.”

Dan Black,…

Source…