Tag Archive for: wider

GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets • The Register


Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system’s accessibility features to steal info that enables theft of personal information.

The security research outfit wrote that the trojan, named GoldDigger, currently targets Vietnamese banking apps – but includes code suggesting its developers plan wider attacks. Between June 2023, when it spotted GoldDigger, and late August, Group-IB identified 51 financial organization applications targeted by the trojan. The security form is unsure how many devices have been infected, or how much money has been stolen.

The malware makes its way onto devices after users visit fake websites that manipulate them into downloading the app. Once installed, GoldDigger requests access to Android’s Accessibility Service – the feature designed to assist users with disabilities by allowing apps to interact with each other and modify the user interface.

Permission to use the Accessibility Service means GoldDigger can monitor and manipulate a device’s functions and view personal information such as banking app credentials and the content of SMS messages, and send that info to command-and-control servers. A code snippet found by the researchers suggests the malware attempts to bypass two factor authentication, and is designed to fool banking apps that it is making legitimate transactions.

“We have not confirmed that the Trojan operators use these capabilities at the time of writing. However, based on the behavior of other known Trojans similar to GoldDigger, we don’t think they differ significantly,” explained Group-IB.

“We are definitely observing a significant increase in the Android malware strains abusing the Accessibility Service. For Android malware trends, there is a noticeable shift away from the traditional use of web fakes,” Sharmine Low, malware analyst at Group-IB, told The Register. Low said using the Accessibility Function was a “much more invasive approach compared to generating individual web fake files for each specific target.”

GoldDigger’s developers have left clues that their ambitions may reach beyond Vietnam. The malware includes translations…

Source…

A hacking slugfest between Iran and its foes sparks fears of a wider cyberwar


A man fills his car with petrol at a gas station in the Iranian capital Tehran, October 27, 2021.

Gas stations across Iran were hit by a cyberattack in October that disabled thousands of pumps and upset motorists. (Atta Kenare / AFP/Getty Images)

For four days in early December, Iran’s top university ground to a halt. Web-conferencing software for COVID-constrained classes didn’t work. Faculty and students couldn’t access their records.

It was the latest round of attack in the low-level but escalating cyberhostilities between Iran and its adversaries, especially Israel, which have exchanged tit-for-tat hacks in a long-running shadow campaign of mutual destabilization. But the hit on the University of Tehran and other incidents like it represent a shift, experts say, from the regular targeting of military and nuclear sites toward a full-fledged cyberwar on civilian infrastructure.

“That’s an important distinction about cyberconflicts — they generally affect civilians and get the private sector,” said John Hultquist, vice president of intelligence analysis at the U.S. cybersecurity firm Mandiant.

“They’re not about military objectives. … The government is often not the audience for a lot of these incidents.”

The expansion of the Middle East cyberbattlefield comes as Iran improves defense of its controversial nuclear program, said Maysam Behravesh, a research associate at the Netherlands-based Clingendael institute who was an intelligence analyst and foreign policy advisor for Iran’s Ministry of Intelligence and Security from 2008 to 2010.

“Given that Iran’s nuclear facilities have spread all over the country and attacking the program has become much more complicated, Israel has adopted a new approach — conducting massive cyberattacks on sensitive civilian targets like dams, gasoline stations and power plants to foment nationwide riots with the objective of toppling the regime or keeping the rulers busy with day-to-day, endless riots,” Behravesh said.

Besides the University of Tehran attack earlier this month, Iran’s second-largest airline, Mahan Airlines, got hacked in November, its website made inaccessible. A large-scale hack in October disabled pumps at 4,300 gas stations across the country.

In August, a hacker group called Edalat-e…

Source…

Comment: Marriott guest system hack shows the need for wider rollout of Apple Pay on the web

Apple Pay offers protection against this type of hack, because actual card details are never passed to the company. Your iPhone, Watch or Mac instead generates a one-time code which is used in …
mac hacker – read more

Recent malware attacks on Polish banks tied to wider hacking campaign – Computerworld New Zealand

Recent malware attacks on Polish banks tied to wider hacking campaign
Computerworld New Zealand
The BAE Systems researchers found evidence that similar code pointing to the custom exploit kit was present on the website of the National Banking and Stock Commission of Mexico in November. This is the Mexican equivalent to the Polish Financial …
Attackers target dozens of global banks with new malware | Symantec ConnectSymantec

all 11 news articles »

exploit kit – read more