Tag Archive for: common

STOP ransomware, more common than LockBit, gains stealthier variant

/in


StopCrypt, the most common ransomware family of 2023, has a new variant leveraging more advanced evasion tactics.

StopCrypt, also known as STOP/DJVU, surpassed the LockBit ransomware family in detections in 2023, according to Trend Micro’s 2023 Annual Cybersecurity Report published last week. STOP typically targets smaller targets with an average ransom payment size of $619 in the first half of 2023, according to a mid-year report by Chainalysis.

SonicWall reported Tuesday that a new StopCrypt variant employes several evasion tactics in a multi-stage shellcode deployment process, including a long delay loop, dynamic API resolution and process hollowing, or the replacement of code in a legitimate executable to malicious code.

‘Msjd’ StopCrypt ransomware attempts to dodge anti-virus protection

The StopCrypt variant studied by SonicWall’s Capture Labs begins its stealth mission by copying the same data to a location more than 65 million times in a delay loop likely intended to dodge time-sensitive anti-virus mechanisms such as sandboxing.

It then employs multiple stages of dynamic API resolution — calling APIs at runtime rather than linking them directly. This prevents anti-virus detection of artifacts created by direct API calls from static links in the malware code.  

After taking a snapshot of the current processes using CreateToolHelp32Snapshot, extracting information using Module32First, and calling VirtualAlloc to allocate memory with read, write and execute permissions, the malware enters a second stage in which it dynamically calls additional APIs to perform process hollowing.

Ntdll_NtWriteVirtualMemory is used to write malicious code into a suspended process created with kernel32_CreateProcessA.

When the suspended process is resumed, the final ransomware payload launches icacls.exe to modify access control lists to prevent the ability to modify or delete a new directory and files created by StopCrypt. The ransomware encrypts the user’s files and adds the extension “.msjd.”

The ransomware note found in the variant studied by SonicWall includes a demand for $980, with a “discount” offer of $490 if the victim contacts the threat actor within 72 hours.

The STOP variant…

Source…

How cybercriminals use common apps on Google Play to spread malware

/in


Google Play is home to more than three million unique apps, most of which get updated regularly to update security patches and implement changes. However, cybercriminals have found ways to make use of these periodic updates to sneak malicious apps onto Google Play.

In 2023, apps with malicious codes were found to have been downloaded more than 600 million times on Google Play, Kaspersky shared in a blog post.

Some of the commonly downloaded apps that contain malware include photo editing apps, file managers, games, music and video players as well as health tracking apps.

The malware in these apps has been found to not just hide adware, but also track users’ location, cellular operator information, load spyware, record voice, and other sensitive user information.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

How threat actors post malicious apps on Google Play?

Cybercriminals create multiple developer accounts to upload apps on Google Play. Through these accounts they upload seemingly unremarkable apps with simple functionality and no malicious code to ensure they are able to sail through Google’s moderation checks. Once the app is downloaded by a sizeable audience, cybercriminals add malicious functionality in the app through an update.

An example of this is seen in the case of iRecorder app, which when uploaded to Google Play in 2021 was able to get past Google’s moderation checks as it did not contain any malicious code. However, once the app garnered close to 50,000 downloads, threat actors updated the app with malicious functionality, allowing the app to record sound from the device’s microphone every 15 minutes and sending it to a server of the app creators.

Threat actors have also been found to have made use of multiple developer accounts to ensure that they can continue uploading malicious apps if one of their accounts is blocked by the moderators.

From signing up for subscriptions to data mining, malicious apps do it all

Malicious codes in apps can be used to access sensitive user data including files, photos, videos and device’s location and cellular information. Such apps have also been found to sign up the user’s cellular…

Source…

I’m a hacking expert – never tap or click four common bank-draining words or risk strangers stealing your credit card

/in


GADGET users are being warned over a dangerous type of pop-up message that could leave your bank empty.

Cybercriminals can use pop-ups to hijack your computer or smartphone, experts have warned.

Be careful what you click

1

Be careful what you clickCredit: Unsplash

Crooks will often use a type of software called spyware to watch what you’re doing online.

Once they’ve tricked you into downloading spyware, there’s almost no limit to what a hacker can do.

“The impact of spyware on identity theft cannot be understated,” said a cybersecurity expert from McAfee.

“By stealthily recording sensitive personal and financial information, like usernames, passwords, and credit card numbers, it presents a significant risk to a user’s identity.”

A crook could install spyware on your device if they had physical access to it.

But it’s more more likely that you’ll end up being a victim of spyware due to a mistake online.

Criminals often attempt to trick you into installing spyware by making you think you’re downloading something else.

“Preventing spyware from infecting your system starts with practicing good online habits,” the McAfee expert explained in an official security memo.

“Avoid downloading files from untrusted sources, especially torrents and software cracks notorious for being riddled with spyware.”

But you might also find yourself downloading spyware after interacting with a pop-up message.

If you end up on a suspicious website, you might find a notification appearing on the screen.

These may seem harmless, but if you see the following four words, you might be in trouble.

“Never click ‘Agree,’ ‘OK,’ ‘No,’ or ‘Yes’ in a pop-up, as these actions can trigger an automatic spyware download,” McAfee warned.

“Instead, close the pop-up by hitting the red X or shutting down your browser altogether.”

Don’t forget!

Of course avoiding rogue pop-ups isn’t the only way to stave off spyware.

You should also regularly update the operating system on your device – whether that’s iOS, Android, Windows or macOS.

Read more on the Irish Sun

“These patches often contain fixes to known vulnerabilities that spyware and other malicious programs exploit,” the McAfee cyber-expert explained.

“Also, ensure to download and use your web…

Source…

Common Cybersecurity Threats and How an Online Security Consultant Can Help

/in


Protecting your online safety has never been more crucial in today’s digital age, where cybercriminals and hackers lurk around every virtual corner. The reality of cybersecurity threats, ranging from identity theft to malicious software attacks, can leave us feeling vulnerable and exposed. However, there is hope! In this blog post, we will explore some of the common cyber threats you may encounter and delve into the crucial role that online security consultants play in safeguarding your digital life. With their expertise, you can fortify your defenses and regain control over your online presence, as these modern-day guardians protect our cyberspace.

 

Common Cybersecurity Threats

In the modern business landscape, numerous cybersecurity threats pose risks to organizations. These threats can stem from various sources, including employees, customers, and hackers. Here are some of the most prevalent cybersecurity threats:

Phishing Attacks: Phishing involves sending fraudulent emails or messages to deceive users into providing sensitive information such as passwords or credit card numbers.

Malware: Malware is malicious software designed to harm or disable computers and other devices.

Denial-of-Service Attacks: These attacks aim to make a website or online service unavailable by overwhelming it with traffic from multiple sources.

SQL Injection Attacks: In this type of attack, malicious code is inserted into a database to extract data or cause damage.

Cross-Site Scripting (XSS) Attacks: Hackers inject malicious code into a web page to execute it on unsuspecting users who visit the site.

Password Spraying: Hackers attempt to gain access to accounts by using common passwords across multiple accounts and services.

 

The Role of an Online Security Consultant

As cyberattacks continue to rise, the demand for online security consultants has never been greater. These consultants provide invaluable services to businesses by helping them identify and mitigate…

Source…