Tag: Details | SpinSafe

Hackers Are Selling Off Stolen Roku Accounts With Credit Card Details For 50 Cents Each

March 13, 2024/in Computer Security

Account credentials and personal data are hot commodities online, which often going up for sale at low prices so shady characters can move thousands of accounts quickly. This is reportedly what has happened to just over 15,000 Roku customers who had their accounts compromised due to credential stuffing attacks that occurred from December 28th, 2023, to February 21st, 2024. Thankfully, these attacks were detected and eventually halted, but not before threat actors made off with some valid information, allowing malicious data buyers to access the compromised accounts.

On January 4th this year, Roku detected and observed suspicious activity, indicating that some accounts may have been accessed without authorization. This triggered an investigation into the compromise, which found that threat actors were seemingly leveraging third-party sourced breach data and spraying those credentials against Roku to see what would work in a credential-stuffing attack. Of all the accounts attempted, 15,363 people had used the same email and password with Roku and whatever other platform was breached to gain the credentials.

The data breach notice explains that “after gaining access, [threat actors] then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.” Subsequently, Roku has moved to re-secure the compromised accounts and is stopping any unauthorized purchases or subscriptions made on the account. However, it would seem that Roku’s security team may not have caught some of these accounts, as Bleeping Computer reports that some are still available to purchase online for as low as $0.50 per account.

As such, the breach notice recommends that Roku users review all subscriptions on, and devices linked to, their accounts. Further, using a strong and unique password for accounts is good to prevent this sort of thing from happening elsewhere. If you believe you were compromised, it is also good security hygiene to monitor your credit accounts and other information just in case your identity is stolen or compromised.

(Hero Image Source: Roku)

Source…

New Malware Poses Serious Threat to Android Users, All Details Here

February 26, 2024/in Computer Security

Updated Feb 26, 2024, 10:18 AM IST

The primary method of spreading this malware is through SMS texts containing shortened URLs.

Recently, cybersecurity experts uncovered an updated version of the Android XLoader malware, which has been attributed to a threat actor known as ‘Roaming Mantis.’ This new variant is particularly concerning as it can self-execute without requiring any interaction from the user. The primary method of spreading this malware is through SMS texts containing shortened URLs. When a user clicks on the link, they are directed to a webpage urging them to download an Android installation file (APK) for a supposed mobile app.

According to a report by BleepingComputer, researchers at McAfee have provided detailed insights into this new iteration of the XLoader malware. One notable feature of this variant is its ability to automatically initiate itself after installation. To deceive users, the malware disguises itself as ‘Chrome’ with an italicized ‘r.’ Upon installation, the app prompts users to grant it continuous background operation and requests permission to be designated as the default SMS app. Notably, prompts are presented in multiple languages including English, French, Japanese, Hindi, and German.

The concerning aspect of this malware lies in its autonomous behaviour, which allows it to engage in malicious activities without the need for user interaction. Among its capabilities is the pilfering of sensitive information such as passwords, text messages, photos, contacts, and hardware details like the device’s IMEI, SIM, and serial number.

To protect your Android device from potential XLoader infections, it is imperative to ensure that Google Play Protect is active. While this service is typically enabled by default on devices that come with preinstalled Google services, there may be instances where users disable it to accommodate certain applications flagged as malicious by the service.

If you have intentionally disabled Google Play Protect and wish to reinstate it, the process is simple. Begin by accessing the Google Play Store on your device. Then, locate and tap on your profile picture positioned at the top right of the screen. From…

Source…

Indian Govt Reveals ‘High-Risk’ Vulnerabilities Affecting Android Users: Check Details

February 10, 2024/in Mobile Security

If you are using an Android device, it’s crucial to be aware that the Indian government’s Computer Emergency Response Team has issued a warning regarding ‘high’ security risk vulnerabilities in Android. The team emphasises that these exploits have the potential to allow attackers to gain sensitive information and execute arbitrary code on your phone.

Which Android Versions Are Affected?

These vulnerabilities are found in Android versions 11, 12, 13, and 14. This implies that even if you have the latest Android version, you are not exempt from these risks.

CERT-In highlights that multiple vulnerabilities exist within the framework, system, arm components, and MediaTek components, Unisoc components, Qualcomm components, and Qualcomm close-sourced components.

How To Protect Yourself?

To safeguard your device, you will need to have Android “Security patch levels of 2024-02-05 or later to address all of these issues.” So, when the OEM of your device releases the said update, simply download the latest available update.

Considering the ‘high’ severity rating, it’s advisable to focus on additional security-enhancing features. Enable two-factor authentication, use a robust passcode, and maintain good digital hygiene practices.

These Are The Vulnerabilities Affecting the Aforementioned Android versions

CVE-2023-32841, CVE-2023-32842, CVE-2023-32843, CVE-2023-33046, CVE-2023-33049, CVE-2023-33057, CVE-2023-33058, CVE-2023-33060, CVE-2023-33072, CVE-2023-33076, CVE-2023-40093, CVE-2023-40122, CVE-2023-43513, CVE-2023-43516, CVE-2023-43518, CVE-2023-43519, CVE-2023-43520, CVE-2023-43522, CVE-2023-43523,CVE-2023-43533, CVE-2023-43534, CVE-2023-43536, CVE-2023-49667, CVE-2023-49668, CVE-2023-5091, CVE-2023-5249, CVE-2023-5643, CVE-2024-0014, CVE-2024-0029, CVE-2024-0030, CVE-2024-0031, CVE-2024-0032, CVE-2024-0033, CVE-2024-0034, CVE-2024-0035, CVE-2024-0036, CVE-2024-0037, CVE-2024-0038, CVE-2024-0040, CVE-2024-0041, CVE-2024-20003, CVE-2024-20006, CVE-2024-20007, CVE-2024-20009, CVE-2024-20010, CVE-2024-20011.

Chrome Users Will Soon Get This Big Security Feature On Android: All Details

January 17, 2024/in Mobile Security

Google is testing an important privacy feature for Chrome users on Android that mimics the security level set for apps that you use on smartphones.

Over the last few years, Android users get information about the sensors that an app is trying to access on their phone. For instance, when you use Uber, the app will ask for your permission to use location, microphone and even call logs on the device.

Similarly, you have platforms like Zoom or even Google Meet asking for access to the camera on your phone. These access features are coming to Chrome browser now for Android users which was confirmed with the latest Chrome build version 122 recently. What this means is that Chrome users will get similar alerts when a website tries to access the camera, microphone, or even location on their device.

Chrome is probably aware of the specific needs of a website that might be far reaching than what the browser actually wants to access, so giving an extra layer of permission alert will definitely help people understand which website is trying to access what feature on the device. Users will get the option to ‘allow this time’, ‘allow on every visit’ and ‘don’t allow’ for these websites.

Chrome is still testing the feature with its build version on Android so we’re not sure when the public release will be available but going by the timelines, it is likely that we will hear more from Chrome in the coming months when the privacy tool would have gone through thorough tests in the back end. Chrome is used by billions and is the most popular web browser in the market. So, upgrades like these are warranted and it is good to see Google give extra focus to privacy of users, which will surely appeal to more people.

Tag Archive for: Details

The primary method of spreading this malware is through SMS texts containing shortened URLs.