Tag Archive for: hijack

Watch out — that free Android VPN app could hijack your device

/in


Almost two dozen free Android VPN apps were actually turning host devices into residential proxies, researchers have revealed announced. All of the apps were subsequently removed from the Play Store, with some making a comeback after cleaning up their code.

Cybersecurity researchers from HUMAN’s Satori Intelligence Team recently discovered a total of 28 apps, all of which had the “Proxylib” software development kit (SDK). This SDK, built in the Golang programming language, was designed to do the proxying, a process in which internet traffic is routed through third-party devices. 

Source…

Hackers use pirated software to hijack Mac, Android, and Windows devices

/in


Trading in cryptocurrency? You might be sitting on a pretty penny in that digital wallet of yours. Feels great, doesn’t it? But here’s the catch with digital currency: keeping it secure isn’t a walk in the park.

Hackers are out there, working overtime to come up with new tricks to swipe your crypto, potentially emptying your wallet in one fell swoop. Yep, for these cyber thieves, your digital cash is the ultimate prize. And the worst part? Most of the time, you won’t even realize you’ve been hit until your balance is zero.

Case in point: there’s this fresh malware out there, specifically targeting macOS, Android, and Windows devices. It sneaks in through pirated software, hunting for your cryptocurrency to make it its own. Here’s how it works.

What is the new malware targeting cryptocurrency users?

The cybersecurity company Kaspersky has uncovered a sophisticated new malware campaign designed to pilfer cryptocurrency from users’ wallets. This campaign leverages pirated or improperly licensed software as a vector for infection, exploiting the common practice of seeking out ‘free’ versions of paid software online.

These cracked applications, distributed through unauthorized websites, are embedded with a Trojan-Proxy type of malware. This malware is not limited to just macOS users, as recent findings have shown; variants targeting Android and Windows platforms have also been discovered, connecting to the same Command and Control (C&C) server. These variants, like their macOS counterparts, are concealed within cracked software, illustrating the widespread risk across different operating systems.

Once the malware is downloaded into your device, it’ll immediately start checking for Bitcoin and Exodus cryptocurrency wallets. If it discovers either one (which is very unfortunate for some users who have both), the malware replaces the wallet and infects it with another version that’s able to steal the cryptocurrency. For some people, this could amount to thousands of dollars. And, it’s all because you unintentionally downloaded the malware to your macOS, Android, and Windows devices.

MORE: HOW CROOKS ARE USING SKIMMERS AND SHIMMERS TO STEAL YOUR MONEY AT…

Source…

Hackers Hijack Websites to Inject Malware that Steals Credentials

/in


Concerning a development for internet security, a new form of website malware known as “Angel Drainer” has been increasingly targeting Web3 and cryptocurrency assets since January 2024.

This malware is part of a broader trend of rising Web3 phishing sites and crypto drainers that significantly threaten user credentials and wallets.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.

Web3 Crypto Malware: Angel Drainer Overview

Angel Drainer is a crypto drainer implicated in security breaches, including a notable incident with Ledger Connect Kit in December.

It operates by injecting itself directly into compromised websites or redirecting visitors to phishing sites containing the drainer. Once in place, it can steal and redistribute assets from compromised wallets, reads the Sucuri report.

The surge in malicious activity is alarming, with over 20,000 unique Web3 phishing sites created in 2023 alone.

As per recent reports, the Angel Drainer phishing group has illicitly acquired a sum of over $400,000 from a total of 128 cryptocurrency wallets.

The group has utilized a new and sophisticated tactic to carry out their fraudulent activities, which is a cause of concern for businesses and individuals alike.

In the first two months of 2024, at least three unrelated malware campaigns have begun using crypto drainers in website hacks.

fake browser update + crypto drainer

Sucuri’s SiteCheck remote website scanner detected the Angel Drainer variant on over 550 sites since early February, and the public showed this injection on 432 sites at the time of writing.

The impact of these attacks is profound, with Angel Drainer found on 5,751 different unique domains over the past four weeks.

The malware leverages phishing tactics and malicious injections to exploit the Web3 ecosystem’s reliance on direct wallet interactions, endangering both website owners and the safety of user assets.

Injection Methods and Strategies

The injection methods used by these attackers are sophisticated and varied. They can…

Source…

China’s Hackers Hijack Small Routers to Reach Big Targets

/in


The United States announced the disruption of a botnet made of hundreds of U.S.-based small office or home office (SOHO) routers that were hijacked by state-sponsored hackers from the People’s Republic of China (PRC) in order to be used to attack U.S. infrastructure.

Hacker GreeceChina-backed hackers target U.S. computers. (Photo: Darwin Laganzon, Pixabay, License)“The hackers, known to the private sector as ‘Volt Typhoon,’ used privately-owned SOHO routers infected with the ‘KV Botnet’ malware to conceal the PRC origin of further hacking activities directed against U.S. and other foreign victims,” the U.S. Department of Justice said Wednesday in a statement.

Attorney General Merrick B. Garland stressed that the Justice Department has thwarted a China-supported hacking group that sought to target “America’s critical infrastructure” using a botnet.

That campaign had been the focus of a joint advisory issued in May 2023 by the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and international partners, according to the statement.

The Justice Department explained that the majority of routers in the KV Botnet were Cisco and NetGear routers, which were vulnerable due to reaching the ‘end-of-life’ status – meaning that they were no longer supported with security patches or other software updates from their manufacturers.

The operation authorized by the court involved removing the KV Botnet malware from the routers and disconnecting them by blocking communications with other devices responsible for controlling the botnet.

The statement referred to court documents, stating that the government extensively tested the operation on the relevant Cisco and NetGear routers without affecting their legitimate functions or collecting content information from the compromised routers.

However, authorities cautioned that the remediated routers remain susceptible to future attacks by Volt Typhoon and other hackers. They strongly recommended that owners of end-of-life SOHO routers in their networks replace them.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens…

Source…