Tag Archive for: menace’

South Korean Android Banking Menace – FakeCalls

/in


Research by: Bohdan Melnykov, Raman Ladutska

When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be high profile, just careful selection of the audience and the right market can be enough.

This “stay-low-aim-high” approach is what the Check Point Research team saw in our recent Android malware research. We encountered an Android Trojan named FakeCalls, a malware that can masquerade as one of more than 20 financial applications and imitate phone conversations with bank or financial service employees – this attack is called voice phishing. FakeCalls malware targeted the South Korean market and possesses the functionality of a Swiss army knife, of being able not only to conduct its primary aim but also to extract private data from the victim’s device.

Voice phishing attacks have a long history in the South Korean market. According to the report published on the South Korean government website, financial losses due to voice phishing constituted approximately 600 million USD in 2020, with the number of victims reaching as many as 170,000 people in the period from 2016 to 2020.

We discovered more than 2500 samples of the FakeCalls malware that used a variety of combinations of mimicked financial organizations and implemented anti-analysis (also called evasions) techniques. The malware developers paid special attention to the protection of their malware, using several unique evasions that we had not previously seen in the wild.

In our report, we describe all of the encountered anti-analysis techniques and show how to mitigate them, dive into the key details of the malware functionality and explain how to stay protected from this and similar threats.

Before we get to the technical details, let’s discuss how voice phishing works in the example of FakeCalls malware.

The idea behind voice phishing is to trick the victim into thinking that there is a real bank employee on the other side of the call. As the victim thinks that the application in use is an internet-banking application…

Source…

A growing menace: flubots, phishing, and network failures

/in


As we buy more and more stuff online, text messages like “track your order at this link: http://….” are accepted as the norm. You’ve probably clicked one or two of those links yourself, right? And why shouldn’t you?

It sounds innocent enough, but it might not be. That simple SMS could be the vehicle for a flubot attack. Clicking on the link could cause massive headaches for mobile operators and the industry as a whole. Increases in mobile malware pose a real threat to the telecommunications infrastructure. The implications are serious – both operationally and commercially.

How does a flubot work?

Successful flubots typically build-out botnets that can cripple telecoms networks by generating large volumes of voice calls and SMS messages, as well as mobile data traffic targeted at specific websites and servers – a DDOS (distributed denial-of-service) attack.

Flubots work like this: distribution systems send personalized SMS messages containing links that look genuine, making them difficult to detect and prevent. Clicking on the link triggers a malware download which can then take over the device and send a similar message to contacts; while also initiating DDOS attacks. The malware can also start phishing for bank details, perform identity theft, or make purchases.

How much damage can a flubot cause?

Flubot attacks are happening at scale. In October 21 alone, Sinch’s anti-spam platform detected and blocked more than 1.6 million malicious URLs, while one mobile operator recently reported 10,000 customers had been infected by flubot malware. That attack generated 3,000 messages (both national and international) per customer per day, causing SMS traffic between network operators to soar tenfold. In another attack, 5,000 infected devices called a target number every 10 minutes, resulting in about 30,000 calls per hour.

In the graphic below, you can see the evolution of a flubot attack on a medium-sized MNO in the APAC region. Sinch anti-fraud systems captured over 100K fraudulent SMS messages before customers realized anything had happened. This case is very similar…

Source…

Google forges new ‘app defense alliance’ to fix Android malware menace – The Next Web

/in

Google forges new ‘app defense alliance’ to fix Android malware menace  The Next Web
“android security news” – read more

Ransomware: Is time running out for the biggest menace on the web?

/in

  1. Ransomware: Is time running out for the biggest menace on the web?  ZDNet

  2. Ransomware threat hits new highs for UK users in 2017  ITProPortal
  3. UK is now the most targeted nation for cyber attacks, says Malwarebytes  IT PRO

    4. Full coverage

Ransomware – read more