Tag Archive for: pose

New Android Banking Malware Pose as Government App


New Android Banking Malware Pose as Government App to Target Users

Cybercriminals continue making malware for profit, with a recent report uncovering ASMCrypt in underground forums related to the DoubleFinger loader.

In the cybercrime landscape, researchers at Securelist have also reported on new Lumma stealer and Zanubis Android banking malware versions.

Researchers discovered an ad for ASMCrypt, a cryptor/loader variant designed to avoid AV/EDR detection, resembling the DoubleFinger loader.

However, researchers strongly suspect ASMCrypt is an evolved DoubleFinger version, acting as a ‘front’ for a TOR network service, though with some differences in operation.

Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


New Android Banking Malware

Buyers get the ASMCrypt binary, which connects to the malware’s TOR backend using hardcoded credentials and then displays the options menu.

Options menu
Options menu (Source – Securelist)

Here below, we have mentioned all the available options:-

  • Stealth injection method
  • Invisible injection method
  • The process the payload should be injected into
  • Folder name for startup persistence
  • Either the malware itself masquerading as Apple QuickTime
  • Either the malware itself masquerades as a legitimate application that sideloads the malicious DLL

Once options are chosen and the build button pressed, the app conceals an encrypted blob in a .png file to be uploaded on an image hosting site. Simultaneously, the cybercriminals create and distribute the malicious DLL or binary, reads the report.

  • Lumma: This stealer is written in C++ and is also known by other names: Arkei stealer, Vidar, Oski, and Mars. It has maintained its core function of stealing crypto wallet data since May 2018. Lumma, with a 46% overlap with Arkei, is the latest variant, and it spreads via a deceptive website, posing as a .docx to .pdf converter, and first appeared in August 2022.
Code snippet of the “debugging” sample
Code snippet…

Source…

How electric vehicle chargers may pose risk of hacking


As the global sales for electric vehicles (EVs) increase by 60% worldwide and one in every seven passenger cars purchased globally is an EV, there has been an increase in the risk of cyber attack, a report has said.
According to a report by cyber security company Check Point Research, increased consumer demand for EVs may mean unprecedented security challenges.
As the industry expands rapidly, “new EV charging stations are popping up in parking lots and on street corners, however, the new installations could prompt cyber attackers to target EV charging networks, the vehicles themselves, and/or the connected power grids,” the report said.

In India, EV sales hit 1.17 million units in the financial year 2023.
“Even here in India, where the Indian Computer Emergency Response Team (CERT-In) has received reports of vulnerabilities in products and applications related to electric vehicle charging stations,” the report noted.
How hackers may target EV charging stations
Researchers have already come across vulnerabilities that could allow cyber criminals to remotely shut down EV chargers or steal electricity.
Cyber attacks may exploit EV charging station weaknesses and cause power fluctuations and power outages. These attacks would suddenly alter the demands of EV charging networks, the report said.

Why EV chargers are at risk of hacking
The report said that the race-to-market in terms of connected devices has translated to cyber security measures that were ‘bolted on,’ but not ‘built in’. In simpler words, the cyber security aspect of electric vehicle chargers was largely an afterthought as EV chargers are interlinked with other infrastructure.
According to US-based National Institute of Standards and Technology (NIST), “the Electric Vehicle Supply Equipment (EVSE) is supported by electronics, both for charging the vehicle and facilitating communications, so EVSE is susceptible to cyber security vulnerabilities and attacks.”
“EVSE also ties together two critical sectors — transportation and energy (specifically, the grid) — that have never been connected electronically before. This creates the potential for attacks that could have significant impacts in terms of money, business…

Source…

Ransomware Attacks Pose Major Threat to Travel and Tourism


Companies are consistently working on information and network security projects to set up a reliable technical protection system

The travel and tourism sector has become a prime focus for cyberattacks in recent times, resulting in ransomware incidents arising from data breaches.

Against this backdrop, cybersecurity concerns within the industry have escalated with a 4% year-on-year (YoY) rise in 2022, reflecting the prevailing sentiment.

An analysis of the latest data found that sentiment for airlines, travel services, and lodging rose by 6%, 4%, and 1%, respectively, in 2022 over 2021.

Companies are consistently working on information and network security projects to set up a reliable technical protection and security management mechanism to ensure customer security and prevent data leakage. A severe data security incident can lead to operational disturbances and cause significant financial damage to the business.

LATAM Airlines Group SA plans to have self-boarding (biometric) to advance customer experience. The company is also starting Pre-Flight check documentation where customers can send their documents digitally before boarding.

China Eastern Airlines Corp Ltd discussed establishing a sound information and security-related management mechanism.

Booking Holdings Inc talked about SQL injection where a third party tries to insert malicious code into companies’ software through data entry fields on websites to gain control of the system using the websites as a platform.

Tourism Holdings Ltd updated its digital strategy and made investments in new technology and cybersecurity solutions.

H World Group Ltd and Mahindra Holidays & Resorts India Limited have set up an information security committee responsible for developing policies and procedures, offering data protection-related advice, protecting the security of customer data, and avoiding data leakage.

Failing to adopt appropriate technology leaves companies vulnerable to cyber threats that can have a detrimental impact on their operations.

Investing in robust cybersecurity solutions, educating employees about cybersecurity risks, and staying up to date on cybersecurity threats can help reduce the likelihood of an…

Source…

Ransomware Attacks Pose Biggest Threat to UK Organizations


Fraud Management & Cybercrime
,
Geo Focus: The United Kingdom
,
Geo-Specific

Security Agency Says 18 Incidents in 2022 Needed Nationally Coordinated Mitigation

Ransomware Attacks Pose Biggest Threat to UK Organizations
Westminister Bridge in London (Image:Martin Dunst/CC BY-SA 4.0)

Ransomware attacks against U.K. hospitals and schools remained the biggest cybersecurity threat facing country in 2022, the country’s cybersecurity agency warns, adding that these attacks are likely to surge in the coming months.

See Also: OnDemand | API Protection – The Strategy of Protecting Your APIs

While the United Kingdom witnessed an uptick in various attacks, including low-level tactics such as spear-phishing, ransomware attacks against its critical infrastructure persisted throughout the year, with 18 incidents in the country requiring national-level coordination to mitigate the malware from systems.

These include the attacks on attacks on a supplier to the country’s national emergency helpline, and a water supply company at South Staffordshire, according to the 2022 cyber threat report released by the National Cyber Security Centre.

The NCSC attributes the uptick in ransomware attacks to the proliferation of ransomware-as-a-service groups, which it says are empowering lower-skilled attackers and group affiliates that normally lack the expertise to deploy sophisticated malware. These services have opened multiple attack vectors to a broader range of hackers, NCSC says.

Further, less sophisticated hackers are now equipping themselves with advanced intrusion software such as military-grade spyware and off-the-shelf…

Source…