Tag: Watch | SpinSafe

Watch out for these fake messaging apps on Android – they could be spying on you

April 11, 2024/in Mobile Security

Cybersecurity researchers from ESET found a handful of malicious Android apps that were spying on people and stealing sensitive information from their mobile devices.

In a press release shared with TechRadar Pro earlier this week, the researchers said that a new threat actor group, which they dubbed Virtual Invaders, was active from late 2021.

They created a number of Android apps, posing as communications products, which also came with the open-source XploitSPY malware. They called the campaign “eXotic Visit.”

Low download count

On the surface, the apps worked as intended, offering rudimentary communications services. However, behind the curtains lies malware that extracted people’s contact lists and files, the device’s GPS locations, file names listed in specific directories related to the camera, downloads, and different messaging apps such as Telegram, or WhatsApp. If some file names showed promise, the attackers could extract them as well, it was said.

To build the malware, the attackers seem to have taken the open-source Android Remote Access Trojan (RAT), XploitSPY, and modified it. While the apps offered rudimentary services, they came with a number of fake functionalities, too. Throughout the years, the attackers added new features, including better obfuscation techniques, emulator detectors, and more.

There were more than a dozen apps, ESET said, with the three biggest ones being called Dink Messenger, Sim Info, and Defcom. All were being distributed via standalone websites, as well as Google Play, but all were subsequently removed from Google’s app repository.

Still, the chances of being infected by any of these are relatively low. Apparently, the attackers only targeted individuals in Pakistan and India, and were quite specific in their attacks. In total, there were roughly 380 downloads from the websites and the Play store. Each app has had up to 45 downloads. The distribution methods were not discussed, but they were most likely phishing and social engineering.

More from TechRadar Pro

Source…

Watch out — that free Android VPN app could hijack your device

March 28, 2024/in Mobile Security

Almost two dozen free Android VPN apps were actually turning host devices into residential proxies, researchers have revealed announced. All of the apps were subsequently removed from the Play Store, with some making a comeback after cleaning up their code.

Cybersecurity researchers from HUMAN’s Satori Intelligence Team recently discovered a total of 28 apps, all of which had the “Proxylib” software development kit (SDK). This SDK, built in the Golang programming language, was designed to do the proxying, a process in which internet traffic is routed through third-party devices.

All of the apps were subsequently removed from the Play Store, with some making a comeback after cleaning up their code.

Russian fingers

While proxying has its legitimate, legal use cases, when it’s not clearly stated in the app, it’s most likely criminal. Hackers use it to hide their traffic as they commit ad fraud, phishing, and more.

Of the 28 apps, 17 were free VPN apps. Here is the full list:

Lite VPN
Anims Keyboard
Blaze Stride
Byte Blade VPN
Android 12 Launcher (by CaptainDroid)
Android 13 Launcher (by CaptainDroid)
Android 14 Launcher (by CaptainDroid)
CaptainDroid Feeds
Free Old Classic Movies (by CaptainDroid)
Phone Comparison (by CaptainDroid)
Fast Fly VPN
Fast Fox VPN
Fast Line VPN
Funny Char Ging Animation
Limo Edges
Oko VPN
Phone App Launcher
Quick Flow VPN
Sample VPN
Secure Thunder
Shine Secure
Speed Surf
Swift Shield VPN
Turbo Track VPN
Turbo Tunnel VPN
Yellow Flash VPN
VPN Ultra
Run VPN

The researchers speculate that these apps are linked to Asocks, a Russia-based residential proxy service provider, given that many apps connected to the Asocks’ website, and the Asocks service is commonly promoted to cybercriminals on hacking forums.

After discovering the apps, Google removed all of them from the Play Store, with some reappearing, possibly after removing the malicious SDK.

Users would be wise to double-check if any of their apps are still listed on the Play Store, and remove them if they’re not. Alternatively, they should at least keep them updated to the latest version.

Via

Source…

Here’s a VPN Travel Hack That Will Let You Watch Your Netflix Shows From Abroad

February 1, 2024/in Internet Security

Since technology is not going anywhere and does more good than harm, adapting is the best course of action. That is where The Tech Edvocate comes in. We plan to cover the PreK-12 and Higher Education EdTech sectors and provide our readers with the latest news and opinion on the subject. From time to time, I will invite other voices to weigh in on important issues in EdTech. We hope to provide a well-rounded, multi-faceted look at the past, present, the future of EdTech in the US and internationally.

We started this journey back in June 2016, and we plan to continue it for many more years to come. I hope that you will join us in this discussion of the past, present and future of EdTech and lend your own insight to the issues that are discussed.

Source…

3 Ransomware Group Newcomers to Watch in 2024

January 15, 2024/in Internet Security

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.

Figure 1: Year over year victims per quarter

The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable newcomers.

Figure 2: 2020-2023 ransomware victim count

LockBit 3.0 maintained its number one spot with 1047 victims achieved through the Boeing attack, the Royal Mail Attack, and more. Alphv and Cl0p achieved far less success, with 445 and 384 victims attributed to them, respectively, in 2023.

Figure 3: Top 3 active ransomware groups in 2023

These 3 groups were heavy contributors to the boom in ransomware attacks in 2023, but they were not the sole groups responsible. Many attacks came from emerging ransomware gangs such as 8Base, Rhysida, 3AM, Malaslocker, BianLian, Play, Akira, and others.

Newcomers to the Ransomware Industry

At Cyberint, the research team is constantly researching the latest ransomware groups and analyzing them for potential impact. This blog will look at 3 new players in the industry, examine their impact in 2023 and delve into their TTPs.

To learn about other new players download the 2023 Ransomware Report here.

3AM Ransomware

A newly discovered ransomware strain named 3AM has emerged, but its usage has been limited so far. In 2023 they have only managed to impact 20+ organizations (mostly in the USA). However, they are gaining notoriety due to a ransomware affiliate who tried to deploy LockBit on a target’s network switching to 3AM when LockBit was blocked.

New ransomware families appear frequently, and most disappear just as quickly or never manage to gain significant traction. However, the fact that 3AM was used as a fallback by a LockBit affiliate suggests that it may be of interest to attackers and could be seen again in the future.

Interestingly, 3AM is coded in Rust and appears to be an entirely new malware family. It follows a specific sequence: it attempts to halt multiple services on the compromised computer before initiating the file encryption process. After…

Source…

Tag Archive for: Watch

Newcomers to the Ransomware Industry

To learn about other new players download the 2023 Ransomware Report here.

3AM Ransomware