Search This Blog

Latest News

Information Commissioner Office Made a Regulatory Fine of $27 Million on Tiktok

  The information commissioner's office of the United Kingdom recently fined Tiktok $29 million, having provisionally discovered that ...

All the recent news you need to know

Scylla: Ad Fraud Scheme in 85 Apps with 13 Million Downloads

 

Security researchers have exposed 85 apps involved in the ongoing ad frauds campaign that began in 2019. 75 apps of these apps are on Google Play, while 10 are present on the App store. The apps have collectively more than 13 million downloads to date. 
 
Researchers from HUMAN’s Satori Threat Intelligence have collectively named all the mobile apps that are being identified in the ad fraud campaign as ‘Scylla’.  
 
The malicious apps flooded the mobiles with advertisements, both visible and hidden ads. Additionally, the fraudulent apps garnered revenue by impersonating as legitimate apps in app stores. Although these apps are not seen as severe threats to the users, the adware operators can use them for more malicious activities.  
 
According to the researchers, Scylla is believed to be the third wave of an ad fraud campaign that came to light in August 2019, termed ‘Poseidon’. The second wave, called ‘Charybdis’ led up to the end of 2020. 

The original operation, Poseidon comprised over 40 fraudulent android apps, designed to display out-of-context ads or even ads hidden from the view of mobile users. 
 
The second wave, Charybdis, was a more sophisticated version of Poseidon, targeting advertising platforms via code obfuscation tactics. Scylla apps, on the other hand, expand beyond Android, to charge against the iOS ecosystem. In addition to this, Scylla relies on additional layers of code obfuscation, using Allatori Java obfuscator, making it hard for the researchers to detect or reverse engineer the adware. 
 
These fraudulent apps are engineered to commit numerous kinds of ad frauds, including mimicking popular apps (such as streaming services) to trick advertising SDKs into placing their ads, displaying out-of-context and hidden ads, generating clicks from the unaware users, and generating profit off ads to the operator. 
 
"In layman's terms, the threat actors code their apps to pretend to be other apps for advertising purposes, often because the app they're pretending to be is worth more to an advertiser than the app would be by itself," states HUMAN security. 
 
According to the sources, the researchers have informed Google and Apple about these fraudulent apps, following which the apps are being removed from Google Play and App Store. Users are recommended to simply remove the apps if they have downloaded one of the suspected adware by any chance. 
  
Furthermore, with regards to the increasing frauds, the Satori researchers have suggested certain precautionary measures that could be taken into account for the user to not fall for the adware frauds. It includes examining their apps before downloading them, looking out for apps that you do not remember downloading, and avoiding third-party app stores that could harbor malicious applications.

30 Million Data Theft Hacktivists Detained in Ukraine

The Security Service of Ukraine's (SSU) cyber division has eliminated a group of hackers responsible for the data theft or roughly 30 million people. 

According to SSU, its cyber branch has dismantled a group of hacktivists who stole 30 million accounts and sold the data on the dark web. According to the department, the hacker organization sold these accounts for about UAH 14 million ($375,000). 

As stated by the SSU, the hackers sold data packs that pro-Kremlin propagandists bought in bulk and then utilized the accounts to distribute false information on social media, generate panic, and destabilize Ukraine and other nations. 

YuMoney, Qiwi, and WebMoney, which are not permitted in Ukraine, were used by the group to receive funds.The police discovered and seized many hard drives containing stolen personal data, alongside desktops, SIM cards, mobile phones, and flash drives, during the raids on the attackers' homes in Lviv, Ukraine. 

By infecting systems with malware, fraudsters were able to gather sensitive data and login passwords. They targeted systems in the European Union and Ukraine. According to Part 1 of Article 361-2 of the Ukrainian Criminal Code, unauthorized selling of material with restricted access, the group's organizer has been put under investigation.

The number of people detained is still unknown, but they are all charged criminally with selling or disseminating restricted-access material stored in computers and networks without authorization. There are lengthy prison terms associated with these offenses.

The gang's primary clients were pro-Kremlin propagandists who utilized the stolen accounts in their destabilizing misinformation efforts in Ukraine and other nations.

The SSU took down five bot farms that spread misinformation around the nation in March and employed 100,000 fictitious social media profiles. A huge bot farm with one million bots was found and destroyed by Ukrainian authorities in August.

The SSU discovered two further botnets in September that were using 7,000 accounts to propagate false information on social media.

Malware producers are frequently easier to recognize, but by using accounts belonging to real people, the likelihood that the operation would be discovered is greatly reduced due to the history of the posts and the natural activity.






Google Analyst Identifies Critical Bug in PlayStation 5

 

The vulnerability in the PlayStation 5 could have allowed hackers to access the console system that was already identified and fixed on the PlayStation 4 last year. 

“I found it on the PS4 and then two years later on the PS5. It seems like their patch somehow got reverted when doing FreeBSD9 to FreeBSD11 migration,” Andy Nguyen, a security researcher at Google Nguyen told Motherboard, referring to the Linux distribution that manages the PlayStation’s operating system. 

Last year, the researcher gave an indication by jailbreaking his PlayStation 5 and tweeting an image of the console’s debug settings, which should only be accessible if the console is jailbroken. 

Jailbreaking a console system allows customers to install emulators for other consoles, play pirated games, as well as unlock hidden features. The flip side of the coin is that Sony may block a jailbroken console from utilizing network features, blocking the user from playing online games. 

Earlier this year in January, Andy reported the vulnerability to Sony and wrote that he discovered an identical bug in 2020, “when the PS5 did not yet exist, thus this should be considered as a new report and not a duplicate.” 

The vulnerability led the researcher to gain control of the PlayStation 5’s kernel, the soul of the console’s operating system, which has access to and controls most of its functions. Last week, Sony patched the bug for the PlayStation 5 and rewarded Nguyen with a bounty of $10,000, the same amount as a reward in 2021. 

Nguyen explained that the vulnerability he identified was only one of a chain of flaws required to fully jailbreak the PlayStation 5. And as of today, Sony’s new console is fully patched, which also means there are no pirated apps or emulators like there are for the PlayStation 4, for which there is a public jailbreak. 

Earlier this month, another security researcher discovered the security bug to jailbreak the PS4 and the PS5 by exploiting the official PS2 emulator that Sony offered for its two most recent consoles. 

“By hacking the official PS2 emulator he could run unofficial apps, other emulators, and “even some pirated commercial PS4 games. One of the advantages of exploiting the PS2 emulator is that Sony cannot patch it,” CTurt explained in a blog post. “Because the emulator is bundled as a game, not part of the OS, Sony has no readily available options to revoke access to it.”

BlackCat Ransomware’s Data Exfiltration Tool Gets an Upgrade

 

A new version of the BlackCat ransomware's data exfiltration tool for double-extortion attacks has been released. Exmatter, the stealer tool, has been in use since BlackCat's initial release in November 2021.
Exmatter Evolution Symantec researchers (who track the group as Noberus) claim in a report that the ransomware group's focus appears to be on data exfiltration capabilities, which is a critical component of double-extortion attacks. 

The exfiltration tool was substantially updated in August, with various changes including the ability to exfiltrate data from a wide range of file types, including FTP and WebDav, to SFTP, and the option to create a report listing all processed files. It has also added a 'Eraser' feature to corrupt processed files, as well as a 'Self-destruct' configuration option to delete and quit if it runs in a non-valid environment.

New information  stealer

The deployment of new malware known as Eamfo, which is specifically designed to target credentials saved in Veeam backups, has increased BlackCat's ability to steal information even further.

Eamfo connects to the Veeam SQL database and uses a SQL query to steal backup credentials. It decrypts and displays credentials to an attacker once they have been extracted.

Along with expanding Exmatter's capabilities, the latest version includes extensive code refactoring to make existing features more stealthy and resistant to detection. In any case, the BlackCat operation terminates antivirus processes with an older anti-rootkit utility.

BlackCat isn't slowing down and appears to be focused on constantly evolving itself with new tools, improvements, and extortion strategies. As a result, organisations are advised to secure access points and train their employees on cybercriminal penetration techniques. Businesses should also invest more in cross-layer detection and response solutions.