Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android. Show all posts
SuperCardX
Android Hacking malware NFC phishing Skimming SuperCardX

SuperCard X Malware Turns Android Phones into NFC Relay Hubs for Real-Time Payment Fraud

 

Hackers are exploiting a Chinese-language malware-as-a-service (MaaS) platform known as SuperCard X to conduct near-field communication (NFC) relay attacks, enabling the theft of payment card data and real-time fraudulent transactions at point-of-sale (PoS) systems and ATMs. According to mobile security firm Cleafy, SuperCard X diverges from traditional banking malware by weaponizing the contactless features of modern payment cards, transforming infected Android devices into relay tools for instant cash-outs.

“Effectively turning any infected Android handset into an NFC relay station,” said mobile security firm Cleafy.

Cybercriminals can access preconfigured Reader and Tapper apps—used to capture and relay NFC card data—via Telegram channels, offering low-barrier entry into NFC fraud without the need to build custom tools.

The attack typically begins with spoofed messages sent via SMS or WhatsApp, impersonating a bank and warning of suspicious activity. Victims are urged to call a provided number, where scammers—posing as bank representatives—manipulate them into disabling card security settings through social engineering. Eventually, victims are sent a link to download the SuperCard X Reader, disguised as a legitimate security utility.

Once installed, the Reader app requests minimal NFC and system permissions, allowing it to evade standard antivirus detection. Cleafy’s research identified that SuperCard X reuses code from NFCGate and NGate, open-source frameworks that facilitate NFC relay functionalities.

Victims are tricked into tapping their payment cards against the infected Android device. This initiates silent harvesting of sensitive NFC data—such as Answer To Reset (ATR) messages—which are then transmitted via a secure HTTP-based command-and-control (C2) infrastructure, protected through mutual TLS encryption.

On the attacker’s side, the Tapper app—running on a separate Android phone—emulates the victim’s card using Host-based Card Emulation (HCE) mode. This allows the attacker to make contactless transactions at PoS terminals and ATMs, treating the emulated card as legitimate, especially after the victim has removed spending limits.

“SuperCard X distinguishes itself from conventional Android banking Trojans by omitting complex features such as screen overlays, SMS interception or remote desktop controls. It instead focuses on an NFC relay and streamlined permission model, granting it a low fingerprinting profile and allowing it to remain undetected by the vast majority of antivirus engines and behavioral monitors.”

In certain campaigns targeting users in Italy, Cleafy observed customized app versions distributed by affiliates. These variants had stripped-down interfaces—removing sign-up screens and Telegram links—and replaced them with benign app icons and names. During calls, fraudsters provide victims with pre-set credentials, eliminating the need for registration and further reducing the chance of user suspicion.
Read more »
Salt Typhoon
Android Cyber Security Google messages RCS Salt Typhoon

Google Plans Big Messaging Update for Android Users

 



Google is preparing a major upgrade to its Messages app that will make texting between Android and iPhone users much smoother and more secure. For a long time, Android and Apple phones haven’t worked well together when it comes to messaging. But this upcoming change is expected to improve the experience and add strong privacy protections.


New Messaging Technology Called RCS

The improvement is based on a system called RCS, short for Rich Communication Services. It’s a modern replacement for traditional SMS texting. This system adds features like read receipts, typing indicators, and high-quality image sharing—all without needing third-party apps. Most importantly, RCS supports encryption, which means messages can be protected and private.

Recently, the organization that decides how mobile networks work— the GSMA announced support for RCS as the new standard. Both Google and Apple have agreed to upgrade their messaging apps to match this system, allowing Android and iPhone users to send safer, encrypted messages to each other for the first time.


Why Is This Important Now?

The push for stronger messaging security comes after several cyberattacks, including a major hacking campaign by Chinese groups known as "Salt Typhoon." These hackers broke into American networks and accessed sensitive data. Events like this have raised concerns about weak security in regular text messaging. Even the FBI advised people not to use SMS for sharing personal or financial details.


What’s Changing in Google Messages?

As part of this shift, Google is updating its Messages app to make it easier for users to see which contacts are using RCS. In a test version of the app, spotted by Android Authority, Google is adding new features that label contacts based on whether they support RCS. The contact list may also show different colors to make RCS users stand out.

At the moment, there’s no clear way to know whether a chat will use secure RCS or fallback SMS. This update will fix that. It will even help users identify if someone using an iPhone has enabled RCS messaging.


A More Secure Future for Messaging

Once this update is live, Android users will have a messaging app that better matches Apple’s iMessage in both features and security. It also means people can communicate across platforms without needing apps like WhatsApp or Signal. With both Google and Apple on board, RCS could soon become the standard way we all send safe and reliable text messages.


Read more »
Tax
Android Apple ID Cybercrime Cyberattacks CyberThreat Data iOS Lucid Mobile Security Phishing URL phishing-as-a-service SMS Tax

Lucid Faces Increasing Risks from Phishing-as-a-Service

 


Phishing-as-a-service (PaaS) platforms like Lucid have emerged as significant cyber threats because they are highly sophisticated, have been used in large-scale phishing campaigns in 88 countries, and have been compromised by 169 entities. As part of this platform, sophisticated social engineering tactics are employed to deliver misleading messages to recipients, utilising iMessage (iOS) and RCS (Android) so that they are duped into divulging sensitive data. 

In general, telecom providers can minimize SMS-based phishing, or smishing, by scanning and blocking suspicious messages before they reach their intended recipients. However, with the development of internet-based messaging services such as iMessage (iOS) and RCS (Android), phishing prevention has become increasingly challenging. There is an end-to-end encryption process used on these platforms, unlike traditional cellular networks, that prevents service providers from being able to detect or filter malicious content. 

Using this encryption, the Lucid PhaaS platform has been delivering phishing links directly to victims, evading detection and allowing for a significant increase in attack effectiveness. To trick victims into clicking fraudulent links, Lucid orchestrates phishing campaigns designed to mimic urgent messages from trusted organizations such as postal services, tax agencies, and financial institutions. As a result, the victims are tricked into clicking fraudulent links, which redirect them to carefully crafted fake websites impersonating genuine platforms, causing them to be deceived. 

Through Lucid, phishing links are distributed throughout the world that direct victims to a fraudulent landing page that mimics official government agencies and well-known private companies. A deceptive site impersonating several entities, for example, USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, SunPass, and Transport for London, creates a false appearance of legitimacy as a result. 

It is the primary objective of phishing websites to obtain sensitive personal and financial information, such as full names, email addresses, residential addresses, and credit card information, by using phishing websites. This scam is made more effective by the fact that Lucid’s platform offers a built-in tool for validating credit cards, which allows cybercriminals to test stolen credit card information in real-time, thereby enhancing the effectiveness of the scam. 

By offering an automated and highly sophisticated phishing infrastructure that has been designed to reduce the barrier to entry for cybercriminals, Lucid drastically lowers the barrier to entry for cybercriminals. Valid payment information can either be sold on underground markets or used directly to make fraudulent transactions. Through the use of its streamlined services, attackers have access to scalable and reliable platforms for conducting large-scale phishing campaigns, which makes fraudulent activities easier and more efficient. 

With the combination of highly convincing templates, resilient infrastructure, and automated tools, malicious actors have a higher chance of succeeding. It is therefore recommended that users take precautionary measures when receiving messages asking them to click on embedded links or provide personal information to mitigate risks. 

Rather than engaging with unsolicited requests, individuals are advised to check the official website of their service provider and verify if they have any pending alerts, invoices, or account notifications through legitimate channels to avoid engaging with such unsolicited requests. Cybercriminals have become more adept at sending hundreds of thousands of phishing messages in the past year by utilizing iPhone device farms and emulating iPhone devices on Windows systems. These factors have contributed to the scale and efficiency of these operations. 

As Lucid's operators take advantage of these adaptive techniques to bypass security filters relating to authentication, they are able to originate targeted phone numbers from data breaches and cybercrime forums, thus further increasing the reach of these scams. 

A method of establishing two-way communication with an attacker via iMessage can be accomplished using temporary Apple IDs with falsified display names in combination with a method called "please reply with Y". In doing so, attackers circumvent Apple's link-clicking constraints by creating fake Apple IDs.

It has been found that the attackers are exploiting inconsistencies in carrier sender verification and rotating sending domains and phone numbers to evade detection by the carrier. 

Furthermore, Lucid's platform provides automated tools for creating customized phishing sites that are designed with advanced evasion mechanisms, such as IP blocking, user-agent filtering, and single-use cookie-limited URLs, in addition to facilitating large-scale phishing attacks. 

It also provides real-time monitoring of victim interaction via a dedicated panel that is constructed on a PHP framework called Webman, which allows attackers to track user activity and extract information that is submitted, including credit card numbers, that are then verified further before the attacker can exploit them. 

There are several sophisticated tactics Lucid’s operators utilize to enhance the success of these attacks, including highly customizable phishing templates that mimic the branding and design of the companies they are targeting. They also have geotargeting capabilities, so attacks can be tailored based on where the recipient is located for increased credibility. The links used in phishing attempts can not be analyzed by cybersecurity experts if they expire after an attack because they expire. 

Using automated mobile farms that can execute large-scale phishing campaigns with minimal human intervention, Lucid can bypass conventional security measures without any human intervention, which makes Lucid an ever-present threat to individuals and organizations worldwide. As phishing techniques evolve, Lucid's capabilities demonstrate how sophisticated cybercrime is becoming, presenting a significant challenge to cybersecurity professionals worldwide. 

It has been since mid-2023 that Lucid was controlled by the Xin Xin Group, a Chinese cybercriminal organization that operates it through subscription-based models. Using the model, threat actors can subscribe to an extensive collection of phishing tools that includes over 1,000 phishing domains, customized phishing websites that are dynamically generated, as well as spamming utilities of professional quality.

This platform is not only able to automate many aspects of cyberattacks, but it is also a powerful tool in the hands of malicious actors, since it greatly increases both the efficiency and scalability of their attacks. 

To spread fraudulent messages to unsuspecting recipients, the Xin Xin Group utilizes various smishing services to disseminate them as genuine messages. In many cases, these messages refer to unpaid tolls, shipping charges, or tax declarations, creating an urgent sense of urgency for users to respond. In light of this, the sheer volume of messages that are sent makes these campaigns very effective, since they help to significantly increase the odds that the victims will be taken in by the scam, due to the sheer volume of messages sent out. 

The Lucid strategy, in contrast to targeted phishing operations that focus on a particular individual, aims to gather large amounts of data, so that large databases of phone numbers can be created and then exploited in large numbers at a later date. By using this approach, it is evident that Chinese-speaking cybercriminals have become an increasingly significant force within the global underground economy, reinforcing their influence within the phishing ecosystem as a whole. 

As a result of the research conducted by Prodaft, the PhaaS platform Lucid has been linked to Darcula v3, suggesting a complex network of cybercriminal activities that are linked to Lucid. The fact that these two platforms are possibly affiliated indicates that there is a very high degree of coordination and resource sharing within the underground cybercrime ecosystem, thereby intensifying the threat to the public. 

There is no question, that the rapid development of these platforms has been accompanied by wide-ranging threats exploiting security vulnerabilities, bypassing traditional defences, and deceiving even the most circumspect users, underscoring the urgent need for proactive cybersecurity strategies and enhanced threat intelligence strategies on a global scale to mitigate these risks. Despite Lucid and similar Phishing-as-a-Service platforms continuing to evolve, they demonstrate how sophisticated cyber threats have become. 

To combat cybercrime, one must be vigilant, take proactive measures, and work together as a global community to combat this rapid proliferation of illicit networks. Having strong detection capabilities within organizations is necessary, while individuals must remain cautious of unsolicited emails as well as verify information from official sources directly as they see fit. To prevent falling victim to these increasingly deceptive attacks that are evolving rapidly, one must stay informed, cautious, and security-conscious.
Read more »
Software
Android iPhone Privacy RCS Software

Finally, Safer Chats! Apple to Encrypt Messages Between iPhones and Android Phones

 



Apple is set to make a major improvement in how people using iPhones and Android devices communicate. Soon, text messages exchanged between these two platforms will be protected with end-to-end encryption, offering better privacy and security.

For years, secure messaging was only possible when two iPhone users texted each other through Apple’s exclusive iMessage service. However, when messages were sent from an iPhone to an Android phone, they used the outdated SMS system, which had very limited features and no encryption. This often left users worried about the safety of their conversations.

This change comes as Apple plans to adopt a new standard called Rich Communication Services, commonly known as RCS. RCS is a modern form of messaging that supports sharing pictures, videos, and other media in better quality than SMS. It also allows users to see when their messages have been read or when the other person is typing. Most importantly, the updated version of RCS will now include end-to-end encryption, which means that only the sender and receiver will be able to view the content of their messages.

An official update confirmed that Apple will roll out this new encrypted messaging feature across its devices, including iPhones, iPads, Macs, and Apple Watches, through future software updates.


What Does This Mean for Users?

This development is expected to improve the messaging experience for millions of users worldwide. It means that when an iPhone user sends a message to an Android user, the conversation will be much safer. The messages will be protected, ensuring that no one else can access them while they are being delivered.

For a long time, people who used different devices faced issues like poor media quality and lack of security when messaging each other. With this change, users on both platforms will enjoy better features without worrying about the safety of their private conversations.

Another important part of this update is that users will no longer have to depend on older messaging systems that offer no protection for their chats. Encrypted RCS messaging will make it easier for people to share not just text, but also photos, videos, and other files securely.


A Step Towards Better Privacy

Apple has always focused on user privacy, and this move further strengthens that image. Enabling encryption for messages sent between iPhones and Android devices means users can now rely on their default messaging apps for secure communication.

This change also reflects the growing importance of digital privacy as more people depend on their smartphones for daily conversations. By adding this level of protection, Apple is ensuring that users have better control over their personal information.

The upcoming encrypted RCS messaging feature is a significant step forward. It promises to offer better privacy and a smoother messaging experience for both iPhone and Android users. Once this update is live, users can communicate more securely without needing to worry about their messages being accessed by anyone else.


Read more »
Security Flaws
Amnesty International Android Android Flaw Cyber Security Google Account Google Exploit Google security Security Flaws

Google Patches Android Zero-Day Flaws Used to Unlock Phones

 

Google recently addressed critical security flaws in Android that allowed authorities to unlock phones using forensic tools, according to a report by Amnesty International. The report, released on Friday, detailed three previously unknown vulnerabilities exploited by phone-unlocking company Cellebrite. Amnesty’s researchers discovered these flaws while investigating the hacking of a student protester’s phone in Serbia. Since the vulnerabilities were found in the core Linux USB kernel, they could have potentially affected over a billion Android devices. 

Zero-day vulnerabilities, which remain unknown to software and hardware makers until discovered, are particularly dangerous as they can be exploited without any existing patches. Amnesty first noticed traces of one such flaw in mid-2024. Later, while examining the phone of an activist in Serbia, the organization shared its findings with Google’s Threat Analysis Group. This led Google to identify and fix the three security loopholes. During its investigation, Amnesty found that Serbian authorities had used Cellebrite’s forensic tools to exploit a USB vulnerability, allowing them to bypass security measures and unlock the activist’s device. 

Amnesty had previously reported in December that Serbian officials had used similar tools to access the phones of both an activist and a journalist, later installing the Android spyware NoviSpy. Following these allegations, Cellebrite stated earlier this week that it had discontinued its services for its Serbian customers. A Cellebrite spokesperson, Victor Cooper, pointed to a company statement that acknowledged the Amnesty report. The statement emphasized that Cellebrite had reviewed the allegations from Amnesty’s December 2024 report and conducted an internal investigation. As a result, the company decided to halt the use of its products by the Serbian authorities. 

In January, Amnesty was contacted to analyze another case involving a youth activist who was arrested by Serbia’s Security Information Agency (BIA) late last year. According to the report, the circumstances of his arrest and the actions of BIA officers closely resembled previous incidents documented in Amnesty’s December findings. A forensic analysis of the activist’s device confirmed that Cellebrite’s tools had been used to unlock his Samsung A32 without consent or legal authorization.  

Amnesty condemned the use of Cellebrite’s technology against individuals engaging in peaceful protests and exercising their right to free expression, stating that such actions violate human rights laws. Bill Marczak, a senior researcher at Citizen Lab, advised activists, journalists, and civil society members to consider switching to iPhones, which may offer stronger protection against these types of exploits. Amnesty’s Security Lab head, Donncha Ó Cearbhaill, warned thatCellebrite’s widespread availability raises serious concerns, suggesting that the full extent of its misuse may still be unknown. 

Google has not yet responded to requests for comment regarding the issue.
Read more »
SparkCat
Android app removal Apple Breach Cyber Security Cybersecurity Data Google iOS malware SparkCat

Apple and Google Remove 20 Apps Infected with Data-Stealing Malware


Apple and Google have removed 20 apps from their respective app stores after cybersecurity researchers discovered that they had been infected with data-stealing malware for nearly a year.

According to Kaspersky, the malware, named SparkCat, has been active since March 2024. Researchers first detected it in a food delivery app used in the United Arab Emirates and Indonesia before uncovering its presence in 19 additional apps. Collectively, these infected apps had been downloaded over 242,000 times from Google Play Store.

The malware uses optical character recognition (OCR) technology to scan text displayed on a device’s screen. Researchers found that it targeted image galleries to identify keywords associated with cryptocurrency wallet recovery phrases in multiple languages, including English, Chinese, Japanese, and Korean. 

By capturing these recovery phrases, attackers could gain complete control over victims' wallets and steal their funds. Additionally, the malware could extract sensitive data from screenshots, such as messages and passwords.

Following Kaspersky’s report, Apple removed the infected apps from the App Store last week, and Google followed soon after.

Google spokesperson Ed Fernandez confirmed to TechCrunch: "All of the identified apps have been removed from Google Play, and the developers have been banned."

Google also assured that Android users were protected from known versions of this malware through its built-in Google Play Protect security system. Apple has not responded to requests for comment.

Despite the apps being taken down from official stores, Kaspersky spokesperson Rosemarie Gonzales revealed that the malware is still accessible through third-party websites and unauthorized app stores, posing a continued threat to users.
Read more »
Spyware
Amazon App Store Android BMI Calculator malware Spyware

Hackers are Employing Amazon Appstore to Propagate Malware

 

'BMI CalculationVsn' is a malicious Android spyware app that was identified on the Amazon Appstore. It poses as a simple health tool while covertly harvesting data from compromised devices. 

Cybersecurity researchers from McAfee Labs discovered the app and notified Amazon, which resulted in the app being taken down from the app store. To get rid of any remaining traces, those who installed the app must manually uninstall it and run an extensive scan.

Amazon Appstore is a third-party Android software store that is pre-installed on Amazon Fire tablets and Fire TV devices. It also serves as a substitute to Google Play for Android device owners who can't or don't want to use Google's platform, and it even includes exclusive Amazon Prime games and entertainment. The BMI CalculationVsn spyware program, released by 'PT Visionet Data Internasional,' is marketed as a simple body mass index (BMI) calculator. 

Modus operandi

The user is greeted by an easy-to-use interface when they launch the compromised app, which offers the advertised features, such as calculating their BMI. However, there are other malicious activities going on in the background.

When the user taps the 'Calculate' button, the app first starts a screen recording service that asks for the required approval. This can be misleading and mislead users into giving their permission without thinking. 

McAfee claims that although the footage is locally stored in an MP4 file, it was not uploaded to the command and control (C2) server. This is probably because the app is still in the early stages of testing. 

The researchers' further investigation into the app's release history revealed that it was originally made available in the wild on October 8. By the end of the month, it changed the certificate information, added new malicious functions, and modified its icon. 

In order to help the attackers plan their next move, the app's second malicious operation is to scan the device and retrieve all installed applications. Finally, the spyware intercepts and gathers SMS messages, including verification codes and one-time passwords (OTPs), that are received and stored on the device.

Given that malicious apps can still escape through code review cracks in respectable and generally trustworthy stores like the Amazon Appstore, Android users should only install apps from reputable publishers. 

It is also advisable to review requested permissions and revoke problematic ones after installation. Google Play Protect can detect and block known malware detected by App Security Alliance partners such as McAfee, thus having it enabled on Android devices is critical.
Read more »
Salt Typhoon
Android Apple FBI iMessage Privacy RCS Salt Typhoon

FBI Warns of Security Risks in RCS Messaging

 

The FBI has issued a warning to Apple and Android device users regarding potential vulnerabilities in Rich Communication Services (RCS). While RCS was designed to replace traditional SMS with enhanced features, a critical security flaw has made it a risky option for messaging. Currently, RCS messages exchanged between Apple and Android devices lack end-to-end encryption, exposing users to potential cyber threats.

Why RCS Messaging is Problematic

Apple introduced RCS support to its iMessage app with iOS 18 to facilitate seamless communication between iPhone and Android users. However, unlike secure messaging apps like Signal or WhatsApp, RCS lacks end-to-end encryption for messages exchanged across these platforms. This absence of encryption leaves sensitive information vulnerable to interception by unauthorized individuals, including hackers and rogue actors.

The FBI’s warning follows a significant breach known as the Salt Typhoon attack, which targeted major U.S. telecommunications carriers. This breach highlighted the vulnerabilities in unencrypted messaging systems. In response, both the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have recommended using secure messaging platforms to mitigate such risks.

The GSMA, which oversees RCS technology, is actively working to implement end-to-end encryption for RCS messages. While progress has been made through industry collaboration, no specific timeline has been provided for the rollout of these crucial security updates.

Secure Alternatives for Messaging

Until RCS achieves full encryption, users are advised to switch to secure messaging apps that offer robust end-to-end encryption. Popular options include:

  • WhatsApp: Provides end-to-end encryption for text, voice, and video communications.
  • Signal: Known for its focus on privacy and strong encryption standards.
  • Telegram: Offers encrypted messaging with additional privacy features like Secret Chats.

In related news, Apple users are urged to update their devices to iOS 18.2 to address a critical vulnerability in the Apple Password app. This flaw could potentially expose sensitive user information, making the update essential for enhanced security.

While the integration of RCS messaging aims to enhance cross-platform communication, the current lack of encryption poses significant risks. As the industry works toward resolving these vulnerabilities, users are encouraged to rely on secure messaging apps and keep their devices updated with the latest security patches. Taking proactive steps and making informed decisions remain vital for ensuring safety in the digital landscape.

Read more »
Subscribe to: Posts (Atom)