Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Apps. Show all posts
Telegram
Application Apps Crypto Crypto scams Cyber Crime Scam Telegram

Hackers Exploit Telegram Mini Apps, Distribute Malware and Crypto Scams

 

Cybersecurity experts found a large-scale fraud campaign that used Telegram’s Mini App feature to launch crypto attacks, mimic famous brands and spread Android malware. 

FEMITBOT malware 


Research by CTM360 has dubbed the platform as FEMITBOT, it is based on a string present in API responses and uses Telegram bots and integrated Mini Apps to make believable, app-like experiences directly inside the messaging platform.

These Mini Apps are lightweight web apps that run within Telegram’s built-in browser, allowing services like payments, interactive tools, and account access without needing users to leave the application. Exploiting Telegram Mini apps

The FEMITBOT platform is used for various scams such as financial frauds, AI tools, streaming sites, and fake cryptocurrency platforms.

In a few campaigns, hackers imitated famous brands to boost engagement and credibility, while having the same backend infrastructure with multiple Telegram bots and different domains.

Brands impersonated


Brands copied in this campaign are Disny, eBay, YouKu, NVIDIA, Moon Pay, Apple, and Coco-Cola. The campaign used a common backend, different phishing domains used the same API response: “Welcome to join the FEMITBOT platform," indicating they are all using the same infrastructure.

Telegram bots compromised


Campaign used Telegram bots to show phishing websites directly inside the social media site. Once a user interacts with a Telegram bot and opens “Start,” the bot starts a Mini App that shows a phishing page inside Telegram’s default WebView. The user is tricked into thinking it's part of the application itself.

Tricking users via phishing tactics


After entering the system, targets are displayed dashboards with fake balances with fake countdown timers or limited-time offers to bait users.

When a user tries to take money, they are asked to make a deposit or do referral work. This is a general tactic in advanced-fee scams and investments.

The infrastructure is built to be used across multiple campaigns so that hackers can easily switch among brands, themes, and languages. The campaigns also use tracking scripts like TikTok and Meta tracking pixels, to trace users’ activity, optimize performance, and measure interactions.

Malware distribution via mini apps


Additionally, some Mini Apps tried to spread malware by posing as companies like the BBC, NVIDIA, CineTV, Coreweave, and Claro in Android APKs.

“Built on a modular, template-driven architecture, FEMITBOT enables rapid deployment, brand impersonation, and campaign optimization using real-time tracking and analytics. This reflects a shift toward scalable, marketing-like fraud operations designed to maximize user conversion and financial gain,” the report said.
Read more »
Temu
Android Users Apps CapCut China data access Data Breach FBI Temu

FBI Warns Smartphone Users About Risks Linked to Foreign Apps, Especially Chinese Platforms

 



The Federal Bureau of Investigation has issued a fresh alert cautioning users about potential security and privacy threats posed by mobile applications developed outside the United States, particularly those linked to China. The advisory emphasizes that while the concern may seem obvious, many users continue to download such apps without fully understanding the risks.

In its public notice, the agency highlighted that a significant number of widely used and top-earning apps in the U.S. market are owned or operated by foreign companies. Many of these are tied to Chinese firms, raising concerns due to China’s legal framework governing data access.

At the center of the warning are provisions within China’s National Intelligence Law. Under Article 7, individuals and organizations are required to assist state intelligence efforts and maintain secrecy around such cooperation. Article 14 further allows authorities to demand support, data, or cooperation from entities and citizens. Together, these provisions create a legal pathway through which user data collected by apps could be accessed by the Chinese state.

Despite raising these concerns, the FBI has not published a formal list of high-risk apps. Instead, it has urged users to evaluate all foreign-developed applications before installing them. Media reports, including analysis referenced by outlets such as New York Post, suggest that popular platforms like CapCut, Temu, SHEIN, and Lemon8 fall into this broader category of concern.

Further analysis by TechRadar indicates that several of these apps rank highly in download charts across both Android and iOS platforms. On Android, for example, TikTok Lite appears among the most downloaded, alongside TikTok and Temu. Some apps are linked to developers based in Hong Kong or operate through complex international structures, making origin tracing less transparent. While Android devices face higher exposure due to sideloading capabilities, iPhone users are not entirely shielded from such risks.

Notably, platforms like TikTok, CapCut, and Lemon8 currently operate in the U.S. under TikTok USDS LLC, a joint venture backed by Oracle Corporation, with majority U.S. ownership. This structure means their U.S. operations are treated differently from their global counterparts, even though their origins remain tied to Chinese development.

The FBI stresses that its advisory is not a blanket ban on Chinese apps. Rather, it encourages users to be more vigilant. One key concern is the type of permissions users grant during installation. Many individuals overlook privacy policies, allowing apps to continuously gather sensitive data such as contact lists, location details, and personal identifiers.

This data can be used to build detailed social networks, which may later support targeted cyberattacks or social engineering campaigns. Some applications also include features that encourage users to invite contacts, enabling developers to collect additional personal data such as names, email addresses, phone numbers, and physical addresses.

Another major concern is data storage. Certain apps explicitly state that collected information may be stored on servers located in China for extended periods. In some cases, users cannot access app functionality unless they agree to such data-sharing practices.

Beyond privacy risks, the FBI also warns about potential cybersecurity threats. Some foreign-developed apps may include hidden malicious components capable of exploiting system vulnerabilities, collecting unauthorized data, or establishing persistent backdoor access on devices.

The advisory highlights that installing apps from unofficial sources significantly increases these risks. This is particularly relevant for Android users, where sideloading is more common. While official app stores conduct security checks to detect harmful code, third-party sources may bypass these safeguards. Companies like Google have taken steps to limit installations from unknown developers, though risks remain.

To mitigate exposure, the FBI recommends several precautionary measures:

• Install applications only from official app stores

• Review terms of service and user agreements carefully

• Restrict unnecessary permissions and data sharing

• Regularly update passwords

• Keep device software up to date

In a parallel development stressing upon global regulatory tensions, China recently ordered the removal of a decentralized messaging application created by Jack Dorsey from its local app store. Authorities claimed the app violated national internet regulations, reinforcing how governments worldwide are tightening control over digital platforms.

The larger takeaway is that app-related risks are no longer limited to malware alone. Increasingly, they are shaped by legal frameworks, data governance policies, and geopolitical dynamics. For everyday users, this makes informed decision-making around app downloads more critical than ever.

Read more »
Software
Android App Developers Apple Apps Google Google Play malware Software

Google Rolls Out Android Developer Verification to Curb Anonymous App Distribution

 



Google has formally begun rolling out a comprehensive verification framework for Android developers, a move aimed at tackling the persistent problem of malicious applications being distributed by actors who operate without revealing their identity. The company’s decision reflects growing concerns within the mobile ecosystem, where anonymity has often enabled bad actors to bypass accountability and circulate harmful software at scale.

This rollout comes in advance of a stricter compliance requirement that will first take effect in September across key markets including Brazil, Indonesia, Singapore, and Thailand. These regions are being used as initial enforcement zones before the policy is gradually expanded worldwide next year, signaling Google’s intent to standardize developer accountability across its global Android ecosystem.

Under the new system, developers who distribute Android applications outside of the official Google Play marketplace will now be required to register through the Android Developer Console and verify their identity credentials. This requirement is particularly substantial for developers who rely on alternative distribution methods such as direct APK sharing, enterprise deployment, or third-party app stores, as it introduces a layer of traceability that previously did not exist.

At the same time, Google clarified that developers already publishing applications through Google Play and who have completed existing identity verification processes may not need to take further action. In such cases, their applications are likely to already comply with the updated requirements, reducing friction for those operating within the official ecosystem.

Explaining how this change will affect end users, Matthew Forsythe, Director of Product Management for Android App Safety, emphasized that the vast majority of users will not notice any difference in their day-to-day app installation experience. Standard app downloads from trusted sources will continue to function as usual, ensuring that usability is not compromised for the general public.

However, the experience changes when a user attempts to install an application that has not been registered under the new verification system. In such cases, users will be required to proceed through more advanced installation pathways, such as Android Debug Bridge or similar technical workflows. These methods are typically used by developers and experienced users, which effectively limits exposure for less technical individuals.

This design introduces a deliberate separation between general users and advanced users. While everyday users are shielded from potentially unsafe applications, power users retain the flexibility to install software manually, albeit with additional steps that reinforce intentional decision-making.

To further support developers, Google is integrating visibility into its core development tools. Within the next two months, developers using Android Studio will be able to directly view whether their applications are registered under the new system at the time of generating signed App Bundles or APK files. This integration ensures that compliance status becomes part of the development workflow rather than a separate administrative task.

For developers who have already completed identity verification through the Play Console, Google will automatically register eligible applications under the new framework. This automation reduces operational overhead and ensures a smoother transition. However, in cases where applications cannot be automatically registered, developers will be required to complete a manual claim process to verify ownership and bring those apps into compliance.

In earlier guidance, Google also outlined how sideloading, the practice of installing apps from outside official stores, will function under this system. Advanced users will still be able to install unregistered APK files, but only after completing a multi-step verification process designed to confirm their intent.

This process includes an authentication step to verify the user’s decision, followed by a one-time waiting period of up to 24 hours. The delay is not arbitrary. It is specifically designed to disrupt scam scenarios in which attackers pressure users into quickly installing malicious applications before they have time to reconsider.

Forsythe explained that although this process is required only once for experienced users, it has been carefully structured to counter high-pressure social engineering tactics. By introducing friction into the installation process, the system aims to reduce the success rate of scams that rely on urgency and manipulation.

This development is part of a wider industry tendency toward tightening control over app ecosystems and improving user data protection. In a parallel move, Apple has recently updated its Developer Program License Agreement to impose stricter rules on how third-party wearable applications handle sensitive data such as live activity updates and notifications.

Under Apple’s revised policies, developers are explicitly prohibited from using forwarded data for purposes such as advertising, user profiling, training machine learning models, or tracking user location. These restrictions are intended to prevent misuse of real-time user data beyond its original functional purpose.

Additionally, developers are not allowed to share this forwarded information with other applications or devices, except for authorized accessories that are explicitly approved within Apple’s ecosystem. This ensures tighter control over how data flows between devices.

The updated agreement also introduces further limitations. Developers are barred from storing this data on external cloud servers, altering its meaning in ways that change the original content, or decrypting the information anywhere other than on the designated accessory device. These measures collectively aim to preserve data integrity and minimize the risk of misuse.

Taken together, this charts a new course across the technology industry toward stronger governance of developer behavior, application distribution, and data handling practices. As threats such as malware distribution, financial fraud, and data exploitation continue to evolve, platform providers are increasingly prioritizing transparency, accountability, and user protection in their security strategies.

Read more »
Privacy
Apps Browser Browsing digital tracking Fingerprinting Phone Privacy

Your Phone Is Being Tracked in Ways You Can’t See: One Click Shows the Truth

 



Many people believe they are safe online once they disable cookies, switch on private browsing, or limit app permissions. Yet these steps do not prevent one of the most persistent tracking techniques used today. Modern devices reveal enough technical information for websites to recognise them with surprising accuracy, and users can see this for themselves with a single click using publicly available testing tools.

This practice is known as device fingerprinting. It collects many small and unrelated pieces of information from your phone or computer, such as the type of browser you use, your display size, system settings, language preferences, installed components, and how your device handles certain functions. None of these details identify you directly, but when a large number of them are combined, they create a pattern that is specific to your device. This allows trackers to follow your activity across different sites, even when you try to browse discreetly.

The risk is not just about being observed. Once a fingerprint becomes associated with a single real-world action, such as logging into an account or visiting a page tied to your identity, that unique pattern can then be connected back to you. From that point onward, any online activity linked to that fingerprint can be tied to the same person. This makes fingerprinting an effective tool for profiling behaviour over long periods of time.

Growing concerns around online anonymity are making this issue more visible. Recent public debates about identity checks, age verification rules, and expanded monitoring of online behaviour have already placed digital privacy under pressure. Fingerprinting adds an additional layer of background tracking that does not rely on traditional cookies and cannot be easily switched off.

This method has also spread far beyond web browsers. Many internet-connected devices, including smart televisions and gaming systems, can reveal similar sets of technical signals that help build a recognisable device profile. As more home electronics become connected, these identifiers grow even harder for users to avoid.

Users can test their own exposure through tools such as the Electronic Frontier Foundation’s browser evaluation page. By selecting the option to analyse your browser, you will either receive a notice that your setup looks common or that it appears unique compared to others tested. A unique result means your device stands out strongly among the sample and can likely be recognised again. Another testing platform demonstrates just how many technical signals a website can collect within seconds, listing dozens of attributes that contribute to a fingerprint.

Some browsers attempt to make fingerprinting more difficult by randomising certain data points or limiting access to high-risk identifiers. These protections reduce the accuracy of device recognition, although they cannot completely prevent it. A virtual private network can hide your network address, but it cannot block the internal characteristics that form a fingerprint.

Tracking also happens through mobile apps and background services. Many applications collect usage and technical data, and privacy labels do not always make this clear to users. Studies have shown that complex privacy settings and permission structures often leave people unaware of how much information their devices share.

Users should also be aware of design features that shift them out of protected environments. For example, when performing a search through a mobile browser, some pages include prompts that encourage the user to open a separate application instead of continuing in the browser. These buttons are typically placed near navigation controls, making accidental taps more likely. Moving into a dedicated search app places users in a different data-collection environment, where protections offered by the browser may no longer apply.

While there is no complete way to avoid fingerprinting, users can limit their exposure by choosing browsers with built-in privacy protections, reviewing app permissions frequently, and avoiding unnecessary redirections into external applications. Ultimately, the choice depends on how much value an individual places on privacy, but understanding how this technology works is the first step toward reducing risk.

Read more »
Stalkerware
Apps Google Play Protect Privacy Stalkerware

Stalkerware: How Scammers Might Be Tracking Your Phone and What You Can Do

 


Spyware applications designed to secretly monitor people’s phones are becoming more common. These programs, known as stalkerware, can track private messages, calls, photos, locations, and other personal data without the user’s knowledge. Often installed without permission, they operate silently in the background, making them difficult to detect. In many cases, they even disappear from the home screen to avoid suspicion.  

How Stalkerware Works

Stalkerware exploits built-in features of a phone to collect information. It can monitor calls, read texts, access notifications, and track locations. Since these apps run continuously in the background, they can slow down the device, cause overheating, and increase data usage. Because they often disguise themselves with names like “System Service” or “Device Health,” users may not realize they are installed.  

Warning Signs of Stalkerware  

It can be hard to tell if your phone has been infected with spyware, but certain unusual behaviors may indicate its presence. These include:  

• Your phone becoming slow or lagging unexpectedly  

• Overheating, even when not in use  

• Unusual spikes in data usage  

• Strange apps with broad permissions appearing in your settings  

If you notice any of these issues, it’s important to check your device for unauthorized applications.  


How to Find and Remove Stalkerware  

If you suspect someone is spying on your phone, take the following steps to locate and delete the tracking software:  

1. Activate Google Play Protect – This built-in security tool scans apps and helps detect harmful software. You can turn it on in the Play Store under "Play Protect."   

2. Check Accessibility Settings – Many spyware apps request special permissions to access messages, calls, and notifications. Review your phone’s accessibility settings and remove any suspicious apps.  

3. Inspect Device Admin Permissions – Some spyware disguises itself as essential system software to gain control over your phone. Check the “Device Admin” section in your settings and disable any unfamiliar apps.  

4. Review Notification Access – Spyware often requests access to notifications to track messages and alerts. If an app you don’t recognize has these permissions, it may be monitoring your activity.  

5. Delete Suspicious Apps – If you find an unknown app with excessive access to your personal data, disable and uninstall it immediately.  


How to Protect Your Phone from Spyware

Before removing stalkerware, be cautious—if someone installed it to monitor you, they might get alerted when it’s deleted. If you believe you’re in a risky situation, seek help before taking action. To prevent spyware infections in the future, follow these security tips:  

1. Use a Strong Screen Lock – Set a PIN, password, or fingerprint lock to prevent unauthorized access.  

2. Enable Two-Factor Authentication (2FA) – Adding an extra layer of security helps protect your accounts.  

3. Avoid Unverified Apps – Download applications only from trusted sources like the Google Play Store or Apple App Store.  

4. Check Background Activity – Regularly review your phone’s app permissions and remove anything that looks suspicious.  

By staying alert and taking the right precautions, you can protect your personal data from being tracked without your knowledge. If you ever suspect your device has been compromised, act quickly to secure your privacy.

Read more »
Warning
Apps criminals Cyber Security Experts jogging apps Target Warning

Experts Warn Criminals Could Exploit Jogging Apps for Targeting People

 

Experts caution that users of running apps should heighten their privacy settings to thwart potential stalkers and other malicious actors from accessing sensitive information regarding their activities. 

While platforms like Strava enable joggers and hikers to share route details and performance metrics with friends and followers, tech company Altia raises concerns about the possibility of criminals constructing a detailed profile of users' routines, including their start and end points, potentially exposing their home addresses. Altia advises users to review their security settings, ensuring that sensitive information isn't shared publicly by default and recommending a switch to private settings if necessary.

Highlighting the surge in stalking and harassment offenses, Altia underscores the significance of safeguarding personal data on fitness apps. These apps, utilizing GPS technology, can meticulously track users' movements, map out their routes, and gather various performance metrics, including pace, time, elevation gain, heart rate, and calories burned. 

With the popularity of apps like Strava soaring during the pandemic, Altia urges users to be vigilant, especially professionals in sensitive fields like security, law enforcement, banking, or the legal sector, who may inadvertently expose confidential information through their running activity.

Altia emphasizes the importance of maximizing app security settings and exercising caution regarding followers' activities and interactions. Users are advised to scrutinize their followers and assess whether their engagement seems genuine, as potential criminals could exploit the data for various purposes, including identifying secure or restricted locations like workplaces. 

By prioritizing privacy settings and remaining vigilant, users can mitigate the risk of their data falling into the wrong hands while enjoying the benefits of fitness-tracking apps safely.
Read more »
Tracking
Android Apps Data Devices Google Information Location Mobile monitoring personalization Privacy Security Smartphone Tech Technology Tracking

Is Your Android Device Tracking You? Understanding its Monitoring Methods

 

In general discussions about how Android phones might collect location and personal data, the focus often falls on third-party apps rather than Google's built-in apps. This awareness has grown due to numerous apps gathering significant information about users, leading to concerns, especially when targeted ads start appearing. The worry persists about whether apps, despite OS permissions, eavesdrop on private in-person conversations, a concern even addressed by Instagram's head in a 2019 CBS News interview.

However, attention to third-party apps tends to overshadow the fact that Android and its integrated apps track users extensively. While much of this tracking aligns with user preferences, it results in a substantial accumulation of sensitive personal data on phones. Even for those trusting Google with their information, understanding the collected data and its usage remains crucial, especially considering the limited options available to opt out of this data collection.

For instance, a lesser-known feature involves Google Assistant's ability to identify a parked car and send a notification regarding its location. This functionality, primarily guesswork, varies in accuracy and isn't widely publicized by Google, reflecting how tech companies leverage personal data for results that might raise concerns about potential eavesdropping.

The ways Android phones track users were highlighted in an October 2021 Kaspersky blog post referencing a study by researchers from the University of Edinburgh and Trinity College. While seemingly innocuous, the compilation of installed apps, when coupled with other personal data, can reveal intimate details about users, such as their religion or mental health status. This fusion of app presence with location data exposes highly personal information through AI-based assumptions.

Another focal point was the extensive collection of unique identifiers by Google and OEMs, tying users to specific handsets. While standard data collection aids app troubleshooting, these unique identifiers, including Google Advertising IDs, device serial numbers, and SIM card details, can potentially associate users even after phone number changes, factory resets, or ROM installations.

The study also emphasized the potential invasiveness of data collection methods, such as Xiaomi uploading app window histories and Huawei's keyboard logging app usage. Details like call durations and keyboard activity could lead to inferences about users' activities and health, reflecting the extensive and often unnoticed data collection practices by smartphones, as highlighted by Trinity College's Prof. Doug Leith.
Read more »
XLoader
Apple Apple MacOS Apps cybersecurity threat Data Data Safety data security iOS MacOS Malware malware OfficeNote productivity app Productivity Apps Safety Security XLoader

XLoader macOS Malware Variant Disguised as 'OfficeNote' Productivity App

 

A fresh variant of the Apple macOS malware known as XLoader has emerged, disguising its malicious intent through an office productivity app named "OfficeNote," according to cybersecurity experts from SentinelOne. 

In an analysis released on Monday, researchers Dinesh Devadoss and Phil Stokes revealed that the new form of XLoader is packaged within a regular Apple disk image, named OfficeNote.dmg. The application it contains bears the developer signature "MAIT JAKHU (54YDV8NU9C)."

XLoader, initially spotted in 2020, is categorized as an information stealer and keylogger that operates under the malware-as-a-service (MaaS) model. 

It follows in the footsteps of Formbook. While a macOS variant of XLoader emerged in July 2021, distributed as a Java program in the form of a compiled .JAR file, its execution was limited by the absence of the Java Runtime Environment in modern macOS installs.

To circumvent this constraint, the latest version of XLoader employs programming languages like C and Objective C. The disk image file carrying the malware was signed on July 17, 2023, a signature that has since been revoked by Apple.

SentinelOne reported discovering multiple instances of the malicious artifact on VirusTotal throughout July 2023, indicating a wide-reaching campaign. The researchers noted that the malware is advertised for rent on criminal forums, with the macOS version priced at $199 per month or $299 for three months.

Interestingly, this pricing is steeper than that of the Windows versions of XLoader, which are available for $59 per month or $129 for three months.

Once initiated, the seemingly harmless OfficeNote app displays an error message claiming it cannot be opened due to a missing original item. In reality, it surreptitiously installs a Launch Agent in the background to ensure its persistence.

XLoader's functionality centers around the collection of clipboard data and information stored within directories associated with web browsers like Google Chrome and Mozilla Firefox. However, Safari appears to be exempt from its targeting. 

Additionally, the malware is engineered to introduce sleep commands, delaying its execution and evading detection by both manual and automated security measures.

"XLoader continues to present a threat to macOS users and businesses," the researchers concluded.

"This latest iteration masquerading as an office productivity application shows that the targets of interest are clearly users in a working environment. The malware attempts to steal browser and clipboard secrets that could be used or sold to other threat actors for further compromise."
Read more »
User Privacy
Apps Cybersecurity Digital healthcare system Healthcare Data Sensitive Data Leak User Privacy

Fear Grip Users as Popular Diabetes App Faces Technical Breakdown

 A widely used diabetes management software recently experienced a serious technical failure, stunning the users and leaving them feeling angry and scared. The software, which is essential for assisting people with diabetes to monitor and manage their blood sugar levels, abruptly stopped functioning, alarming its devoted users. Concerns regarding the dependability and security of healthcare apps as well as the possible repercussions of such failures have been raised in response to the occurrence.

According to reports from BBC News, the app's malfunctioning was first brought to light by distressed users who took to social media platforms to express their frustration. The app's sudden failure meant that users were unable to access critical features, including blood glucose monitoring, insulin dosage recommendations, and personalized health data tracking. This unexpected disruption left many feeling vulnerable and anxious about managing their condition effectively.

The Daily Mail highlighted the severity of the situation, emphasizing how the app's failure posed a potential threat to the lives of its users. Many individuals with diabetes rely on the app to regulate their insulin levels, ensuring they maintain stable blood sugar readings. With this vital tool out of commission, users were left in a state of panic, forced to find alternative methods to track their glucose levels and administer appropriate medication.

The incident has triggered an outpouring of anger and fear from the affected users, who feel let down by the app's developers. One user expressed their frustration, stating, "I have come to depend on this app for my daily diabetes management. Its sudden breakdown has left me feeling helpless and anxious about my health." Others echoed similar sentiments, emphasizing the app's importance in their daily routines and the detrimental impact of its sudden unavailability.

The situation has also raised broader concerns regarding the reliability and security of healthcare apps. As these digital tools increasingly become a fundamental part of managing chronic conditions, their dependability and robustness are of paramount importance. This incident serves as a reminder of the potential risks associated with relying solely on technology for critical health-related tasks.

Furthermore, the incident sheds light on the need for developers to prioritize thorough testing and regular maintenance of healthcare apps to prevent such disruptions. App developers and healthcare providers must collaborate closely to ensure the seamless functioning of these tools, considering the impact they have on the well-being of individuals with chronic conditions.

Read more »
Unauthorized access
Apps Data Breach Data Privacy Laws Encryption Indian Government website Protocols Unauthorized access

CoWIN App Data Leak Claims: Minister Denies Direct Breach

 

Amidst concerns over a potential data breach in India's CoWIN app, the Union Minister, Rajeev Chandrasekhar, has stated that the app or its database does not appear to have been directly breached. The CoWIN app has been widely used in India for scheduling COVID-19 vaccinations and managing vaccination certificates.

The clarification comes in response to recent claims of a data leak, where personal information of individuals registered on the CoWIN platform was allegedly being sold on the dark web. The Union Minister assured the public that the government is taking the matter seriously and investigating the claims.

According to the Ministry of Health and Family Welfare, preliminary investigations suggest that the data leak may not have originated from a direct breach of the CoWIN app or its database. However, the government has initiated a thorough inquiry to determine the source and nature of the alleged data leak.

Data security and privacy have been significant concerns in the digital era, particularly in the healthcare sector where sensitive personal information is involved. As the COVID-19 vaccination drive continues, ensuring the protection of citizens' data becomes paramount. Any breach or compromise in the CoWIN system could erode public trust and confidence in the vaccination process.

The CoWIN platform has been subject to rigorous security measures, including data encryption and other safeguards to protect personal information. Additionally, the government has urged citizens to remain cautious and avoid sharing personal details or vaccine-related information on unauthorized platforms or with unknown individuals.

It is important for individuals to stay vigilant and follow official channels for vaccine registration and information. The government has emphasized the importance of using the official CoWIN app or website, which are secure platform for vaccine-related activities.

As investigations into the alleged data leak continue, the government is working to enhance the security measures of the CoWIN platform. Strengthening cybersecurity protocols and regularly auditing the system can help prevent unauthorized access and potential data breaches.

The incident serves as a reminder of the ongoing challenges in maintaining data security in the digital age. It highlights the need for constant vigilance and proactive measures to safeguard sensitive information. The government's response to these claims underscores its commitment to addressing data security concerns and ensuring the privacy of citizens.

As the vaccination drive plays a crucial role in controlling the spread of COVID-19, maintaining public trust in the CoWIN platform is imperative. By addressing any potential vulnerabilities and reinforcing data protection measures, the government aims to assure citizens that their personal information is safe and secure during the vaccination process.

Despite worries about a data leak in the CoWIN app, the Union Minister's statement suggests that neither the app nor its database appears to have been directly compromised. The government's examination of the situation serves to underline its dedication to data security and privacy. Maintaining the integrity and security of systems associated with vaccines continues to be a high priority while efforts to battle the epidemic continue.
Read more »
Safety
Apps Attack Vectors Cloud Security Cyber Security Data Research Safety

Three Commonly Neglected Attack Vectors in Cloud Security

 

As per a 2022 Thales Cloud Security research, 88% of companies keep a considerable amount (at least 21% of sensitive data) in the cloud. That comes as no surprise. According to the same survey, 45% of organisations have had a data breach or failed an audit involving cloud-based data and apps. This is less surprising and positive news. 

The majority of cloud computing security issues are caused by humans. They make easily avoidable blunders that cost businesses millions of dollars in lost revenue and negative PR. Most don't obtain the training they need to recognise and deal with constantly evolving threats, attack vectors, and attack methods. Enterprises cannot avoid this instruction while maintaining control over their cloud security.

Attacks from the side channels

Side-channel attacks in cloud computing can collect sensitive data from virtual machines that share the same physical server as other VMs and activities. A side-channel attack infers sensitive information about a system by using information gathered from the physical surroundings, such as power usage, electromagnetic radiation, or sound. An attacker, for example, could use statistics on power consumption to deduce the cryptographic keys used to encrypt data in a neighbouring virtual machine.  

Side-channel attacks can be difficult to mitigate because they frequently necessitate careful attention to physical security and may involve complex trade-offs between performance, security, and usability. Masking is a common defence strategy that adds noise to the system, making it more difficult for attackers to infer important information.

In addition, hardware-based countermeasures (shields or filters) limit the amount of data that can leak through side channels.

Your cloud provider will be responsible for these safeguards. Even if you know where their data centre is, you can't just go in and start implementing defences to side-channel assaults. Inquire with your cloud provider about how they manage these issues. If they don't have a good answer, switch providers.

Container breakouts

Container breakout attacks occur when an attacker gains access to the underlying host operating system from within a container. This can happen if a person has misconfigured the container or if the attacker is able to exploit one of the many vulnerabilities in the container runtime. After gaining access to the host operating system, an attacker may be able to access data from other containers or undermine the security of the entire cloud infrastructure.

Securing the host system, maintaining container isolation, using least-privilege principles, and monitoring container activities are all part of defending against container breakout threats. These safeguards must be implemented wherever the container runs, whether on public clouds or on more traditional systems and devices. These are only a few of the developing best practices; they are inexpensive and simple to apply for container developers and security experts.

Cloud service provider vulnerabilities

Similarly to a side-channel attack, cloud service providers can be exposed, which can have serious ramifications for their clients. An attacker could gain access to customer data or launch a denial-of-service attack by exploiting a cloud provider's infrastructure weakness. Furthermore, nation-state actors can attack cloud providers in order to gain access to sensitive data or destroy essential infrastructure, which is the most serious concern right now.

Again, faith in your cloud provider is required. Physical audits of their infrastructure are rarely an option and would almost certainly be ineffective. You require a cloud provider who can swiftly and simply respond to inquiries about how they address vulnerabilities:

Read more »
Website
Ad Blockers Apps Cyber Security Data NordVPN Security Website

NordVPN Identifies the Most Risky Websites for Users' Privacy and Security

When you browse the web on a regular basis, it can be quite dangerous, but it becomes even more dangerous when you access certain types of sites. It should come as no surprise that porn, streaming, and video hosting websites top the list of services posing the greatest risk to users' privacy and security. 

Malware attacks, invasive ads, and heavy web tracking were among the threats. That is the exclusive data gathered by NordVPN, one of the best VPN services available. In December 2022 alone, the VPN provider was able to block over 344 million web trackers, 341 million intrusive ads, and 506,000 malware infections thanks to its Threat Protection tool.

"The online world is challenging people in every single move they make," said NordVPN cybersecurity advisor Adrianus Warmenhoven.

"Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it."

NordVPN researchers wanted to know how these cyber threats were getting to users. They did this by analysing aggregated data collected by their Threat Protection system. While this did not include any personally identifiable information about users, it did assist them in depicting the scenario that everyone faces on a daily basis online.

Malware is perhaps the most concerning of these threats. This is due to the ease with which such malicious software can infiltrate a device and damage or compromise tonnes of users' sensitive data. Adult content sites contain the most malware, including viruses, ransomware, spyware, and other threats. During the coverage period, over 60,000 domains were blocked. Cloud storage and entertainment platforms are next in line, with approximately 70,000 infected platforms discovered between the two categories.

Intrusive ads are any pop-ups or other ad pages that appear without being requested. These not only annoy people's online experiences, but they are also excellent at gathering information about users without their knowledge. As expected, free streaming platforms are the most involved, with more than 55 minion domains affected. Adult content and shopping websites appear to be close behind.

These findings highlight the importance of using a reliable ad-blocker every time you browse the web, especially when visiting certain types of websites.

"Ad blockers are essential for both security - because they block ads that can infect people’s devices - and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy," explains Warmenhoven. "Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster.” 

Web trackers are another major cyber threat because they compromise users' online anonymity. Video hosting services were the sites with the most web trackers. The NordVPN Threat protection tool blocked over two billion domains. Tracking was also high in cloud storage, web email, and information technology sites. As per Nord, Hong Kong and Singapore have the most web trackers in the world, with an average of 45 and 33 trackers per website. Other countries with high tracking rates include the United States, Australia, the United Kingdom, Spain, and France.

NordVPN Threat Protection is a system that safeguards users from the aforementioned online threats. It accomplishes this by scanning all files you download and blocking all sites containing malware and dangerous ads before you open them.

Threat Protection is available on all NordVPN apps. This means that there is no additional cost to enjoy a safer online experience. All you have to do is follow these simple steps:
  • Launch the latest NordVPN app on your preferred device.
  • Click the shield icon on the left side of your screen.
  • Activate the Threat Protection toggle.

Read more »
Web Services
Apps Cyber Security Malicious actor saaS Supply Chain Attack Unauthorized access Web Services

DoControl: Growing its SaaS Security Platform

DoControl offers an integrated, automated, and risk-aware SaaS Security Platform that protects apps and data which are essential to corporate operations promotes operational efficiency and boosts productivity. Protecting data and business-critical SaaS apps through automated remediation is DoControl's key strength.

DoControl's newest module adds shadow SaaS application identification, monitoring, and remediation to build on earlier advancements that target mission-critical use cases and better defend companies from SaaS supply chain assaults. By establishing machine identities that are frequently overprivileged, unapproved of, and unmonitored, SaaS application-to-application communication capabilities raise the risk. To address regulatory gaps and automatically close supply chain-based attack vectors, DoControl's SaaS Security Platform extension offers total control and transparency across all authorized and unauthorized SaaS apps.

One service platform that delivers unified security across various apps is required by the industry as a result of the rapid expansion of SaaS applications, the need to integrate them, or the economic pressures to integrate vendors. DoControl has established itself as the end-to-end SaaS security platform supplier, including CASB, DLP, Insider Risk, and Workflows, so now Shadow Apps enable security teams to accomplish more with less effort.

Extensive shadow application governance is aided by the DoControl SaaS Security Platform's expansion:

Facts and Awareness: All interlinked  SaaS applications within a company's estate can be found by organizations, both sanctioned and unsanctioned. Businesses can spot issues of non-compliance and comprehend the high-risk SaaS platforms, apps, or users vulnerable inside the SaaS estate with rigorous surveying and inventories.

Analyze and Operate: Utilizing pre-approval rules and workflows that demand end users present a business explanation for acquiring new apps, companies can conduct app reviews with business users. Security staff can also place suspect applications in quarantine, limit a user's access rights, and revoke such privileges.

Automated Cleanup: Organizations can automate the application of security policies throughout the entire SaaS application stack by using low-code/no-code solutions. Through automated patching of various threat vectors, DoControl's Security Workflows limit vulnerability brought on by third-party apps and stop unauthorized or high-risk app usage.

Data security is essential, but several systems lack the level of specificity and set of capabilities modern businesses require to secure sensitive data and operations, particularly in the intricate and linked world of SaaS apps. DoControl finds every SaaS user, partner company, asset, and metadata, as well as OAuth applications, groups, and activity events. Without hindering business enablement, DoControl helps to lower risk, prevent data breaches, and manage insider risk.


Read more »
Spyware
Android Android Apps Apps Banking Malware malware SpyNote Spyware

SpyNote Strikes: Android Spyware Targets Financial Establishments

 

Since at least October 2022, financial institutions have been targeted by a new version of Android malware called SpyNote, which combines spyware and banking trojan characteristics. 

"The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric said in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions."

Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank are among the notable institutions impersonated by the malware. SpyNote (aka SpyMax) is feature-rich and comes with a slew of capabilities, including the ability to instal arbitrary apps, collect SMS messages, calls, videos, and audio recordings, track GPS locations, and even thwart attempts to uninstall the app. 

It also mimics the behaviour of other banking malware by requesting access to services to extract two-factor authentication (2FA) codes from Google Authenticator and record keystrokes to steal banking credentials.

SpyNote also includes features for stealing Facebook and Gmail passwords and capturing screen content via Android's MediaProjection API.

According to the Dutch security firm, the most recent SpyNote variant (dubbed SpyNote.C) is the first to target banking apps as well as other well-known apps such as Facebook and WhatsApp.

It's also known to pose as the official Google Play Store service and other generic applications ranging from wallpapers to productivity and gaming. The following is a list of some of the SpyNote artefacts, which are mostly delivered via smishing attacks:
  • Bank of America Confirmation (yps.eton.application)
  • BurlaNubank (com.appser.verapp)
  • Conversations_ (com.appser.verapp )
  • Current Activity (com.willme.topactivity)
  • Deutsche Bank Mobile (com.reporting.efficiency)
  • HSBC UK Mobile Banking (com.employ.mb)
  • Kotak Bank (splash.app.main)
  • Virtual SimCard (cobi0jbpm.apvy8vjjvpser.verapchvvhbjbjq)
SpyNote.C is approximated to have been bought by 87 different customers between August 2021 and October 2022 after its developer advertised it through a Telegram channel under the name CypherRat.

Nevertheless, the open-source availability of CypherRat in October 2022 has resulted in a significant rise in the number of samples detected in the wild, implying that several criminal groups are using the malware in their own campaigns.

ThreatFabric also stated that the original author has since begun work on a new spyware project codenamed CraxsRat, which will be available as a paid application with similar features.

"This development is not as common within the Android spyware ecosystem, but is extremely dangerous and shows the potential start of a new trend, which will see a gradual disappearance of the distinction between spyware and banking malware, due to the power that the abuse of accessibility services gives to criminals," the company said.

The revelations resulted after a group of researchers demonstrated EarSpy, a unique attack against Android devices that allows access to audio conversations, indoor locations, and touchscreen inputs by using the smartphones' built-in motion sensors and ear speakers as a side channel.

Read more »
WhatsApp
Android Apps Data Fake Apps Mobile Phones Mobile Security Safety Scam Security SMS Access WhatsApp

This Unofficial WhatsApp Android App Caught Stealing Users’ Accounts

 

Kaspersky researchers discovered 'YoWhatsApp,' an unofficial WhatsApp Android app that steals access keys for users' accounts. Mod apps are promoted as unofficial versions of genuine apps that include features that the official version does not. 

YoWhatsApp is a fully functional messenger that supports extra features such as customising the interface and blocking access to specific chats. The tainted WhatsApp app requests the same permissions as the original messenger app, such as SMS access.

“To use the WhatsApp mod, users need to log in to their account of the legitimate app. However, along with all the new features, users also receive the Triada Trojan. Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app.” reported Kaspersky. 

“Along with the permissions needed for WhatsApp to work properly, this gives them the ability to steal accounts and get money from victims by signing them up for paid subscriptions that they are unaware of.”

This mod instals the Triada Trojan, which is capable of delivering other malicious payloads, issuing paid subscriptions, and even stealing WhatsApp accounts. More than 3,600 users have been targeted in the last two months, according to Kaspersky. The official Snaptube app promoted the YoWhatsApp Android app.

The malicious app was also discovered in the popular Vidmate mobile app, which is designed to save and watch YouTube videos. Unlike Snaptube, the malicious build was uploaded to Vidmate's internal store. YoWhatsApp v2.22.11.75 steals WhatsApp keys, enabling threat actors to take over users' accounts, according to Kaspersky researchers.

In 2021, Kaspersky discovered another modified version of WhatsApp for Android that offered additional features but was used to deliver the Triada Trojan. FMWhatsApp 16.80.0 is the modified version.

The experts also discovered the advertisement for a software development kit (SDK), which included a malicious payload downloader. The FMWhatsapp was created to collect unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) as well as the name of the app package in which they are deployed.

To be protected, the researchers advise:
  • Only install applications from official stores and reliable resources
  • Remembering to check which permissions you give installed applications – some of them can be very dangerous
  • Installing a reliable mobile antivirus on your smartphone, such as Kaspersky Internet Security for Android. It will detect and prevent possible threats.
Kaspersky concluded, “Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources may still fall victim to them. In particular, malware like Triada can steal an IM account, and for example, use it to send unsolicited messages, including malicious spam. The user’s money is also at risk, as the malware can easily set up paid subscriptions for the victim.”


Read more »
Frauds
Advertisement Applications Apps Cyber Fraud Frauds

Scylla: Ad Fraud Scheme in 85 Apps with 13 Million Downloads

 

Security researchers have exposed 85 apps involved in the ongoing ad frauds campaign that began in 2019. 75 apps of these apps are on Google Play, while 10 are present on the App store. The apps have collectively more than 13 million downloads to date. 
 
Researchers from HUMAN’s Satori Threat Intelligence have collectively named all the mobile apps that are being identified in the ad fraud campaign as ‘Scylla’.  
 
The malicious apps flooded the mobiles with advertisements, both visible and hidden ads. Additionally, the fraudulent apps garnered revenue by impersonating as legitimate apps in app stores. Although these apps are not seen as severe threats to the users, the adware operators can use them for more malicious activities.  
 
According to the researchers, Scylla is believed to be the third wave of an ad fraud campaign that came to light in August 2019, termed ‘Poseidon’. The second wave, called ‘Charybdis’ led up to the end of 2020. 

The original operation, Poseidon comprised over 40 fraudulent android apps, designed to display out-of-context ads or even ads hidden from the view of mobile users. 
 
The second wave, Charybdis, was a more sophisticated version of Poseidon, targeting advertising platforms via code obfuscation tactics. Scylla apps, on the other hand, expand beyond Android, to charge against the iOS ecosystem. In addition to this, Scylla relies on additional layers of code obfuscation, using Allatori Java obfuscator, making it hard for the researchers to detect or reverse engineer the adware. 
 
These fraudulent apps are engineered to commit numerous kinds of ad frauds, including mimicking popular apps (such as streaming services) to trick advertising SDKs into placing their ads, displaying out-of-context and hidden ads, generating clicks from the unaware users, and generating profit off ads to the operator. 
 
"In layman's terms, the threat actors code their apps to pretend to be other apps for advertising purposes, often because the app they're pretending to be is worth more to an advertiser than the app would be by itself," states HUMAN security. 
 
According to the sources, the researchers have informed Google and Apple about these fraudulent apps, following which the apps are being removed from Google Play and App Store. Users are recommended to simply remove the apps if they have downloaded one of the suspected adware by any chance. 
  
Furthermore, with regards to the increasing frauds, the Satori researchers have suggested certain precautionary measures that could be taken into account for the user to not fall for the adware frauds. It includes examining their apps before downloading them, looking out for apps that you do not remember downloading, and avoiding third-party app stores that could harbor malicious applications.
Read more »
Vulnerabilities and Exploits
Amazon Android Apps Bugs Flaws Report Vulnerabilities and Exploits

Amazon Patches Ring Android App Flaw Exposing Camera Recordings

 

Amazon has patched a critical vulnerability in the Amazon Ring app for Android that could have enabled hackers to download saved camera recordings from customers. The flaw was discovered and disclosed to Amazon on May 1st, 2022 by security researchers at application security testing company Checkmarx, and it was fixed on May 27th. 

Because the Ring Android app has over 10 million downloads and is used by people all over the world, access to a customer's saved camera recordings could have enabled a wide range of malicious behaviour, from extortion to data theft. 

Checkmarx discovered an 'activity' that could be launched by any other app installed on the Android device while analysing the Ring Android app. An 'activity' on Android is a programme 0component that displays a screen that users can interact with to perform a specific action. When developing an Android app, you can expose that activity to other installed apps by including it in the app's manifest file.

Checkmarx discovered that the 'com.ringapp/com.ring.nh.deeplink.DeepLinkActivity' activity was exposed in the app's manifest, enabling any other install app to launch it.

"This activity would accept, load, and execute web content from any server, as long as the Intent's destination URI contained the string “/better-neighborhoods/”," explained a report by Checkmarx shared with BleepingComputer before publishing.

This meant they could start the activity and send it to an attacker-controlled web server to interact with it. However, only pages hosted on the ring.com or a2z.com domains were able to interact with the activity.

The Checkmarx researchers got around this restriction by discovering an XSS vulnerability on the https://cyberchef.schlarpc.people.a2z.com/ URL, which allowed them to compromise the system.

"With this cookie, it was then possible to use Ring’s APIs to extract the customer’s personal data, including full name, email, and phone number, and their Ring device’s data, including geolocation, address, and recordings." - Checkmarx.

With a working attack chain in place, the researchers could have exploited the vulnerability by developing and publishing a malicious app on Google Play or another site. Once a user was duped into installing the app, it would launch the attack and send the Ring customer's authentication cookies to the attackers.

Analyzing videos with machine learning

However, as a threat actor, what would you do with the massive amount of videos that you could gain access to by exploiting this vulnerability?

Checkmarx discovered that they could sift through the videos using the Amazon Rekognition service, an image and video analysis service. The service could use machine learning to find videos of celebrities, documents containing specific words, or even a password scribbled carelessly on a post-it note stuck to a monitor.

This information could then be relayed back to the threat actor, who could use it for extortion, network intrusion, or simply to be a voyeuristic observer. The good news is that Amazon quickly responded to Checkmarx's bug report and released a fix.

"It was a pleasure to collaborate so effectively with the Amazon team, who took ownership and were professional through the disclosure and remediation process," concluded the Checkmarx report.

"We take the security of our devices and services seriously and appreciate the work of independent researchers. We issued a fix for supported Android customers back in May, soon after the researchers' submission was processed. Based on our review, no customer information was exposed," Ring told BleepingComputer.
Read more »
Tactics
Android Malware Apps Banking Trojan BRATA malware phishing Tactics

This Android-wiping Malware is Evolving into a Constant Threat

 

The threat actors responsible for the BRATA banking trojan have refined their techniques and enhanced the malware with data-stealing capabilities. Cleafy, an Italian mobile security business, has been following BRATA activity and has discovered variations in the most recent campaigns that lead to extended persistence on the device. 

"The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern. This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information," explains Cleafy in a report this week.

The malware has also been modified with new phishing tactics, new classes for requesting further device permissions, and the inclusion of a second-stage payload from the command and control (C2) server. BRATA malware is also more focused, as researchers determined that it concentrates on one financial institution at a time and only switches to another when countermeasures render its attacks ineffective.

For example, instead of getting a list of installed applications and retrieving the appropriate injections from the C2, BRATA now comes pre-loaded with a single phishing overlay. This reduces harmful network traffic as well as interactions with the host device. 

In a later version, BRATA gains greater rights to transmit and receive SMS, which can aid attackers in stealing temporary codes such as one-time passwords (OTPs) and two-factor authentication (2FA) that banks send to their clients. After nesting into a device, BRATA retrieves a ZIP archive containing a JAR ("unrar.jar") package from the C2 server. 

This keylogging utility tracks app-generated events and records them locally on the device along with the text contents and a timestamp. Cleafy's analysts discovered that this tool is still in its early stages of development. The researchers believe the author's ultimate purpose is to exploit the Accessibility Service to obtain data from other apps. 

BRATA's development 

In 2019, BRATA emerged as a banking trojan capable of screen capture, app installation, and turning off the screen to make the device look powered down. BRATA initially appeared in Europe in June 2021, utilising bogus anti-spam apps as a lure and employing fake support personnel who duped victims and fooled them into handing them entire control of their devices. 

In January 2022, a new version of BRATA appeared in the wild, employing GPS tracking, several C2 communication channels, and customised versions for different locations. Cleafy has discovered a new project: an SMS stealer app that talks with the same C2 infrastructure as the current BRATA version and the shift in tactics. 

It uses the same structure and class names as BRATA but appears to be limited to syphoning brief text messages. It currently targets the United Kingdom, Italy, and Spain. To intercept incoming SMS messages, the application requests that the user designate it as the default messaging app, as well as authorization to access contacts on the device. 

For the time being, it's unclear whether this is only an experiment in the BRATA team' to produce smaller apps focused on certain roles. What is obvious is that BRATA continues to evolve at a two-month interval. It is critical to be watchful, keep your device updated, and avoid installing apps from unapproved or dubious sources.
Read more »
Technology
Apps Blockchain Crypto Discord NFT Technology

Bored Ape & Other Major NFT Project Discords Hacked by Fraudsters

 

The Discords of several prominent NFT projects were hacked last week as part of a phishing scheme to mislead members into handing up their digital jpegs. 

In tweets, the Bored Ape Yacht Club, Nyoki, and Shamanz all confirmed Discord hacks. The Discords of NFT projects Doodles and Kaiju Kingz were also attacked, according to screenshots released by independent blockchain investigator Zachxbt. Doodles and Kaiju Kingz both confirmed that they had been hacked on their Discords. 

“Oh no, our dogs are mutating,” read one of the phishing posts posted in the BAYC Discord by a compromised bot viewed by Motherboard.

“MAKC can be staked for our $APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs.” 

The hack's purpose was to get users to click a link to "mint" a phoney NFT by submitting ETH and, in some cases, an NFT to wrap into a token. 

“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised,” the official BAYC Twitter account said early Friday morning. 

“We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.” 

"Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack," the Nyoki’s tweet said. 

On blockchain explorer Etherscan, two wallet addresses have been linked to the hacks and are now dubbed Fake Phishing5519 and Fake Phishing5520. The 5519 wallet, which sent 19.85 ETH to the 5520 wallets, stole at least one Mutant Ape Yacht Club NFT (a BAYC offshoot by developer Yuga Labs) and soon sold it. Early Friday morning, this second wallet delivered 61 ETH ($211,000) to the mixing service Tornado Cash. The wallet's most recent transaction is a transfer of.6 ETH to an inactive wallet, which subsequently sent the same amount to an extremely active wallet with 1,447 ETH ($5 million), 6 million Tether coins ($6 million), and a variety of other tokens. 

This is not the first or last attack on crypto assets on Discord, which, while being a gaming-focused network, serves as a crucial centre for the great majority of projects. Crypto projects already have to deal with hacks that take advantage of smart contract flaws, but the fact that so many of them are also on Discord subjects them to frauds that exploit the power of the platform itself. 

Several high-profile accounts have already fallen prey to schemes that hacked bots responsible for channel-wide announcements and pushed websites in order to steal ETH, NFTs, or wallets.
Read more »
VPNS
Apps Cring Cyber Crime Ransomware Sophos VPNS

Cring Ransomware Attacks Industrial Organisations Using Outdated VPNs and Apps

 

The Cring ransomware group is constantly making a name by attacking outdated Coldfusion servers and VPNs after surfacing earlier in 2021. According to experts, what makes cring different is, as of now, it appears in specific targeting of outdated vulnerabilities in their campaigns. In an earlier incident, Cring threat actors abused a two year old Fortigate VPN vulnerability exploit "end-of-life" or different incompatible devices, exposed to the web in the wild. Meanwhile Cring has threat actors using Mimikatz on devices to get credentials, and there's also proof that native windows process work blending in other authorotized activities. 

ZDNet reports "positive Technologies head of malware detection Alexey Vishnyakov added that the group gets its primary consolidation through the exploitation of 1-day vulnerabilities in services at the perimeter of the organization like web servers, VPN solutions and more, either through buying access from intermediaries on shadow forums or other methods." It can often lead to more complex problems for network hunters and cybersecurity agents to find anything suspicious by the time it's already too late. 

The current and earlier campaigns have shown continuous implementation and exploit of Cobalt Strike beacons used by several threat actors, mostly using it for post-exploit phase that is easier for hackers to operate. Sophos did a research in September emphasizing one particular case where Cring threat actors exploited an 11 year old Adobe Coldfusion 9 installation 9 to take remote command over Coldfusion server. 

Sophos managed to link the group using Cring ransomware to threat actors in Belarus and Ukraine, these hackers used automated tools to hack into unnamed company servers in the service sector. "In the incident we researched, the target was a services company, and all it took to break in was one internet-facing machine running old, out-of-date and unpatched software. The surprising thing is that this server was in active daily use. Often the most vulnerable devices are inactive or ghost machines, either forgotten about or overlooked when it comes to patching and upgrades," said Andrew Brandt, chief researcher at Sophos.
Read more »
Subscribe to: Posts (Atom)