Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Billing data. Show all posts

105 million Android Devices were Infected with 'Dark Herring' Invoice Malware


Dark Herring malware was identified by a Zimperium research team, the campaign is estimated to be in the millions of dollars, in monthly increments of $15 per victim. Google has subsequently deleted all 470 fraudulent apps from Play Store, and the scam services have been shut down, however, any user who already has one of the apps loaded could be actively attacked in the future. The apps can also be found in third-party app shops. 

Direct carrier billing (DCB) is a mobile payment technique which adds payments for non-telecom services to a consumer's monthly phone bill. It is used by customers worldwide, particularly in underbanked countries. It's a tempting target for opponents. 

The Dark Herring's long-term success was based on AV anti-detection skills, widespread distribution via a large number of programs, code encryption, and the use of proxy as first-stage URLs.While none of the aforementioned features are novel or surprising, seeing it together in one software program is unusual for Android fraud. Furthermore, the actors used a complex infrastructure which has accepted communications from all 470 application users yet handled each one individually based on a unique identity. 

It has no malicious code in the installed software, but it does have a hard-coded encoded string which refers to a first-stage URL located on Amazon's CloudFront.The server's answer includes links to further JavaScript files housed on Amazon Web Services servers, which are downloaded to the infected device. 

The campaign was able to last so long because the malicious users presented viewers with the expected functionality, an attempt to remain installed on the victims' devices. The Dark Herring applications begin interacting with the authoritarian (C&C) server once it has been installed on a device to send over the victim's IP address, which is used to track the victim for a direct carrier invoicing subscription. 

The victim is sent to a geo-specific webpage, where the user is asked about personal details like phone numbers, ostensibly for verification purposes. However, the victim has no idea, of sending contact information to a subscription plan."The victim does not understand the impact of the crime right away," Zimperium explains, "and the chance of the theft extending for months before discovery is high, with hardly any remedy to get one's money back." 

Given Dark Herring's evident accomplishments, Zimperium believes it is unlikely, the cybersecurity community will hear from this criminal outfit again.

Data Breach at Digital Oceans Leaves Customer Billing Data Exposed

 

Digital Ocean, a cloud solutions provider, informs certain clients that the billing information they receive may indeed be breached as someone has exploited a flaw inside the central database of the company. 

US - Based Digital Ocean, Inc. is a supplier of cloud computing with global data centers located in New York City. Digital Ocean offers cloud services for developers which help build and scale applications distributed across multiple computers concurrently. 

Digital Ocean stated in an email to clients that the unauthorized access took place between 9th and 22nd April 2021 but was only "confirmed" seemingly on 26 April. 

“An unauthorized user gained access to some of your billing account details through a flaw that has been fixed,” the company told customers. Digital Ocean affirms that only a "small percentage" of its users have been affected and therefore no intervention is necessary. 

The billing information leaked includes the name, address, expiry date of the payment card, last four digits of the payment card, and the name of the bank issuing the card. The organization pointed out that the entire credit card details were not stored as this kind of information was not revealed. 

“According to our logs approximately 1% of billing profiles were impacted,” Tyler Healy, VP of security at Digital Ocean, told Security Week in an emailed statement. “This issue has been fixed and we have informed the impacted users and notified the relevant data protection authorities.”

Over one million programmers from each country in the world use its resources on its web portal added, Digital Ocean. 

Last year the company announced to its customers that some of their information had been disclosed after a document file had been published accidentally, though at that point it was sure that the documentation was not malicious. 

Furthermore, the email reads as “yesterday we learned that a digital ocean owned document from 2018 was unintentionally made available via a public link. This document contained your email addresses and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018. After a detailed review by our security team, we identified it was accessed at least 5 times before the document was taken down.” 

They also affirmed that they will be teaching their employees how to protect customer data, establish new protocols to warn everyone timelier about possible exposures, and make adjustments in specification to avoid future exposure of data.