Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Fake Schemes. Show all posts

Flubot Malware Employs Fake Security Updates to Trick Android Users

 

Threat actors behind the Flubot android malware are employing a new technique to fool Android users into downloading the malicious code. The attackers are sending fake SMS messages of potential security threat and are tempting Android users to install a security update. 

If installed, the Flubot Android malware steals passwords, bank details and other private details information from compromised devices. The malware also exploits permissions on the smartphone to spread itself to other victims, allowing the infection chain to continue. 

“Your device is infected with the FluBot malware. Android has detected that your device has been infected. FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot,” states the fake security warning discovered by CERT NZ researchers. 

Last month, security firm Trend Micro explained how the Flubot malware tricked users into installing fake voicemail apps after taking users to a website that was designed to look like a mobile operator. Now, the Computer Emergency Response Team of New Zealand (CERT NZ) is warning users that the fake security warning is only a bait designed to instill a sense of temptation and pushing potential victims to install malicious apps.

In previous attacks, the malware was spreading by spamming text messages to contacts from compromised devices phones that instruct them to install malicious apps from servers under the possession of threat actors. 

The malware has been active since late 2020, and has targeted several European countries. Researchers have advised Android users to not click on the malicious link and if someone has clicked on the link, then do not enter any passwords or login to any service on your device. Immediately, factory reset the phone, only backing up data that is required.

It can be an uphill task to keep up with mobile alerts, but it's worth remembering that it's unlikely that companies will ask you to download an application from a direct link – downloading official apps via official app stores is the effective method to try to keep safe when downloading apps. Additionally, change all online account passwords, specifically those linked to online bank accounts and contact your bank immediately.

Hackers Steal $17,000 in 'Double Your Cash' Fraud on Bitcoin.org

 

Bitcoin.org, the authentic website of the Bitcoin project was hacked by criminals who advertised a double your money scam and unfortunately, many people fell into the trap.  

On September 23, visitors to bitcoin.org were welcomed with a popup instructing them to send cryptocurrency to a Bitcoin wallet using a QR code and earn twice the amount in exchange. 

The message stated, "The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years," encouraging users to send Bitcoins to the attacker's displayed wallet address. 

"Send Bitcoin to this address, and we will send double the amount in return!" 

To add credibility to the claim, the false notice informed visitors that the deal was confined to the first 10,000 users. Users were unable to go beyond the bogus popup message, leaving the rest of the website unreachable for the timeframe of the fraud. 

Soon after the hack, Bitcoin.org's site operator(s), known as Cøbra, issued a public notice about the incident. The Bitcoin address used in the fraud received 0.40BTC, which was worth $17,000. The hacker transferred nearly all of the money from the primary wallet to two additional holding wallets. 

Although Bitcoin is assumed to have been established by an anonymous persona, “Satoshi Nakamoto,” the author of the research paper that gave birth to the cryptocurrency, a newer identity “Cøbra” has recently been observed running the Bitcoin.org website, social media, and community channels. 

Following Cøbra's notification, Bitcoin.org's name registrar Namecheap immediately blocked the domain until the problem was resolved. 

Unfortunately, as evidenced by the attacker's wallet balance, some cryptocurrency fanatics may have fallen for the fraud. The transaction history reveals several payments to the attacker's wallet from various Bitcoin addresses. 

According to Bitcoin.org's anonymous operator CobraBitcoin, the fraudsters may have obtained unauthorised access by exploiting a vulnerability in the website's domain name system (DNS). Hackers typically browse websites in search of underlying flaws that may be exploited to launch attacks. 

The website has been restored to its pre-hack state after being taken down to investigate the underlying cause of the security incident.