Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Financial Credentials. Show all posts

Ticketmaster Data Breach Affects Over 500 Million Customers


 


We are all music fans at heart, and recently the most eye-catching tour is the three-hour Taylor Swift concert. The platform that sells tickets for these in-demand tours, Ticketmaster, has taken a hit. In a substantial blow to one of the world’s largest ticketing services, Ticketmaster has reportedly suffered a massive data breach impacting over half a billion customers. According to Mashable, the hacker group known as ShinyHunters claims responsibility for stealing customer data from nearly 560 million users. Although Ticketmaster has yet to confirm the breach, ShinyHunters has a history of high-profile hacks and is now selling the stolen data on a popular hacking forum for $500,000.


Details of the Stolen Data

ShinyHunters alleges they have obtained a substantial 1.3 terabytes of data, including sensitive information such as full names, addresses, and phone numbers. Additionally, the breach encompasses detailed order histories, which reveal ticket purchase details and event information. Alarmingly, partial payment information, including names, the last four digits, and expiration dates of credit cards, is also among the compromised data.


While waiting for Ticketmaster's official response, it is crucial for affected customers to take proactive steps to protect themselves. The stolen data could be used for targeted phishing attacks, making it essential to remain vigilant when checking emails, messages, or mail. Cybercriminals may impersonate reputable companies to trick individuals into revealing passwords or financial information.


To mitigate risks, users should avoid clicking on links or downloading attachments from unknown senders and always verify the legitimacy of the sender’s email address. Implementing robust cybersecurity measures, such as using the best antivirus software for PCs, Macs, and Android devices, can provide additional protection against potential malware infections.


Steps to Take Following a Data Breach

In the wake of a data breach, companies typically offer guidance and access to identity theft protection services. However, Ticketmaster has not yet confirmed the breach or announced any support for affected customers. Until more information is available, individuals should monitor their accounts for suspicious activity and consider changing passwords for any online accounts associated with the compromised email addresses.


Given ShinyHunters' notorious track record, including the 2021 leak of 70 million AT&T subscribers’ information, the claims warrant serious attention.


This incident surfaces the importance of cybersecurity and the potential vulnerabilities even large companies face. As the situation develops, staying informed and cautious will be key for those potentially affected by this breach. We will continue to provide updates as more information becomes available from Ticketmaster and other reliable sources.



Navigating the Paradox: Bitcoin's Self-Custody and the Privacy Challenge

 

Self-custody in Bitcoin refers to individuals holding and controlling their private keys, which in turn control their bitcoin. This concept is akin to securing physical gold in a personal safe rather than relying on a bank or third-party custodian. Unlike physical assets such as gold, verifying the legitimacy of bitcoin transactions in the digital realm is more straightforward and does not involve the complex process of melting down to authenticate.

While certain regulations require individuals and entities, particularly in financial services, to report their holdings and transactions to regulatory bodies, this obligation aims to prevent illicit activities and ensure tax compliance. While reasonable for businesses in regulated markets, extending these requirements to personal finances, especially for private individuals, seems contradictory in a society that values personal freedom and privacy.

Bitcoin's architecture presents a paradox: it is transparent, allowing verification of the 21 million cap and transaction history, yet remarkably private as the true control lies with the holder of private keys. This duality ensures currency integrity but poses challenges to personal financial privacy under regulatory scrutiny.

To address this, innovative solutions like multi-signature wallets are emerging. Companies like Swan and On-ramp are developing tools focused on multi-signature wallets for individuals and institutions. This approach, such as a ⅔ multi-signature solution, allows a compliant third party to hold a key without compromising individual control, providing a subtle yet effective means of regulatory verification.

Multisig solutions also enhance security against theft while maintaining user control over assets, striking a delicate balance between autonomy and regulatory compliance. As the Bitcoin ecosystem evolves, these solutions become crucial for preserving personal financial freedom while aligning with existing regulatory frameworks.

The regulatory landscape must adapt to Bitcoin's distinct characteristics, leading to the development of refined self-custody approaches that support privacy, autonomy, and regulatory compliance. Advocacy for standardized reporting mechanisms for self-custodied assets can align with regulatory requirements without compromising Bitcoin's foundational tenets.

Balancing innovation and regulation presents challenges, requiring collaborative discourse among all stakeholders. Bitcoin's principles of autonomy and privacy may clash with regulatory transparency efforts, but finding a balance is essential for the cryptocurrency's revolutionary role in finance. Bitcoiners play a crucial role in advocating for their privacy and sovereignty rights, emphasizing that saving within the Bitcoin network is a legitimate exercise of economic liberty and not a criminal act or subject to public disclosure.

Users of Netflix, Instagram, and Twitter are all Targeted by the MasterFred Malware

 

MasterFred is a new Android malware that steals credit card information from Netflix, Instagram, and Twitter users via bogus login overlays. With unique fake login overlays in several languages, this new Android banking virus also targets bank clients. In June 2021, a MasterFred sample was uploaded to VirusTotal for the first time, and it was discovered in June. One week ago, malware analyst Alberto Segura released a second sample online, claiming that it was deployed against Android users in Poland and Turkey. 

Avast Threat Labs researchers uncovered APIs given by the built-in Android Accessibility service to show the malicious overlays after examining the new malware. "By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter," Avast said. 

Malware creators have been utilizing the Accessibility service to simulate taps and traverse the Android UI to install their payloads, download and install other malware, and do various background operations for a long time. MasterFred, on the other hand, stands out in a few ways. One of them is that the malicious apps that transmit malware to Android devices also include HTML overlays that display bogus login forms and collect financial information from users. 

The malware also sends the stolen data to Tor network servers controlled by its operator via the Onion.ws dark web gateway (aka Tor2Web proxy). Because at least one of the malicious apps bundled with the MasterFred banker was recently available in Google's Play Store, it's safe to assume that MasterFred's operators are also distributing this new malware through third-party stores.

"We can say that at least one application was delivered via Google play. We believe that it has been removed already," Avast's research team said. 

Another Android malware was identified in September that managed to infect over 10 million devices in over 70 countries. GriftHorse is the name of the malware, which was found by researchers at mobile security firm Zimperium. GriftHorse's success, according to Zimperium researchers, Aazim Yaswant and Nipun Gupta, is due to the malware's "code quality, which uses a wide range of websites (194 domains), malicious apps, and developer identities to infect people and avoid detection for as long as possible."

Raccoon Stealer has been Upgraded to Steal Cryptocurrency Alongside Financial Information

 

With the rise of ransomware and as-a-service offers, malware has become an ever-growing concern in the cyber realm. The developers of the Raccoon Stealer which is an information stealer have shifted their target, according to ZeroFox Threat Research. 

Since the beginning of the quarter, there have been several upgrades, the most prominent of which is the installation of new "crypters." The goal of a crypter is to obfuscate a binary by adding junk code, breaking up the flow of code without affecting the original functionality, or encrypting parts of code so that static signatures cannot identify them. Support for stealing various new bitcoin wallets has also been added, as well as the addition of Discord to the list of targeted applications. 

The stealer is being bundled with malware such as malicious browser extensions, crypto miners, the Djvu/Stop consumer ransomware strain, and click-fraud bots targeting YouTube sessions, according to samples received by Sophos. 

Raccoon Stealer is a sort of information stealer malware that was originally advertised in April 2019 on several underground forums by an attacker using the handle "raccoonstealer." It can steal stored auto-fill data, cookies, credentials, credit card info, and history from Chromium-based browsers like Google Chrome and Microsoft Edge, just like most other stealers. Theft of many cryptocurrency wallets on a targeted basis is also possible. New cryptocurrencies are frequently added via updates, but it may also be customised to look for any wallet.dat file. 

A "clipper" for cryptocurrency theft is included in the upgraded stealer. The QuilClipper tool specifically targets wallets and associated passwords, as well as Steam-based transaction data. "QuilClipper steals cryptocurrency and Steam transactions by continuously monitoring the system clipboard of Windows devices it infects, watching for cryptocurrency wallet addresses and Steam trade offers by running clipboard contents through a matrix of regular expressions to identify them," the researchers noted. 

In the two years after its release, the team behind Raccoon Stealer has established itself as a capable team, frequently releasing new features and gaining a mostly positive reputation among the community. They've also showed a readiness to add functionality in response to customer requests, as demonstrated by the recently launched API for automatically creating encrypted builds.

Drinik Malware is Fooling Users to Give in their Mobile Banking Details

 

There's a new malware, and it's wreaking havoc on Android users. Drinik is a malware that steals vital data and financial credentials from a smartphone user. CERT-In, the Indian Computer Emergency Response Team, has issued a warning to many banks. Customers of 27 public and private banks in the country have been hit by the malware so far. 

The Drinik malware is presently imitating an Income Tax Department application, and after a user has been duped into downloading it, it collects all sensitive data. Not only that, but the malware also forces the user to complete a transaction, after which it crashes and displays a bogus warning. In the meantime, it gathers all of the essential information from the user.

In 2016, the Drinik malware was apparently utilised as a primitive SMS hacker. CERT-In, on the other hand, speculated that it had lately morphed into a banking Trojan aimed at Indian customers. Victims receive an SMS message with a link to the phishing site, according to the details mentioned in the CERT-In advisory. It then requests some personal information before downloading the application. 

The malicious Android application imitates a legitimate version of the Income Tax Department's solution for generating tax refunds. According to the advisory, it asks for authorization to view SMS messages, phone records, and contacts, as well as a refund application form that requests information like as full name, PAN, Aadhaar number, address, and date of birth. 

Following that, all sensitive banking information such as account number, IFSC code, CIF number, debit card number, expiration date, CVV, and PIN is requested. According to the attackers, these details will be utilised to help generate tax refunds that will be transferred directly to the user's account. In actuality, the agency observes that when a user touches the app's "Transfer" button, it displays an error and displays a bogus update screen. This aids the attacker in running a Trojan in the background that shares user information such as SMS messages and call logs. 

The attackers are able to construct a bank-specific mobile banking screen using the quietly obtained details in order to persuade the victim to input their mobile banking credentials. According to the CERT-In, these are then exploited to commit financial fraud. 

Banking consumers are advised to download apps directly from official app stores such as Google Play. Furthermore, the government agency advises people not to visit untrustworthy websites or click on untrustworthy links.

New Android Banking Malware Targeting Mexican Users to Steal Financial Credentials

 

McAfee Mobile Malware Research Team has discovered an android banking malware targeting Mexican users by posing as a security banking tool or as a banking app designed to report an out-of-service ATM. 

In both scenarios, the banking malware depends on the sense of urgency to tempt targets to use the malicious app. If the target falls into a trap, this banking malware steals authentication factors crucial to accessing accounts on the targeted financial institutions in Mexico.

How does this malware spread?

Scammers use malicious phishing page that provides real banking security tips (copied from the original bank site) to lure potential victims into downloading a malicious app as a security tool or as an app to report out-of-service ATM. 

Researchers believe scammers are targeting android users by scam phone calls, a common methodology in Latin America. Fortunately, this malicious app has not been identified on Google Play yet, it can only be downloaded through a third-party website. 

Here’s how to protect yourself 

During the Covid-19 pandemic, financial institutions adopted various new ways to engage the clients. These rapid changes meant customers were more willing to accept new procedures and to install new apps as part of the ‘new normal’ to interact remotely. Seeing this, cyber-criminals introduced new scams and phishing attacks that looked more credible than those in the past. 

Android banking users in Mexico are advised to be cautious while accessing emails and attachments, and restrict themselves from downloading an app via unsecured websites. Organizations and individuals should keep their systems updated with the latest security patches for the operating systems and applications. They should also enable multi-factor authentication on their accounts, if possible, McAfee Mobile Malware Research Team advised.

Last month, researchers at the security firm ThreatFabric discovered a banking malware dubbed “Vultur” in Android apps downloaded from Google Play, it attempts to steal banking login information. The Vultur malware used code to recognize when a data entry form is being used by the victim then takes a screen grab, and finally begins keylogging. All of the data captured by the malware is then routed to a site specified by its designers.