Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking Attack. Show all posts
Malware Attack
APK CloudSEK Cyber Attacks Hacking Attack Hacking WhatsApp Indian Cyber Security Malware Attack

Vietnamese Hackers Target Indian Users with Fake WhatsApp E-Challan Messages

 

A highly technical Android malware campaign orchestrated by Vietnamese hackers is currently targeting Indian users via fake traffic e-challan messages on WhatsApp. Researchers from CloudSEK, a cybersecurity firm, have identified this malware as part of the Wromba family. So far, it has infected over 4,400 devices, resulting in fraudulent transactions amounting to more than ₹16 lakh by just one scam operator. 

Vikas Kundu, a threat researcher at CloudSEK, reported that these scammers send messages impersonating Parivahan Sewa or Karnataka Police, tricking recipients into downloading a malicious app. Once the link in the WhatsApp message is clicked, it leads to the download of a harmful APK disguised as a legitimate application. This malware then requests excessive permissions, including access to contacts, phone calls, SMS messages, and even the ability to become the default messaging app. By intercepting OTPs and other sensitive messages, the attackers can log into victims’ e-commerce accounts, purchase gift cards, and redeem them undetected. 

Kundu explained that once the app is installed, it extracts all contacts from the infected device, enabling the scam to propagate further. Additionally, all SMS messages are forwarded to the attackers, allowing them access to various e-commerce and financial apps. The attackers cleverly use proxy IPs to avoid detection and maintain a low transaction profile. The report indicates that the attackers have accessed 271 unique gift cards, conducting transactions worth ₹16,31,000. 

Gujarat has been identified as the most affected region, followed by Karnataka. To guard against such malware threats, CloudSEK advises users to stay vigilant and adopt security best practices. These include installing apps only from trusted sources like the Google Play Store, regularly reviewing and limiting app permissions, maintaining updated systems, and enabling alerts for banking and sensitive services. This campaign underscores the growing sophistication of cyber threats and the importance of robust cybersecurity measures. 

As cybercriminals continue to develop new methods to exploit vulnerabilities, it is crucial for users to remain cautious and proactive in protecting their personal and financial information. Collaboration between cybersecurity firms and users is essential to effectively combat these evolving threats and safeguard against future incidents. By staying informed and adopting best practices, users can significantly reduce their risk of falling victim to such malicious campaigns.
Read more »
Ransomware
Apple Cybersecurity Hacking Attack Ransomware

Hackers Attack Apple Prior to Launch Event, Demand Ransom

 

On the day when Apple was ready to declare a new series of products at its Spring Load Event, there happened a leak from an unexpected quarter. The infamous cybercrime gang REvil took the responsibility for stealing data and schematics from Apple's supplier 'Quanta computer' relating unreleased products. The gang also threatened to sell the data to the highest bidder if the target failed to pay a ransom of $50 Million. For the credibility of the attack, the hackers release caches of docs relating to upcoming MacBook Pros. iMac schematics have also been added since the last attacks. 

The suspenseful timing and links to Apple raise controversy about the attack. However, it is also a reflection towards the rising no of disturbing ransomware incidents that appear today. Hackers have evolved through years of developing their mass data encryption techniques to log targets out of their own devices. Presently, these gangs are more focused towards data theft and extortion as their primary means of attacks, while demanding hefty ransoms in the process. 

"Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. We recommend that Apple buy back the available data by May 1," said REvil in the stolen data post. Since the start, ransomware attacks have involved capturing the victim's device, encrypting files, and then demanding ransom through simple transactions, in return for providing the decryption key. 

Now, however, hackers have moved towards a unique approach, along with encrypting the files, they steal files and threaten to leak them, this gives them leverage over their victim, assuring ransom payment. Even if the victim recovers his data, the risk of a hacker leaking his data still persists. The Wired reports, "and in the past couple of years, prominent ransomware gangs like Maze have established the approach. Today incorporating extortion is increasingly the norm. And groups have even taken it a step further, as is the case with REvil and Quanta, focusing completely on data theft and extortion and not bothering to encrypt files at all."
Read more »
malware
APT CIA Cyberespionage Hacking Attack Kaspersky malware

Kaspersky Discovered Purple Lambert to be a Part of the CIA

 

Kaspersky Lab, a cybersecurity company, has uncovered a new malware that analysts believe is linked to the US Central Intelligence Agency. Multiple antivirus providers obtained a series of malware samples in February 2019, according to Kaspersky experts, some of which cannot be linked to the operation of established APT classes. There were no parallels between these malware strains and malware affiliated with other APT classes.

Although an initial investigation revealed no common code with any previously-known malware samples, Kaspersky recently re-analyzed the files and discovered that “the samples have intersections with coding patterns, style, and techniques that have been used in different Lambert families,” according to the company. Lamberts is Kaspersky's internal codename for tracking CIA hacking operations.

Kasperksy has dubbed this new malware cluster Purple Lambert due to the shared similarity between these recently found samples and previous CIA malware. The malware samples seem to have been collected seven years earlier, in 2014, according to Purple Lambert metadata. Although Kaspersky has not seen any of these samples in the wild, it believes Purple Lambert samples were “most certainly deployed in 2014 and probably as late as 2015.”

“Although we have not found any shared code with any other known malware, the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families. We therefore named this malware Purple Lambert.” states the APT trends report Q1 2021 published by Kaspersky. “Purple Lambert is composed of several modules, with its network module passively listening for a magic packet. It is capable of providing an attacker with basic information about the infected system and executing a received payload. Its functionality reminds us of Gray Lambert, another user-mode passive listener. Gray Lambert turned out to be a replacement of the kernel-mode passive-listener White Lambert implant in multiple incidents. In addition, Purple Lambert implements functionality similar to, but in different ways, both Gray Lambert and White Lambert.” 

While the Lambert APT (also known as the Longhorn APT) has been present since at least 2008, the first samples were discovered in 2014. The group is extremely advanced, and it has penetrated organisations all over the world with a sophisticated cyberattack network that can hack both Windows and Mac systems. The researchers discovered and studied numerous backdoors and hacking methods that make up the cyberespionage group's arsenal over the years.
Read more »
Russia
Cyber Attacks hacker news Hackers Hacking Attack Russia

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".
Read more »
Subscribe to: Posts (Atom)