Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking WhatsApp. Show all posts
Malware Attack
APK CloudSEK Cyber Attacks Hacking Attack Hacking WhatsApp Indian Cyber Security Malware Attack

Vietnamese Hackers Target Indian Users with Fake WhatsApp E-Challan Messages

 

A highly technical Android malware campaign orchestrated by Vietnamese hackers is currently targeting Indian users via fake traffic e-challan messages on WhatsApp. Researchers from CloudSEK, a cybersecurity firm, have identified this malware as part of the Wromba family. So far, it has infected over 4,400 devices, resulting in fraudulent transactions amounting to more than ₹16 lakh by just one scam operator. 

Vikas Kundu, a threat researcher at CloudSEK, reported that these scammers send messages impersonating Parivahan Sewa or Karnataka Police, tricking recipients into downloading a malicious app. Once the link in the WhatsApp message is clicked, it leads to the download of a harmful APK disguised as a legitimate application. This malware then requests excessive permissions, including access to contacts, phone calls, SMS messages, and even the ability to become the default messaging app. By intercepting OTPs and other sensitive messages, the attackers can log into victims’ e-commerce accounts, purchase gift cards, and redeem them undetected. 

Kundu explained that once the app is installed, it extracts all contacts from the infected device, enabling the scam to propagate further. Additionally, all SMS messages are forwarded to the attackers, allowing them access to various e-commerce and financial apps. The attackers cleverly use proxy IPs to avoid detection and maintain a low transaction profile. The report indicates that the attackers have accessed 271 unique gift cards, conducting transactions worth ₹16,31,000. 

Gujarat has been identified as the most affected region, followed by Karnataka. To guard against such malware threats, CloudSEK advises users to stay vigilant and adopt security best practices. These include installing apps only from trusted sources like the Google Play Store, regularly reviewing and limiting app permissions, maintaining updated systems, and enabling alerts for banking and sensitive services. This campaign underscores the growing sophistication of cyber threats and the importance of robust cybersecurity measures. 

As cybercriminals continue to develop new methods to exploit vulnerabilities, it is crucial for users to remain cautious and proactive in protecting their personal and financial information. Collaboration between cybersecurity firms and users is essential to effectively combat these evolving threats and safeguard against future incidents. By staying informed and adopting best practices, users can significantly reduce their risk of falling victim to such malicious campaigns.
Read more »
User Data
Cyber Security data security Hacking WhatsApp iOS security macOS Signal Signal app User Data

Major Security Flaw in WhatsApp and Signal MacOS Apps Puts User Data at Risk

 

A significant security warning has emerged for WhatsApp and Signal users this week, urging them to consider deleting their apps, particularly on MacOS. The issue, primarily affecting Apple users leveraging multi-device functionality, highlights severe vulnerabilities in the MacOS versions of these popular messaging platforms. Security researcher Tommy Mysk, known for uncovering critical vulnerabilities, recently disclosed that both WhatsApp and Signal MacOS apps store local data, including chat histories and media attachments, in locations accessible to any app or process running on the device. 

This is a stark contrast to Apple’s iMessage, which, despite storing similar data, uses sandboxing to prevent unauthorized access by other apps. The primary concern lies in how these apps handle local data storage. While WhatsApp and Signal emphasize end-to-end encryption for secure message transmission, this protection is compromised if local data can be accessed by other apps or malware. Mysk explained that the chat histories, the core of what these apps are designed to protect, are not sufficiently safeguarded on MacOS. The vulnerability means that if a malicious app gains access to the device, it could potentially monitor and exfiltrate the unencrypted local data. 

For WhatsApp, this includes both chat histories and media attachments. Mysk warned, “WhatsApp doesn’t encrypt the local database that stores chat histories. It doesn’t encrypt media attachments sent through the chat either. A simple malware could theoretically monitor this data and send it live to a remote server, rendering end-to-end encryption useless.” Signal, on the other hand, does encrypt local chat histories but fails to encrypt media attachments. More concerning is that the encryption key for the local chat history is stored in plain text within the same folder, making it accessible to other apps. This flaw undermines the app’s security, as an attacker could clone the local data folder to another device and restore the session. 

Mysk highlighted, “Signal’s false sense of security extends to their back-end servers. When copying the entire folder containing the app’s local data and moving the copy to a different Mac, an attacker can restore the session. Signal servers let the ‘cloned’ session co-exist with the other legit sessions.” The discovery underscores the persistent risk of endpoint compromise for fully encrypted platforms. While end-to-end encryption protects data in transit, the local storage vulnerabilities in these MacOS apps open potential pathways for remote or physical attacks. 

As users continue to rely on messaging apps for secure communication, these revelations call for immediate action from both WhatsApp and Signal to address these security gaps and reinforce their data protection measures on MacOS. For now, users should remain vigilant and consider the potential risks when using these platforms on their Mac devices.
Read more »
WhatsApp
Banking Data Cyber Attacks Cyber Scams E-Commerce fake Hacking WhatsApp Malaysia Malware Attack Payment Gateway WhatsApp

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.
Read more »
Hacking WhatsApp
CPR Cyber Attacks Data Theft Hacking WhatsApp

WhatsApp Files on Dark Web Show Millions of Records for Sale

 

In mid of November, a cyber threat actor claimed on a dark web forum to have stolen the personal credentials of around 500 million WhatsApp users. Following the incident, Check Point Research (CPR) published a new advisory in which they analyzed the leaked files including 360 million phone numbers from 108 countries. 

However, data coming from each country show a different ratio of exposed data, ranging from 604 in Bosnia and Herzegovina to 35 million attributed to Italy. Additionally, in the initial days of the hack, the hackers set files for sale which included international dial codes, however, now the same data is being distributed free of cost amongst hackers. 

The hack first was exposed on 16th November in a message published by the cyber threat actor on the hacking forum named BreachForums. 

"While the information on sale does not expose the content of any messages themselves, it is still worrying to see such a large volume of phone numbers for sale on the Dark Web. There is the potential that this information could be used as part of tailored phishing attacks in the future,” Deryck Mitchelson, field CISO of EMEA at CPR said. 

Once the threat actors get the access to phone numbers of users  and then sell the same, attacks such as smishing or vishing are likely to follow. 

“The WhatsApp ‘leak’ is nothing more than phone numbers obtained from the Facebook ‘leak’ that took place in 2019. The sample of 5000 WhatsApp data records from Poland is identical to those we already saw in 2019,” Paciorek claimed. 

According to the technical data, Smishing (phishing via SMS) and Vishing (phishing via voicemail) attacks have been observed excessively in the past few years, and it is highly likely these types of attacks will increase. Often these texts come from your bank, asking you to grant personal or financial information including your account or ATM number. Users must remain wary of such texts that appear to be from suspected sources.
Read more »
Spam
Hacking Instagram Hacking WhatsApp Phishing and Spam Spam

Experts have revealed the cost of hacking accounts in social networks

 The most popular social networks and messengers for hacking attempts are VKontakte (VK), Instagram, Telegram and WhatsApp, while the price can vary from $10 to $2,300. This is stated in a study conducted by Bi.Zone.

"We analyzed ads on the darknet from May 2020 to August 2021. In different months, the cost of hacking varied dramatically. This could be due to a situation where some sellers are not actually providing a service but are simply scamming people. They are the ones who can actively dump on the market. Real hackers set their prices based on the time spent. Sometimes they can search for a password in a leak which will significantly reduce the search price. If there is an insider attacker from the developer company, then most likely the high price will be due to the usual risk for the criminal", said Evgeniy Voloshin, director of BI.ZONE expert services block.

The analysis showed that the price of the offer to hack an account in VK varies from $10 to $160. Scammers most often offer to hack this social network.

According to experts, the social network Instagram remains in second place in popularity among hackers. The scammers estimate the cost of their services at $540.

Among messengers, Telegram and WhatsApp hacking offers are leading in popularity. For violating the privacy of these applications, scammers charge from $410 to $2,300 and from $270 to $1,770.

Hacking a personal mailbox, according to analysts, remains another popular service among scammers, the cost of which ranges from $40 to $1,500, respectively.

Voloshin recommends using long passphrases, password managers and a two-factor authentication system to avoid hacking personal accounts. Also, in his opinion, it is important not to store data in cloud services and not to send it in messengers, connecting to an unknown Wi-Fi source.

Read more »
Subscribe to: Posts (Atom)