Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label McAfee. Show all posts

Google Removes 22 Malicious Android Apps Exposed by McAfee

Google recently took action against 22 apps that are available on the Google Play Store, which has alarmed Android users. These apps, which have been downloaded over 2.5 million times in total, have been discovered to engage in harmful behavior that compromises users' privacy and severely drains their phone's battery. This disclosure, made by cybersecurity company McAfee, sheds light on the hidden threats that might be present in otherwise innocent programs.

These apps allegedly consumed an inordinate amount of battery life and decreased device performance while secretly running in the background. Users were enticed to install the programs by the way they disguised themselves as various utilities, photo editors, and games. Their genuine intentions, however, were anything but harmless.

Several well-known programs, like 'Photo Blur Studio,' 'Super Smart Cleaner,' and 'Magic Cut Out,' are on the list of prohibited applications. These applications took use of background processes to carry out tasks including sending unwanted adverts, following users without their permission, and even possibly stealing private data. This instance emphasizes the need for caution while downloading apps, especially from sites that might seem reliable, like the Google Play Store.

Google's swift response to remove these malicious apps demonstrates its commitment to ensuring the security and privacy of its users. However, this incident also emphasizes the ongoing challenges faced by app marketplaces in identifying and preventing such threats. While Google employs various security measures to vet apps before they are listed, some malicious software can still evade detection, slipping through the cracks.

As a precautionary measure, users are strongly advised to review the apps currently installed on their Android devices and uninstall any that match the names on the list provided by McAfee. Regularly checking app permissions and reviews can also provide insights into potential privacy concerns.

The convenience of app stores shouldn't take precedence over the necessity of cautious and educated downloading, as this instance offers as a sharp reminder. Users must actively participate in securing their digital life as fraudsters become more skilled. A secure and reliable digital environment will depend on public understanding of cybersecurity issues as well as ongoing efforts from internet behemoths like Google.

Top Victim of AI Voice Scams with 83% Losing Money

A new report has revealed that India tops the list of countries most affected by AI-powered voice scams. The report, released by cybersecurity firm McAfee, shows that 83% of Indians who fell victim to voice scams lost money, making them the most financially affected.

Voice scams are a growing concern in India and around the world. Criminals use artificial intelligence (AI) technology to create lifelike voice bots that mimic real human voices, making it harder for victims to detect fraud. Once they gain the victim's trust, scammers use various tactics to steal their money or personal information.

According to the McAfee report, almost half of all Indians have experienced an AI-enabled voice scam. These scams can take many forms, such as impersonating bank officials, telecom providers, or even government officials. The scammers trick victims into revealing their bank account or credit card details or even convincing them to transfer money to a fake account.

The report highlights the need for greater awareness of AI-powered voice scams and how to avoid falling victim to them. It recommends that individuals take basic precautions such as not sharing personal information over the phone, verifying the identity of the person calling before divulging any information, and being wary of unsolicited calls.

McAfee also recommends that organizations invest in anti-fraud technology to help detect and prevent these scams. The report suggests that organizations could use advanced voice analytics to identify fraudulent calls and stop them in real time.

As AI technology continues to evolve, it is likely that voice scams will become even more sophisticated and harder to detect. It is therefore essential that individuals and organizations remain vigilant and take proactive steps to protect themselves from this growing threat.

The rise of AI-powered voice scams is a cause for concern in India and globally. With India topping the list of victims, it is clear that more needs to be done to combat this threat. By raising awareness, investing in anti-fraud technology, and taking basic precautions, individuals and organizations can help protect themselves from these scams and prevent criminals from profiting at their expense.


Cybercriminals Use ChatGPT to Ease Their Operations

 

Cybercriminals have already leveraged the power of AI to develop code that may be used in a ransomware attack, according to Sergey Shykevich, a lead ChatGPT researcher at the cybersecurity firm Checkpoint security.

Threat actors can use the capabilities of AI in ChatGPT to scale up their current attack methods, many of which depend on humans. Similar to how they aid cybercriminals in general, AI chatbots also aid a subset of them known as romance scammers. An earlier McAfee investigation noted that cybercriminals frequently have lengthy discussions in order to seem trustworthy and entice unwary victims. AI chatbots like ChatGPT can help the bad guys by producing texts, which makes their job easier.

The ChatGPT has safeguards in place to keep hackers from utilizing it for illegal activities, but they are far from infallible. The desire for a romantic rendezvous was turned down, as was the request to prepare a letter asking for financial assistance to leave Ukraine.

Security experts are concerned about the misuse of ChatGPT, which is now powering Bing's new, troublesome chatbot. They see the potential for chatbots to help in phishing, malware, and hacking assaults.

When it comes to phishing attacks, the entry barrier is already low, but ChatGPT could make it simple for people to proficiently create dozens of targeted scam emails — as long as they craft good prompts, according to Justin Fier, director for Cyber Intelligence & Analytics at Darktrace, a cybersecurity firm.

Most tech businesses refer to Section 230 of the Communications Decency Act of 1996 when addressing illegal or criminal content posted on their websites by third party users. According to the law, owners of websites where users can submit content, such as Facebook or Twitter, are not accountable for what is said there. Governments should be in charge of developing and enforcing legislation, according to 95% of IT respondents in the Blackberry study.

The open-source ChatGPT API models, which do not have the same content limitations as the online user interface, are being used by certain hackers, according to Shykevich.ChatGPT is notorious for being boldly incorrect, which might be an issue for a cybercriminal seeking to create an email meant to imitate someone else, experts told Insider. This could make cybercrime more difficult. Moreover, ChatGPT still uses barriers to stop illegal conduct, even if the correct script can frequently get around these barriers.

According to Europol, Deepfakes are Used Frequently in Organized Crime

 

The Europol Innovation Lab recently released its inaugural report, titled "Facing reality? Law enforcement and the challenge of deepfakes", as part of its Observatory function. The paper presents a full overview of the illegal use of deepfake technology, as well as the obstacles faced by law enforcement in identifying and preventing the malicious use of deepfakes, based on significant desk research and in-depth interaction with law enforcement specialists. 

Deepfakes are audio and audio-visual consents that "convincingly show individuals expressing or doing activities they never did, or build personalities which never existed in the first place" using artificial intelligence. Deepfakes are being utilized for malevolent purposes in three important areas, according to the study: disinformation, non-consensual obscenity, and document fraud. As technology further advances in the near future, it is predicted such attacks would become more realistic and dangerous.

  1. Disinformation: Europol provided several examples of how deepfakes could be used to distribute false information, with potentially disastrous results. In the geopolitical domain, for example, producing a phony emergency warning that warns of an oncoming attack. The US charged the Kremlin with a disinformation scheme to use as a pretext for an invasion of Ukraine in February, just before the crisis between Russia and Ukraine erupted.  The technique may also be used to attack corporations, for example, by constructing a video or audio deepfake which makes it appear as if a company's leader committed contentious or unlawful conduct. Criminals imitating the voice of the top executive of an energy firm robbed the company of $243,000. 
  2. Non-consensual obscenity: According to the analysis, Sensity found non-consensual obscenity was present in 96 percent of phony videos. This usually entails superimposing a victim's face onto the body of a philanderer, giving the impression of the victim is performing the act.
  3. Document fraud: While current fraud protection techniques are making it more difficult to fake passports, the survey stated that "synthetic media and digitally modified facial photos present a new way for document fraud." These technologies, for example, can mix or morph the faces of the person who owns the passport and the person who wants to obtain one illegally, boosting the likelihood the photo will pass screening, including automatic ones. 

Deepfakes might also harm the court system, according to the paper, by artificially manipulating or producing media to show or deny someone's guilt. In a recent child custody dispute, a mother of a kid edited an audiotape of her husband to persuade the court he was abusive to her. 

Europol stated all law enforcement organizations must acquire new skills and tools to properly deal with these types of threats. Manual detection strategies, such as looking for discrepancies, and automatic detection techniques, such as deepfake detection software uses artificial intelligence and is being developed by companies like Facebook and McAfee, are among them. 

It is quite conceivable that malicious threat actors would employ deepfake technology to assist various criminal crimes and undertake misinformation campaigns to influence or corrupt public opinion in the months and years ahead. Machine learning and artificial intelligence advancements will continue to improve the software used to make deepfakes.

Google Authenticator Codes for Android is Targeted by Nefarious Escobar Banking Trojan

 


'Escobar' virus has resurfaced in the form of a novel threat, this time targeting Google Authenticator MFA codes. 

The spyware, which goes by the package name com.escobar.pablo is the latest Aberebot version which was discovered by researchers from Cyble, a security research firm, who combed through a cybercrime-related forum. Virtual view, phishing overlays, screen captures, text-message captures, and even multi-factor authentication capture are all included in the feature set. 

All of these characteristics are utilized in conjunction with a scheme to steal a user's financial data. This malware even tries to pass itself off as McAfee antivirus software, with the McAfee logo as its icon. It is not uncommon for malware to disguise itself as a security software; in fact, it was recently reported that the malware was installed straight inside of a completely functional 2-factor authentication app. 

The malicious author is leasing the beta version of the malware to a maximum of five customers for $3,000 per month, with threat actors getting three days to test the bot for free. After development, the threat actor intends to raise the malware's price to $5,000. 

Even if the overlay injections are curtailed in some way, the malware has various other capabilities to make it effective against any Android version. In the most recent version, the authors increased the number of aimed banks and financial organizations to 190 entities from 18 countries. 

The malware asks a total of 25 rights, 15 of which are employed nefariously. To name a few, accessibility, audio recording, read SMS, read/write storage, acquiring account lists, disabling keylock, making calls, and accessing precise device locations. Everything the virus captures, including SMS call records, key logs, notifications, and Google Authenticator codes, is sent to the C2 server. 

It is too soon to gauge the popularity of the new Escobar malware among cybercriminals, especially given its exorbitant price. Nonetheless, it has grown in strength to the point that it can now lure a wider audience. 

In general, avoiding the installation of APKs outside of Google Play, utilizing a mobile security application, and ensuring the Google Play Protect is enabled on your device will reduce, the chances of being infected with Android trojans.

Hackers Have Devised a New Trick to Disable Macro Security Warnings

 

Threat actors have found a novel method for disabling macro security warnings in malspam assaults that use non-malicious documents. Microsoft Office macro malware that uses social engineering to infect computers has been a common feature of the threat landscape in recent years. Malware authors are constantly refining their strategies in order to avoid detection. Macro obfuscation, DDE, living off the land tools (LOLBAS), and even legacy-supported XLS formats are among the strategies used. 

Threat actors are now employing non-malicious documents to disable security warnings before executing macro code on the recipient's computer, according to McAfee Labs analysts. Without any malicious code present in the first spammed attachment macro, hackers download and run malicious DLLs (ZLoader). Zloader has been active since at least 2016, and it was used to propagate Zeus-like banking trojans (i.e. Zeus OpenSSL). It steals several functionalities from the renowned Zeus 2.0.8.9 banking Trojan. 

The assault chain begins with a spam mail that uses a Microsoft Word document to download a password-protected Microsoft Excel file from a remote server once opened. Only when the victim has enabled the macros hidden in the Word document could the downloads begin. “After downloading the XLS file, the Word VBA reads the cell contents from XLS and creates a new macro for the same XLS file and writes the cell contents to XLS VBA macros as functions.” read the analysis published by McAfee. 

“Once the macros are written and ready, the Word document sets the policy in the registry to ‘Disable Excel Macro Warning’ and invokes the malicious macro function from the Excel file. The Excel file now downloads the ZLoader payload. The ZLoader payload is then executed using rundll32.exe.” 

Word VBA extracts the content of the cells from the XLS file and uses it to generate a new macro for the same XLS file, writing the cell contents to XLS VBA macros as functions. Once the macros are finished, the Word document disables the macro security warnings by setting the registry policy (HKEY CURRENT USERSoftwareMicrosoftOffice12.0ExcelSecurityAccessVBOM) to Disable Excel Macro Warning and runs the malicious Excel macro function. The Excel file then uses rundll32.exe to download and run the Zloader payload. 

“Malicious documents have been an entry point for most malware families and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payloads,” the researchers conclude.

Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware

A smishing campaign which goes by the name Roaming Mantis is imitating a logistics firm to hack SMS messages and contact list of Android users from Asia since 2018. Last year, Roaming Mantis advanced its campaign impact by sending phishing URL messages and dynamic DNS services that attacked targets with duplicate Chrome extension "MoqHao." From the start of 2021, Mcafee Mobile Research Team has confirmed that the group is attacking users from Japan with the latest malware named SmsSpy. 

The corrupted code infects Android users that use either one of the two versions that depend upon variants of operating systems used by attacked systems. The phishing technique incorporated here shares similarities with earlier campaigns, still, the Roaming Mantis URL has the title "post" in composition. A different phishing message impersonates to be a Bitcoin handler and then takes the target to a malicious site (phishing) where the victim is requested to allow an unauthorized login attempt. 

McAfee reports, "During our investigation, we observed the phishing website hxxps://bitfiye[.]com redirect to hxxps://post.hygvv[.]com. The redirected URL contains the word “post” as well and follows the same format as the first screenshot. In this way, the actors behind the attack attempt to expand the variation of the SMS phishing campaign by redirecting from a domain that resembles a target company and service." Different malware, as a characteristic of the Malware distribution program, is sent which depends upon the Android OS variant that gained login to the phishing site. In Android OS 10 and later variants, malicious Google Play applications will get downloaded. In Android OS 9 and earlier variants, malicious Chrome applications will get downloaded. 

Because the infected code needs to be updated with each Android OS update, the malware actor targets more systems by spreading the malware that finds OS, instead of just trying to gain a small set with a single malware type. "The main purpose of this malware is to steal phone numbers and SMS messages from infected devices. After it runs, the malware pretends to be a Chrome or Google Play app that then requests the default messaging application to read the victim’s contacts and SMS messages," said McAfee.

Creator of McAfee Antivirus Software Charged For Conspiracy?

 

Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in the U.S. McAfee and his bodyguard Jimmy Gale Watson Jr are found guilty of advertising cryptocurrencies on Mr. McAfee's huge Twitter follower base to inflate prices. As per prosecutors, these currencies were then sold, earning a total of $2m (€1.45 M). The accused have not issued any response to the charges made.  Currently, McAfee (age 75) is under detention in Spain due to separate charges relating to tax fraud, that he is denying. 

The fresh charges were filed in the Manhattan Federal Court, New York. He is facing potential extradition to the U.S, whereas Watson was captured earlier this week. According to BBC, "in 2012, he made headlines after police in the Central American country of Belize investigated the death of one Mr. McAfee's neighbors and named him as a 'person of interest'. Mr. McAfee left the country saying he feared for his own safety. Officials ultimately said he was not a suspect." McAfee and his bodyguard are accused of buying promoting the cryptocurrency assets on Twitter, where Mr. McAfee has millions of followers. 

As per the US justice department and the Commodity Futures Trading Commission, the plan was to sell these assets the moment the asset's price rose. The pair is said to make $11M (€8m) from the cryptocurrency startup payments via promoting the assets on Twitter, while the investors who bought them were unaware of the payments. As per the federal prosecutor, this equals exploiting a widely used social media platform (in this case Twitter) and the enthusiasm of investors in the growing cryptocurrency sector to profit millions via deceit and lies. In the former case which was disclosed the previous year. 

Mr. McAfee was charged for not filing tax returns from 2014-2018. He is also accused of using different people's names to hide his assets which include a yacht and property. "The entrepreneur, who was born in the UK, also launched unsuccessful bids to become the Libertarian Party's candidate for the US presidential elections in 2016 and 2020. Mr. McAfee has previously expressed his disdain for taxes, tweeting in 2019 that he had not filed tax returns for years because "taxation is illegal", reports BBC.  

'Ransomware Task Force': Microsoft, McAfee and Rapid7 Coalition

 

19 tech companies, cybersecurity firms, and non-profits have collaborated with the Institute for Security and Technology (IST) to form a new group called "The Ransomware Task Force" (RTF) to tackle the increasingly destructive and prevalent threat of ransomware. The joint venture includes big names such as Microsoft, McAfee, Rapid7, Cybereason along with other cyber advocacy groups, threat intelligence, think tanks, and research groups – The Global Cyber Alliance, The Cyber Threat Alliance, and The CyberPeace Institution, to name a few. 
 
The primary focus of The Ransomware Task Force will be to provide security against Ransomware attacks by engaging various stakeholders in assessing technical solutions and identifying loopholes in already existing solutions. The idea is to work collectively on building a roadmap to address the scope of the threat based on an 'industry consensus' instead of relying upon individual suggestions.  
 
The founding members came together to combat a form of cybercrime that they believe is expansive in its scope and has led to violent consequences that go beyond economic ruination. Actively addressing the threat of ransomware while providing clear guidance will effectively diminish the varying levels of the ransomware kill chain. Other founding partners include Aspen Digital, Citrix, Resilience, SecurityScorecard, The Cybersecurity Coalition, Stratigos Security, Team Cymru, Third Way, UT Austin Stauss Center, Shadowserver Foundation. The website for The Ransomware Task Force inclusive of full membership and leadership roles will be rolled out in January 2021.  
 
While giving insights, the Institute for Security and Technology, one of the founding members, said, “The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise,”
 
As per Sam Curry, one of the founding members of RTF and Chief Security Officer at Cybereason, "Time and time again, we see ransomware capabilities deployed early in hacking operations but not immediately detonated,"  
 
"In these cases, the ransomware is detonated only after preliminary stages of the attack are finished across all compromised endpoints to achieve maximum impact on the victim. Reducing hackers' attempts to amplify the impact of ransomware attacks will drive down ransomware costs for the victim and decrease the victim's inclination to pay ransom demands."

Resurgence in Ransomware Being Driven By a Surge of New Malware Families


A US based cyber security firm through its most recent threat report observed a 118% increase in new Ransomware strains basically in the first quarter of 2019 as compared with the last of 2018. It believes that the resurgence in ransomware is being driven by a flood of new malware families that are regularly more focused on.

The firm discovered that attackers were targeting the governments and organizations which were followed by companies in the financial, chemical, defence and education sectors. Their information corresponded with an ever expanding number of ransomware attacks standing out as truly newsworthy, especially US governments and urban communities, very much like the Texas Ransomware attack.

This new spate of ransomware attacks is said to have been a move away from 'spray and pray' ransomware strategies, in such targeted attacks, spear phishing – sending vindictive emails from an "apparently trusted person"  – is progressively being utilized to gain initial access 68% of the time.

Attackers are likewise said to have been utilizing unknown email services to oversee the ransomware crusades. The most widely recognized groups of ransomware during this period are known to be Dharma (otherwise called Crysis), GrandCrab and Ryuk.

In any case, McAfee, made some amazing disclosures also, first the cyber security firm found that culprits are turning to various attack approaches with regards to coin mining malware, like the CookieMiner malware focusing on Apple users.

Furthermore, also, it found an average of 504 'new threats per minute' in the first quarter of 2019 and noticed that more than 2.2 billion stolen account credentials were made accessible on the cybercriminal underground during the same period.

Its discoveries depend on the information accumulated from its Global Threat Intelligence cloud,, which comprises of over a billion sensors checking for different sorts of cyber dangers around the globe.

Raj Samani, McAfee fellow and chief scientist, stresses on the fact that the impact of these threats is very real and added further that “It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer-facing major fraud. And we must not forget that for every cyber-attack, there is a human cost.”

Amazon Prime Day A Cyber Attack Target?




Researchers discover that the upcoming Amazon Prime Day sale is said to bring about hackers setting up a variety of Prime Day-related tricks intended to fool users into giving up their sensitive data.

Utilizing an 'Amazon Phishing Kit' the hackers can ship out malignant emails that have all the earmarks of being sent from Amazon, consisting of links that direct the victims to a fake Amazon login page.

As reported by Wired, shopping occasions like Prime Day stand for an easy-to-access opportunity for scamsters hoping to hoodwink victims into forking over their own information.

Crane Hassold, threat intelligence manager at the digital fraud defense firm Agari told Wired, 'Cybercriminals take advantage of popular, highly visible events when consumers are expecting an increased frequency of emails, when their malicious emails can hide more easily in the clutter,'

As indicated by security researchers from McAfee, scammers can make an email that seems like it's originating from a real organization, while utilizing a pack called 16Shop.

The biggest risk for the users is their credit card information, birthdays, addresses, and even social security numbers. The kit was initially intended to target Apple users, however as indicated by researchers, Prime Day appears, by all accounts, to be hackers' current target.

To avoid from being misled, analysts suggest investigating emails sent by Amazon with additional thoroughness and ceasing from following links to enter login data sent through email.

Just making a decision about an email by whether the address it's sent from is never again adequate state security analysts, since even emails can be faked. Instead, it's ideal to go legitimately to an organization's page by entering a URL into your address bar and afterward continue from that point.

Amazon Prime Day takes will take place on July 15 and 16.

Around 25 million Home Voice Assistants vulnerable to hacking globally

          





According to a cybersecurity report of McAfee, over 25 million voice assistants which are connected  IoT(internet of things ) devices at home globally are at huge risk of hacking.

Raj Samani, McAfee Fellow and Chief Scientist at McAfee said “ Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings”

He further added that “From building botnets, to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals,”

The hackers around the world are exploiting basic vulnerabilities of IoT devices like easily guessable passwords, weak security settings, exploitation through voice commands.

According to the “Mobile threat report” from McAfee, there has been a 550 percent increase in security vulnerabilities related to fake apps in the second half of 2018.

According to the report “"Most notably, the number of fake app detections by McAfee's Global Threat Intelligence increased from around 10,000 in June 2018 to nearly 65,000 in December 2018,"

 Gary Davis, Chief Consumer Security Evangelist at McAfee said "The rapid growth and broad access to connected IoT devices push us to deliver innovations with our partners that go beyond traditional anti-virus. We are creating solutions that address real-world digital security challenges,"


McAfee and Samsung are now in partnership to secure Samsung Galaxy S10 devices from a malicious hacking attempt