Search This Blog

Showing posts with label OTP. Show all posts

OTPs: Researchers Rekindle One-Time Program Cryptographic Concept

Technological advances over the past decade have made it possible for academics to make progress in designing so-called OTP (one-time programs). OTPs were initially proposed by researchers Goldwasser, Kalai, and Rothblum. 

OTPs, originally presented at the Crypto’08 conference were described as a type of cryptographically obfuscated computer program that can only be run once. This significant property makes them useful for numerous applications. 

The basic concept is that "Alice" could send "Bob" a computer program that was encrypted in a way that: 

1. Bob can run the program on any computer with any valid inputs and obtain a correct result. Bob cannot rerun the program with different inputs. 

2. Bob can learn nothing about the secret program by running it. 

The run-only-once requirements encounter difficulties because it would be an easier task to install a run-once-only program on multiple virtual machines, trying different inputs on each one of them. Consequently, this would violate the entire premise of the technology. 

The original idea for thwarting this (fairly obvious) hack was to only allow the secret program to run if accompanied by a physical token that somehow enforced the one-time rule for running the copy of the secret program that Alice had sent to Bob. No such tokens were ever made, so the whole idea has lain dormant for more than a decade.  

OTP revived: 

Recently, a team of computer scientists from Johns Hopkins University and NTT Research have established the basis of how it might be possible to create one-time programs using a combination of the functionality found in the chips found in mobile phones and cloud-based services. 

They have hacked ‘counter lockbox’ technology and utilized the same for an unintended purpose. Counter lockboxes secure an encryption key under a user-specified password, administering a limited number of incorrect password guesses (usually 10) before having the protected information erased. 

The hardware security module in iPhones or Android smartphones provides the needed base functionality, but it needs to be wrapped around technology that prevents Bob from attempting to deceive the system – the focus of the research. 

Garbled circuits: 

The research works show how multiple counter lockboxes might be linked together in order to form ‘garbled circuits’, i.e. a construction that might be utilized to build OTPs. 

A paper illustrating this research, entitled ‘One-Time Programs from Commodity Hardware’ is due to be presented at the upcoming Theory of Cryptography Conference (TCC 2022). 

Hardware-route discounted: 

One alternative means of constructing one-time programs, considered in the research, is using tamper-proof hardware, although it would require a “token with a very powerful and expensive (not to mention complex) general-purpose CPU”, as explained in a blog post by cryptographer Mathew, a professor at Johns Hopkins University and one of the co-authors of the paper. 

“This would be costly and worse, [and] would embed a large attack software and hardware attack surface – something we have learned a lot about recently thanks to Intel’s SGX, which keeps getting broken by researchers,” explains Green. 

Rather than relying on hardware or the potential use of blockchain plus cryptographic tool-based technology, the Johns Hopkins’ researchers have built a form of memory device or token that spits out and erases secret keys when asked. It takes hundreds of lockboxes to make this construction – at least 256 for a 128-bit secret, a major drawback that the researchers are yet to overcome. 

A bastion against brute-force attacks: 

Harry Eldridge, from Johns Hopkins University, lead author of the paper, told The Daily Swig that one-time programs could have multiple uses. 

“The clearest application of a one-time program (OTP) is preventing brute-force attacks against passwords […] For example, rather than send someone an encrypted file, you could send them an OTP that outputs the file if given the correct password. Then, the person on the other end can input their password to the OTP and retrieve the file.” Eldridge explained. “However, because of the one-time property of the OTP, a malicious actor only gets one chance to guess the password before being locked out forever, meaning that much weaker passwords [such as a four-digit PIN] can actually be pretty secure.”

Furthermore, this could as well be applied to other forms of authentication – for instance, if you wanted to protect a file using some sort of biometric match like a fingerprint or face scan. 

‘Autonomous’ Ransomware Risk

One of the drawbacks led via the approach is that threat actors might utilize the technique to develop ‘autonomous’ ransomware. 

“Typically, ransomware needs to ‘phone home’ somehow in order to fetch the decryption keys after the bounty has been paid, which adds an element of danger to the group perpetrating the attack,” according to Eldridge. “If they were able to use one-time programs, however, they could include with the ransomware an OTP that outputs the decryption keys when given proof that an amount of bitcoin has been paid to a certain address, completely removing the need to phone home at all.” 

Although, the feedback on the work so far has been “generally positive”, according to Eldridge. “[Most agree] with the motivation that OTPs are an interesting but mostly unrealized cryptographic idea, with the most common criticism being that the number of lockboxes required by our construction is still rather high. There is possibly a way to more cleverly use lockboxes that would allow for fewer of them to be used.” 

Esca RAT Spyware Actively Employed Cybercriminals

Escanor is a new RAT (Remote Administration Tool) that was promoted on the Dark Web and Telegram, as per Resecurity, a cybersecurity firm based in Los Angeles that protects Fortune 500 companies globally. 

The threat actors provide versions of the RAT for Android and PC, as well as an HVNC module and an exploit builder to turn Microsoft Office and Adobe PDF files into weapons for spreading malicious code. 

The tool was first publicly available for purchase on January 26th of this year as a small HVNC implant that allowed for the establishment of a stealthy remote connection to the victim's machine. Later, the kit evolved into a full-scale, commercial RAT with a robust feature set. 

Over 28,000 people have joined Escanor's Telegram channel, which has a solid reputation on the Dark Web. Previous 'cracked' releases by the actor going by the same name included Venom RAT, 888 RAT, and Pandora HVNC, which were probably utilized to enhance Escanor's capability further.

According to reports, cybercriminals actively employ the malware known as Esca RAT, a mobile variant of Escanor, to attack users of online banks by intercepting one-time password (OTP) credentials.

The warning states that the tool "may be used to gather the victim's GPS locations, watch keystrokes, turn on hidden cameras, and browse files on the distant mobile devices to steal data."

Escanor Exploit Builder has been used to deliver the vast majority of samples that have lately been discovered. Decoy documents that look like bills and notices from well-known internet providers are utilized by hackers.

Resecurity also advised that the website address 'escanor[.]live' has earlier been linked to Arid Viper, a group that was active in the Middle East in 2015.

APT C-23 is also known as Arid Viper. Espionage and information theft are this threat actor's primary goals, which have been attributed to malevolent actors with political motivations for the freedom of Palestine. Although Arid Viper is not a particularly technologically advanced actor, it is known to target desktop and mobile platforms, including Apple iOS. 

Their primary malware, Micropsia, is surrounded by Delphi packers and compilers in their toolset. This implant has also been converted to various platforms, including an Android version and versions built on Python.

The majority of Escanor patients have been located in the United States, Canada, the United Arab Emirates, Saudi Arabia, Kuwait, Bahrain, Egypt, Israel, Mexico, and Singapore, with a few infections also occurring in South-East Asia.

Analysts Warn of Telegram Powered Bots Stealing Bank OTPs


In the past few years, two-factor verification is one of the simplest ways for users to safeguard their accounts. It has now become a major target for threat actors. As per Intel 471, a cybersecurity firm, it has observed a rise in services that allow threat actors to hack OTP (one time password) tokens. Intel 471 saw all these services since June which operate via a Telegram bot or provide assistance to customers via a Telegram channel. Through these assistance channels, users mostly share their feats while using this bot and often walk away thousand dollars from target accounts. 

Recently, threat actors have been providing access to services that call victims, which on the surface, looks like a genuine call from a bank and then fool victims into providing an OTP or other authentication code into a smartphone to steal and give the codes to the provider. Few services also attack other famous financial services or social media platforms, giving SIM swapping and e-mail phishing services. According to experts, a bot known as SMSRanger, is very easy to use. With one slash command, a user can enable various modes and scripts targeted towards banks and payment apps like Google Pay, Apple Pay, PayPal, or a wireless carrier. 

When the victim's phone number has been entered, the rest of the work is carried out by the bot, allowing access to the victim's account that has been attacked. The bot's success rate is around 80%, given the victims respond to the call and provides correct information. BloodOTPBot, a bot similar to SMSRanger sends the user a fake OTP code via message. In this case, the hacker has to spoof the target's phone number and appear like a company or bank agent. After this, the bot tries to get the authentication code with the help of social engineering tricks. 

The bot sends the code to the operator after the target receives the OTP and types it on the phone keyboard. A third bot, known as SMS buster, however, requires more effort from the attacker for retrieving out information. The bot has a feature where it fakes a call to make it look like a real call from a bank, and allows hackers to contact from any phone number. The hacker could follow a script to fake the victim into giving personal details like ATM pin, CVV, and OTP.

Hackers Impersonate Bank Customers and Make $500k in Fraudulent Credit Card Payments


Hackers from other countries were able to impersonate 75 bank clients and made $500,000 in fraudulent credit card payments. This was accomplished using a clever way of intercepting one-time passwords (OTPs) sent by banks via SMS text messages. In a joint statement released on Wednesday, the Infocomm Media Development Authority (IMDA), the Monetary Authority of Singapore (MAS), and the Singapore Police Force detailed how hackers redirected SMS OTPs from banks to foreign mobile networks systems. 

The SMS diversion method, they said, “requires highly sophisticated expertise to compromise the systems of overseas telecommunication networks”. Last year's fraudulent transactions took place between September and December. The bank clients claimed that they did not initiate the transactions and that they did not get the SMS OTPs that were required to complete them. 

According to Mr. Wong, the MAS' deputy chairman, the Monetary Authority of Singapore (MAS) would engage with financial institutions to fine-tune the existing framework on fraudulent payment transactions, which covers the responsibilities and liabilities of banks and customers in such instances. 

Between September last year and February, the police received 89 reports of fraudulent card transactions using SMS one-time passwords (OTPs), according to Mr. Wong. Ms. Yeo Wan Ling (Pasir-Ris Punggol GRC) had inquired if bank-related cyber frauds had increased in the previous six months.

"While these cases represent less than 0.1 percent of fraudulent online card transactions reported, and the number of cases has come down since March 2021, it is nevertheless concerning," Mr. Wong said. 

Singapore's financial and telecommunications networks have not been hacked, according to the authorities. Affected customers who took efforts to safeguard their credentials would not be charged for any of the fraudulent transactions as a gesture of goodwill from the banks, according to the authorities. The names of the banks involved were kept under wraps. 

The cybercriminals utilized this method to get the victims' credit card information and mobile phone numbers in this incident. They also got into the networks of international telecoms and exploited them to alter the location information of the Singapore victims' mobile phones. 

By doing so, the hackers deceived Singapore telecom networks into believing that Singapore phone numbers were roaming overseas on the networks of other countries. The hackers subsequently made fraudulent online card payments using the victims' stolen credit card information.

As a result, when banks issued SMS OTPs to victims to authenticate transactions, the criminals were able to reroute these text messages to foreign mobile network systems. The fraudulent card payments were subsequently completed using the stolen OTPs. This corresponds to the victims' claims that they did not get the OTPs.

New Robocall Bot on Telegram can Trick Targets Into Giving Up Their Password


Researchers at CyberNews have identified a new form of automated social engineering tool that can harvest one-time passwords (OTPs) from users in the United States, the United Kingdom, and Canada. 

Without any direct connection with the victim, the so-called OTP Bot may mislead victims into providing criminals credentials to their bank accounts, email, and other internet services. It's exhausting for a probable victim to listen to someone try to scam them blind by taking advantage of their generosity. 

As a new type of bot-for-hire is conquering the field of social engineering, OTP Bot, the latest form of malicious Telegram bot that uses robocalls to trick unsuspecting victims into handing over their one-time passwords, which fraudsters then use to login and empty their bank accounts. Even worse, the newfangled bot's userbase has exploded in recent weeks, with tens of thousands of people signing up. 

How Does OTP Bot Works?

OTP Bot is the latest example of the emerging Crimeware-as-a-Service model, where cybercriminals rent out destructive tools and services to anybody ready to pay, according to CyberNews expert Martynas Vareikis. After being purchased, OTP Bot enables the users to collect one-time passwords from innocent people by simply typing the target's phone number, as well as any extra information obtained via data leaks or the black market, into the bot's Telegram chat window. 

“Depending on the service the threat actor wishes to exploit, this additional information could include as little as the victim’s email address,” says Vareikis. The bot is being marketed on a Telegram chat channel with over 6,000 users, allowing its owners to make a lot of money by selling monthly memberships to cybercriminals. Meanwhile, its users brag about their five-figure profits from robbing their targets' bank accounts. 

Bot-for-hire services, according to Jason Kent, a hacker in residence at Cequence Security, have already commoditized the automated threat industry, making it very easy for criminals to enter into social engineering. 

Kent told CyberNew, “At one time, a threat actor would need to know where to find bot resources, how to cobble them together with scripts, IP addresses, and credentials. Now, a few web searches will uncover full Bot-as-a-Service offerings where I need only pay a fee to use a bot. It’s a Bots-for-anyone landscape now and for security teams.” 

Gift cards make the scam go-round: 

Card linking is the most common scamming tactic used by OTP Bot subscribers. It comprises linking a victim's credit card to their mobile payment app account and then purchasing gift cards in real stores with it.

“Credit card linking is a favorite among scammers because stolen phone numbers and credit card information are relatively easy to come by on the black market,” reckons Vareikis. 

“With that data in hand, a threat actor can choose an available social engineering script from the chat menu and simply feed the victim’s information to OTP Bot.” 

The bot also contacts the victim's number, acting as a support representative, and tries to mislead them into giving their one-time password, which is necessary to log in to the victim's Apple Pay or Google Pay account, using a fake caller ID. The threat actor can then link the victim's credit card to the payment app and go on a gift card buying spree in a nearby physical store after logging in with the stolen one-time password. 

Scammers use linked credit cards to buy prepaid gifts for one simple reason as they leave no financial footprints. This is particularly useful during a pandemic, when mask regulations are in effect in almost all interior areas, making it considerably simpler for criminals to conceal their identities throughout the process. 

Since its release on Telegram in April, the service looks to be gaining a lot of momentum, especially in the last few weeks. The OTP Bot Telegram channel currently has 6,098 members, a massive 20 percent growth in just seven days. 

The simplicity of use and the bot-for-hire model, which allow unskilled or even first-time fraudsters to easily rob their victims with the least input and zero social contact, appear to be some of the reasons for the fast rise. In fact, some OTP Bot users blatantly broadcast their success tales in the Telegram conversation, flaunting to other members of the channel about their ill-gotten gains. 

Based on the popularity of OTP Bot, it's apparent that this new sort of automated social engineering tool will only gain more popularity. Indeed, it'll only be a matter of time until a slew of new knockoff services hit the market, attracting even more fraudsters looking to make a fast buck off unsuspecting victims. 

The creator of Spyic, Katherine Brown, warns that as more bots enter the market, the opportunities for social engineering and abuse will grow exponentially. “This year we’ve already seen bots emerge that automate attacks against political targets to drive public opinion,” says Brown. 

The growth of social engineering bots-for-hire is even more alarming, according to Dr. Alexios Mylonas, senior cybersecurity lecturer at the University of Hertfordshire, since the pandemic has put greater limitations on our social connections. 

“This is particularly true for those who are not security-savvy. Threat actors are known to use automation and online social engineering attacks, which enables them to optimize their operations, to achieve their goals and the CyberNews team has uncovered yet another instance of it,” Mylonas stated CyberNews. 

How to Recognize Social Engineering Scams?

Keeping all of this in mind, understanding how to detect a social engineering attempt is still critical for protecting money and personal information. Here's how to do it: 

1.Calls from unknown numbers should not be answered. 

2.Never give out personal information: Names, usernames, email addresses, passwords, PINs, and any other information that may be used to identify you fall into this category. 

3. Don’t fall into the trap: Scammers frequently use a false feeling of urgency to get targets to hand up their personal information. If someone is attempting to persuade the user to make a decision, they should hang up or say they will call back them later. Then dial the toll-free number for the firm they claim to represent. 

4.Don't trust caller ID: By mimicking names and phone numbers, scammers might impersonate a firm or someone from your contact list. 

Financial service companies, on the other hand, never call their clients to validate personal information. They will simply block the account if they detect suspicious behavior and expect the user to contact the firm through official means to fix the problem. As a result, be watchful, even if the caller ID on your phone screen appears to be legitimate.

WhatsApp Hijack Scam, Here's All You Need To Know


By posing as a friend and asking for SMS security codes, scammers are continuing to target WhatsApp users and hijack their accounts. The con has been around for years, yet victims have continued to fall for it, with many sharing their stories on social media. Users should never give out their security codes to anyone, even if they appear to be a buddy, according to WhatsApp. 

If users receive six-digit WhatsApp codes that they did not expect, they should be concerned. When setting up a new account or signing in to an existing account on a new device, such codes are frequently seen. However, if the code is obtained unexpectedly (without the user's request), it could be a scammer attempting to gain access to your account. 

The fraudster would then send you a WhatsApp message asking for the code. The most essential thing to remember is not to share the code, as the message appears to be from a legitimate friend or family member in most circumstances, even though the account has already been hacked. 

One victim, Charlie, told the BBC, "I got a WhatsApp message from my good friend Michelle, stating she was locked out of her account. She stated she sent the access code to my phone instead of hers by accident and that I could just screenshot it and send it over." In actuality, Charlie had given the scammer the code to his own account. 

He told the BBC, "I guess I fell for it since we all know how annoying technology can be and I was eager to help. I didn't realise what had happened for a day." Charlie stated that he had deleted WhatsApp and would no longer use it. 

The hijacker can pretend to be you and send messages to your friends and family using a stolen account. They might act as if you're facing a financial emergency and beg your contacts for money. It also provides them with the phone numbers of your contacts, allowing them to try the six-digit code trick on fresh victims. By gaining access to your account, the fraudster will be able to see sensitive information in your group chats. 

WhatsApp advises users to be cautious and not reveal their One Time Password (OTP) or SMS security code to anybody, even friends and relatives. Citizens can also enable two-step verification for added security.

OTP Generating Firm at a Risk, as Hacker Claims to have Sold its Sensitive Data


A hacker seems to sell confidential information that is claimed to have been robbed from an OTP firm. And this OTP firm perhaps has some of the most prominent technology and business giants on its customer's board list which includes Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter, etc. 

A one-time password ( OTP ), also called a one-time pin or dynamic password is a legitimate password on something like a computer system, or even on a digital device, for a single login or transaction. Besides, the very same hacker claims to also have real-time access to the company's OTP device. The InfoSec researcher, Rajshekar Rajaharia, however, didn’t agree with the hacker behind the identification of such a suspected breach. 

“The seller was active on the dark web forum for a long time claiming to sell live access to OTP and 2FA but from what we have seen there are some chances that the data might be old as we have found some clues that changes have been made with dates. Nevertheless, we are still investigating because data seems real otherwise,” stated Rajaharia. 

Rajaharia also provided sample information with confirmation of the presence of one-time codes and even if not all of them are currently available or legitimate, a purchaser might find valuable work throughout the platform and its policies. It offered 50GB of exfiltrated data, among several other details. The cost of access was reduced from $18,000 to $5,000 for the introductory mark. Though the name of the company is listed in the listing, for security purposes it is considered unethical to disclose it. 

Other details included in the selling package are PII, including SMS logs, mobile numbers, e-mail addresses, SMPP details, customer documentation, and much more. Since 2017, the data itself is comprehensive. The seller switched the listing from the dark web marketplace to Telegram, as per the latest revelation, where sales were continued, however, the number of buyers was unknown. Also, 10 million OTPs appear in the data packs. 

The company in conversation refused all data infringement charges by claiming that perhaps the systems were as stable as ever and it could not verify the authenticity of the alleged data. 

Also, the National Stock Exchange of India received a letter from them, which reads, “We would like to highlight that unverified posts and claims are being circulated about an alleged data breach at [company’s name retracted]. Based on the evidence we have seen thus far, it is not from any of our current systems, and therefore we cannot verify the authenticity of the alleged data breach.” 

However, the company stated that they were engaged with an expert in a third party to support them in its system audit, so it would be noticed and uprooted if there was a web shell in there.

In just $16, Hackers May Steal User Data Via SMS Attack


Smartphone users are facing a new confidentiality and security risk as text messaging services are currently misused to secretly divert text messages from users to hackers, for only Rs 1,160 (nearly $ 16), allowing cybercriminals to control two-factor codes or SMS. The unreachable cyber-attack on SMS redirecting firms is carried out in conjunction with workers from telecommunications companies. 

Though having every feasible thread, new technological changes take place every day to fight hackers and protect user data, and further their privacy. But here's a new attack that has been witnessed recently – to defraud one’s protection against OTP in every online transaction. This whole new attack allows hackers to redirect SMS connected to their systems by the victim's phone number. Through its exploiting services, hackers use business-driven text messaging management services to conduct the attack. In a manner, these attacks are also achievable, at least in the United States, due to the failure of the telecommunications industry, and hackers are at ease. 

"The method of attack, which has not been previously reported or demonstrated in detail, has implications for cybercrime, where criminals often take over target's phone numbers in order to harass them, drain their bank account, or otherwise tear through their digital lives," stated the report from Motherboard late on Monday, 15th of March. 

Joseph Cox, a reporter for the motherboard, was personally attacked and was not really aware of the attack on his cell phone number. The odd thing about the attack is that the hacker is available with just a $16 payment (Rs. 1,160). In the case of Cox, the company providing the services said that the attack was resolved but was not taken care of, for several others. Besides, some firms know the attack, still, CTIA, the commercial organization, is being blamed. 

These services not only allow the attacker to intercept incoming texts but also allow them to answer. Another hacking act frequently performed by hackers is the SMS redirect attack. SIM Swapping and SS7 have already been attacking many users. However, what is interesting about such attacks is that in a few instances the user learns about the exploit because the phone has no network. 

Therefore it’s better not to rely on SMS services to prevent this. Users should use Authenticator apps and log their email account to obtain OTPs, especially for bank-related OTPs. 

"It is better to use an app like Google Authenticator or Authy. Some password managers even have support for 2FA built-in, like 1Password or many of the other free managers we recommend," the report mentioned.

Senior Citizens, the Victims of Airline Ticket Fraud


Think you've discovered a truly incredible deal when you see a last-minute aircraft ticket accessible simply for a small amount of the typical cost? Be cautious before you purchase, or you could end up with no ticket and losing your cash to crooks.

Crooks utilize falsely accessed, compromised, or hacked credit card details to purchase air tickets. They offer these tickets for sale at haggled costs through misleading sites that appear to be legitimate or social networking accounts that give off an impression of being for real travel services or agents. 

The criminal 'travel agents' request prompt installment, regularly with money, bank move, or virtual monetary currencies. After getting your installment, the criminal sends you the flight booking affirmation with their original purchase details erased. At times you will get multiple OTPs on your telephone, and on the off chance that you give the OTP to that phony agent, abundant measures of cash will be siphoned from your account. 

Kumar (name changed), a senior citizen, said in his police objection that he was attempting to book a flight ticket to Thiruvananthapuram via a mobile application. Despite the fact that he had wrapped up making the installment, he got an instant message saying that the fund transfer has not gone through. He later learned that a whopping total of Rs. 7 lakh had been siphoned from his account,  thereupon Kumar called the ticket booking firm's customer care number, they revealed to him that they couldn't restore the sum because of some technical glitch and requested Kumar to give details of a different bank account. At the moment, Kumar got a few OTPs of bank exchanges that occurred without his knowledge. 

Another case has come to light where a senior resident lost Rs 1 lakh in online fraud. A Delhi-based senior resident had booked an Air India ticket and wished to cancel it. He attempted to cancel the ticket on the web and couldn't succeed due to some error. The report that highlighted the incident, further added that when the elderly person reached the customer care number, he was given a different mobile number by the executive. When he called on that mobile number, the individual on the opposite side of the telephone figured out how to get his financial balance and Debit card details. During that time, he got three to four OTPs on his mobile which he shared with the individual. When the senior citizen disconnected the call, he received a message that Rs 1 lakh was debited from his account. 

It is assessed that the aircraft business misfortunes have arrived at near USD 1 billion every year, due to the deceitful online acquisition of flight tickets. These online exchanges are exceptionally lucrative for organized crime and are continually linked to even grave crimes including immigration, trafficking in human beings, drug sneaking, and terrorism.

A new Malware that can intercept your OTP and bypass Two Factor Authentication

For most of our accounts be it Bank accounts or social media accounts, we rely on two-factor authentication and OTP (one time password); thinking it the most trustable and impenetrable security. But we ought to think again as a new android malware, "Alien" with its remote access threat tool can steal 2FA codes and OTP as well as sniff notifications.

Discovered by ThreatFabric, the Trojan Alien has been offered as a Malware-as-a-Service (MaaS) making rounds on underground hacking forums. Though this is not the first malware to access OTPs, Ceberus (malware gang with a similar code) has already been there and done that but Google's security found a way to detect and clean devises of Cerebus. Inspired and evolved from the same code, Alien has yet to be caught by a security server.

With the remote access feature, Alien can not only seize passwords and login credentials but also grant hackers access to the device to use the stolen passwords. Alien can also perform the following tasks: 

  • Overlay on another App 
  • Steal 2FA and OTP 
  • Read Notifications 
  • Collect Geo-location data 
  • Forward Calls 
  • Install other Apps 
  • Steal Contacts 
  • Provide access to the device 
  • Log Keyboard Input 
  • Send Messages 

This set of activities makes this malware highly dangerous and the device infected with it completely transparent to the hacker and to think it is offered as MaaS. The malware deploys TeamViewer and through it reads the devise's screen, notifications, harvest OTPs and other data - giving full reign of your device to the hacker to attempt fraud, steal money and data.

 How is it Spreading? 

According to ThreatFabric, the malware is transmitting via phishing emails and third-party applications. Researchers found that Alien was sporting fake logins for 226 android apps, some of them quite popular like Snapchat, Telegram, Facebook, Gmail, WhatsApp, etc. Many of them were banking and e-commerce apps, there's no surprise there! These banking apps were from Spain, Germany, the US, Italy, France, Poland, Australia, and the UK.