Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Trojanized Apps. Show all posts

Trojanized Tor Browser Bundle Drops Malware

 

Cybersecurity experts are warning about a new threat in the form of trojanized Tor browser installers. The Tor browser is a popular tool used by individuals to browse the internet anonymously. However, cybercriminals have been able to create fake versions of the Tor browser that are infected with malware.

Recent reports suggest that cybercriminals have been distributing a trojanized version of the Tor browser, which installs cryptocurrency-stealing malware onto the victim's device. The malware is designed to steal the victim's crypto wallet keys and passwords, allowing the attacker to transfer funds out of the victim's account. This malware has been specifically targeting Russian-speaking users, distributed through a Russian-speaking forum.

As cybersecurity expert Kevin O'Brien stated in an interview with SC Magazine, "the security industry has been playing whack-a-mole with Tor-based attacks for years." He recommends that individuals only download the Tor browser from the official website and avoid downloading it from third-party sources.

The trojanized Tor browser installers are just one example of how cybercriminals constantly evolve their tactics to stay ahead of cybersecurity measures. Individuals and organizations need to remain vigilant, stay informed about the latest threats, and take the necessary precautions to protect themselves from these attacks. Regularly assessing the security posture, running security awareness campaigns, and ensuring that the right security technologies are in place to detect, prevent, and respond to attacks are important measures to take.

Organizations should educate their employees on how to spot fake versions of the Tor browser and other similar tools. They should encourage the use of official versions from trusted sources. In the words of the team at DarkReading, "It's always better to be proactive than reactive." Taking proactive measures can help individuals and organizations stay protected from cyber attacks.

The installers for the Tor browser that have been tampered with by cybercriminals are just one of the many methods they use to prey on unwary people and businesses. Individuals and organizations can better defend themselves against these attacks by remaining informed about the most recent risks and implementing preventative actions.

Transparent Tribe Hackers Disseminate CapraRAT via Trojanized Messaging Apps

 

Transparent Tribe, an alleged Pakistan-aligned advanced persistent threat (APT) group, has been interconnected to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT. 

"Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET said in a report shared with The Hacker News.

It is estimated that up to 150 victims, most of whom have military or political affiliations, were targeted, with the malware (com.meetup.app) available for download from fake websites posing as official distribution centers for these apps. The targets are believed to have been lured by a honeytrap romance scam in which the threat actor approaches the victims via another platform and persuades them to install malware-laced apps under the guise of "secure" messaging and calling.

The targets are believed to have been lured by a honeytrap romance scam in which the threat actor approaches the victims via another platform and persuades them to install malware-laced apps under the guise of "secure" messaging and calling.

The apps, however, come pre-installed with CapraRAT, a modified version of the open-source AndroRAT that Trend Micro first documented in February 2022 and that exhibits overlap with a Windows malware known as CrimsonRAT.

The backdoor includes a plethora of features that allow it to capture screenshots and photos, record phone calls and surrounding audio, and exfiltrate sensitive data. It can also make calls, send SMS messages, and receive download commands. However, in sequence to use the app's features, users must first create an account by linking their phone numbers and completing an SMS verification step.

As stated by the Slovak cybersecurity firm, the campaign is narrowly targeted and there is no evidence that the apps were available on the Google Play Store.

Transparent Tribe, also known as APT36, Operation C-Major, and Mythic Leopard, was recently linked to another wave of attacks against Indian government organizations using malicious versions of the Kavach two-factor authentication solution.

The research comes just weeks after cybersecurity firm ThreatMon detailed a spear-phishing campaign by SideCopy actors targeting Indian government entities with the goal of deploying an updated version of the ReverseRAT backdoor.