Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android Malwares. Show all posts
PayPal
Android Malwares Cyber Crime PayPal

Android Malware Steals 1,000 Euros In Around 5 Seconds Via PayPal



Another malware discovered in November masked as a battery enhancement application—called Android Optimization is as of late been brought into highlight to have been customized in such a way so as to send 1,000 euros to cyberthieves by means of PayPal in around 5 seconds and all this without the user being able to stop it.

The malware is being circulated by third party applications therefore making it unavailable in the official Google Play Store.

The malware is depicted as one to sagaciously exploit Google's Accessibility Services, intended to assist individuals with disabilities, to trick users into giving the hackers some control of the phone.

After the malware approaches the user for authorization to "Enable Statistics "in the wake of being installed this empowers the cybercriminals to take control of the phone remotely when the user opens certain applications, for the most part some being: PayPal, Google Play, WhatsApp, Skype, Viber, Gmail, and some other banking applications.

ESET researchers found that the malware can demonstrate users overlay phishing pages made to look like legitimate banking applications, or other well-known applications, such as, Gmail, WhatsApp, Skype and Viber, approaching the users for credit card certifications.

 “The whole process takes about 5 seconds, and for an unsuspecting user, there is no feasible way to intervene in time. The attackers fail only if the user has insufficient PayPal balance and no payment card connected to the account. The malicious Accessibility service is activated every time the PayPal app is launched, meaning the attack could take place multiple times.” wrote ESET researcher Lukas Stefanenko in a blog post.

A video by ESET showing how the malware works




Read more »
Google
Android Malwares Avast Google

Android Devices with Pre-Installed Malware


The Avast threat Labs have recently discovered pre-installed adware  on a few hundred diverse Android gadget models and versions, also incorporating gadgets from makers like ZTE and Archos.
The adware, analyzed has previously been portrayed by Dr. Web and has been given the name "Cosiloon."

The adware has been on the move for no less than three years, and is hard to remove as it is introduced on the firmware level and utilizes solid obfuscation. Thousands of users are said to have been affected , and in the previous month alone it has been observed that the most recent adaptation of the adware on around 18,000 devices having a place with Avast users situated in excess of 100 nations which includes Russia, Italy, Germany, the UK, and as well as a few users in the U.S.

The adware makes an overlay to display an advertisement over a webpage within the users' browser, it can be observed in the screenshots given below:




Google is taking a shot at fixing the malware's application variations on Android smartphones utilizing internally created strategies and techniques. Despite the fact that there is Google Play Protect, the malware comes pre-installed which makes it harder to address. Google is as of now, contacting various firmware engineers and developers to bring awareness to these concerns and energize in making effective steps likewise.

Anyway it is misty in the matter of how the adware got onto the gadgets, and the malware creators continued updating the control server with new payloads. Then again, Producers likewise kept on delivering new gadgets with the pre-installed dropper.

The payload was updated again on April eighth, 2018 and the name in application launcher changed to "Google Download," and some class names in the code changed likely trying to keep away from discovery.Since the malware is a part of the chipset platform bundle which is reused on different brands also and the chipset being referred to happens to be from MediaTek running different Android variants going from 4.2 to 6.0.

Avast says that some anti-virus applications report the payloads, however the dropper will install them back again immediately, and the dropper itself can't be expelled in that way the gadget will always host a strategy permitting an obscure party to install any application they need on it.



Read more »
Malware Report
Android Malwares Breaking News Cyber Security awareness IT Security News Malware Report

A malicious Whatsapp contact file Changes your contacts name to Priyanka

An android user has reportedly received a malicious Whatsapp contact file which is capable of changing your Whatsapp groups name and contacts name to Priyanka.

A Blogger Shivam reported in his blog that he received a contact file from his relative.  After he added to his contacts,  the file managed to replace the group names with "Priyanka".

It is not clear what exactly the malware is doing other than changing the name.  No one is going to spread a malware without any profits or the malware authors might be fan of "Priyanka Chopra" :P.

Infected whatsapp - Image Credits: TheAndroidSoul


The malware requires user to accept the contact.  So, Users are advised not to add it to your contacts.

Anyone who have the sample of this malicious contact file, please mail us if possible.
Read more »
Spam SMS
Android Malwares Malware Report SMiShing Spam SMS

Android Banking malware spreads via Smishing (SMS phishing)

 
A new android banking trojan spotted in the wild that replaces the legitimate South-Korean banking android apps spreads via phishing sms attacks, reports McAfee Labs.

South-Korean bank users are being targeted with a fake message that purportedly coming from Financial Services Commission.  The message asks users to install the new anit-malware protection.

Unwitting user who follows the link provided in the sms and installs the app putting himself at risk.  The malware app silently attempts to uninstall the legitimate south-korean banking apps.  However, the malware is able to uninstall the apps only if the device is rooted.

If the device is not rooted, the malware asks users to uninstall the legitimate app and urge them to install another app with the same icon but with suspicious permission request.

The trojan then asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number.  The collected info is later sent to remote server.

"McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present".
Read more »
Malware Report
Android Malwares Breaking News Cyber Security News IT Security News Malware Report

New Android Trojan makes the Two-step authentication feature insecure


Two-Step authentication feature become insecure system when your android device got infected with a new malware which is capable of intercepting your messages and forwarding them to cybercriminals.

The Trojan, discovered by the Russian antivirus company Dr.Web , spreads as a security certificate that tricks users into thinking it must be installed onto their device.

Once installed, the malware does nothing other than displaying a message stating "Certificate installed successfully and your device is protected now."

But in background, the malware collects your phone information including Device's serial number, IMEI, model, carrier , phone number, OS.  Once the data has been gleaned, it attempts to send the info to the remote server.

After successfully sending the info, the malware awaits instructions from its master.  The cybercriminal behind the malware can now send instructions and control the malware to do the following : intercept and forward sms from specified numbers, send ussd message, show message and more.

This malware makes the Two-step authentication feature insecure because it can read the message sent to your mobile. It means the trojan can get the temporary password sent from Bank or any other sites using the 2-step authentication feature.
Read more »
Malware Report
Android Malwares Malware in Google Play Malware Report

Android malwares hosted in Google Play by 'apkdeveloper'

android malware
List of malicious apps hosted by apkdeveloper

Once again, Malicious android apps have been found in Google Play.  A developer named "apkdeveloper" hosted a number of android malware in the Google Play.

The malware author used popular app names for his malicious apps by adding "super" at the end of the name . He also posted fake reviews to lure innocent users into downloading the malware .

"Obviously faked from the app either by asking people to give 5 stars to unlock the game (quite a common trick) or the people that made the app have found a way to publish reviews to the play store automatically. Wouldn't surprise me to be honest." One of the Reddit user's comment reads.

According one of the Reddit comment, the fake apps asked permissions for 'approximate location', 'percise location', 'full network access', 'read phone calls', 'mod or delete data on your sd card', 'find accounts', 'control vibration', ladies, 'run at startup', 'test access to protected storage'.

The malware author has been banned from google Play, after a Reddit post drew attention to the malware infested apps.

We are not sure how many users have been affected by this malicious app. Make sure you didn't install one of these malicious app.
Read more »
Malware Report
Android Malwares DDOS Attacks Featured Malware Report

New Android malware helps Cybercriminals to launch DDOS attacks


The Russian antivirus firm Doctor Web has discovered a new Android Trojan that helps Cyber criminals to launch Distributed-denial-of-service(DDOS) attacks. It is also capable of sending sms based on the command received from the hacker.

According to the report, the malware "Android.DDoS.1.origin" likely spreads via Social engineering attacks and disguises itself as a legitimate application from Google.


fake google android malware
Fake Google Play icon
After installation, the malware creates an application icon that look like Google Play icon. If a user taps the fake Google play icon, it will still launch the original Google play. But , in background, it starts malicious activity.

Once the malware is launched, it transmits the victim's phone number to cybercriminal and then waits for further SMS instructions.

From now onwards, the Cyber criminal can launch DDOS attack against any server by sending a command message containing the server and port details.  After receiving the instructions, the malware starts to send packets to the specified address.

The malware reduces the performance of the infected device. The victim will get unexpected bills for accessing Internet and SMS.
Read more »
Security News
Android Malwares blackhat seo poisoning Cyber Security News Malware Report Security News

Searching for Keyword “Windows Android Drivers” leads to Malware website


CyberCriminals often use SEO poisoning techniques to lure unsuspecting internauts to their malicious websites.  In one recent example, Cyber Criminals targeted Android users by poisoning Yahoo! search result.

Security Researchers at GFI Labs have found that searching for "Windows Android Drivers" points to a malicious website [bestdrivers(dash)11(dot)ru] .

Visiting the Russian site in question automatically downloads a file called "install.exe"- a Trojan file.

Once the file is being executed, the malware modifies the home page of Internet Explorer to malicious domain.

In case victim visit the same Russian site from their android devices, the are redirected to various malicious websites which contain the "android" keyword in the domain name. These sites direct users to fake Google play sites.

Few months back, I discovered that Google Image search result being poisoned and directs me to an infected website. 
Read more »
Subscribe to: Posts (Atom)