Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto Apps. Show all posts

LastPass Security Breach Linked to Series of Crypto Heists, Say Experts

 

Security experts allege that some of the LastPass password vaults, which were stolen in a security breach towards the end of 2022, have now been successfully breached, leading to a series of substantial cryptocurrency thefts. 

According to cybersecurity blogger Brian Krebs, a group of researchers has uncovered compelling evidence linking over 150 victims of crypto theft to the LastPass service. The combined value of the stolen cryptocurrency is estimated to be over $35 million, with a frequency of two to five high-value heists occurring each month since December 2022.

Taylor Monahan, the lead product manager at MetaMask, a cryptocurrency wallet company, and a prominent figure in the investigation, noted that the common denominator among the victims was their prior use of LastPass to safeguard their "seed phrase" – a confidential digital key necessary to access cryptocurrency investments. 

These keys are typically stored on secure platforms like password managers to thwart unauthorized access to crypto wallets. Furthermore, the pilfered funds were traced to the same blockchain addresses, further solidifying the connection between the victims.

LastPass, a password management service, experienced two known security breaches in August and November of the previous year. 

During the latter incident, hackers utilized information acquired from the first breach to gain access to shared cloud storage containing customer encryption keys for vault backups. We have contacted LastPass to verify if any of the stolen password vaults have indeed been breached and will provide an update if we receive a response.

LastPass CEO Karim Toubba informed The Verge in a statement that the security breach in November is still under active investigation by law enforcement and is also the subject of pending litigation. The company did not confirm whether the 2022 LastPass breaches are related to the reported crypto thefts.

Researcher Nick Bax, who holds the position of Director of Analytics at crypto wallet recovery company Unciphered, also examined the theft data and concurred with Monahan’s conclusions in an interview with KrebsOnSecurity:

“I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”

Beware of this Android Banking Trojan that Steals Banking Credentials

 

A financial trojan called "Godfather" which is capable of stealing account credentials from more than 400 different banking and cryptocurrency apps is presently targeting Android users in 16 other countries. 

According to a recent report from the cybersecurity company Group-IB, the Godfather trojan, which was initially uncovered by ThreatFabric back in March of last year, has been dramatically upgraded and updated since then. 

In a second report, the dark web and cybercrime monitoring company Cyble describes how Godfather is also being disseminated in Turkey through a malicious app that has been downloaded 10 million times and pretends to be a well-known music application. 

Godfather is thought to be the replacement for Anubis, a well-known and widely-used banking Trojan before it lost the capacity to get past updated Android defenses, BleepingComputer reported. 

Banking and cryptocurrency apps on the hit list 

The banking trojan has targeted users of more than 400 apps since it first debuted last year, including 215 banking apps, 94 cryptocurrency wallets, and 110 crypto trading platforms. The malware also targeted 49 banking apps in the US, 31 in Turkey, 30 in Spain, 22 in Canada, 20 in France, 19 in Germany, and 17 in the UK, among other nations. 

Surprisingly, Group-IB discovered a section in Godfather's code that stops the malware from aiming for users from former Soviet Union nations and users in Russia, indicating that its developers speak Russian. The malware checks the system language on an Android device after installation to see if it is Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik. If so, Godfather shuts down and doesn't attempt to steal any stored cryptocurrency or banking accounts.

Modus operandi 

Godfather attempts to acquire persistence on an Android phone after being installed via a malicious app or file by impersonating Google Protect. Once you download an app from the Google Play Store, this genuine software begins to execute. 

The banking trojan then claims to be "scanning" when, in fact, it is hiding its icon from the list of installed apps and creating a pinned "Google Project" notice. Because of this, malware is more likely to blend into the background and is more challenging to remove. 

A targeted user goes about their normal activities because Godfather's symbol is missing. To steal user passwords and empty their accounts, the malware then applies false overlays to well-known banking and cryptocurrency apps. Additionally, Godfather employs a smart tactic to direct people to phishing websites. It accomplishes this by displaying a fake notification that impersonates one of its smartphone's loaded banking or cryptocurrency apps. 

In addition to stealing credentials, the malware is able to record a user's screen, launch keyloggers to capture their keystrokes, route calls to get around two-factor authentication (2FA), and send SMS messages from infected devices. 

Mitigation Tips 

Installing new apps from a third party other than the Google Play Store or other official app stores like the Amazon App Store or Samsung Galaxy Store puts you at risk for Godfather and other Android malware. While sideloading apps could be alluring, since they are uploaded without any security checks, they may be infected with malware and other viruses. 

Additionally, make sure Google Play Protect is turned on so that it can scan both new and old apps for malware. However, you might also want to download one of the top Android antivirus apps for additional security.