Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Digital payment system. Show all posts

Japanese Payment System Attacked By Fake Security App

A new malware has been observed by the Research team at McAfee Corp. This malware is found to be attacking NTT DOCOMO customers in Japan. 

The malware that is distributed via the Google Play Store pretends to be a legitimate mobile security app, but in reality, it is a fraud malware designed to steal passwords and abuse reverse proxy focusing on NTT DOCOMO mobile service customers. 

The McAfee Cell Analysis team informed Google regarding the notoriety of the malware. In response, Google has made the application unavailable in Google Play Store and removed known Google Drive files that are associated with the malware. In addition to this, Google Play Shield has now alerted the customers by disabling the apps and displaying a warning. 

The malware publishes malicious fake apps on Google Play Store with various developer accounts that appear like some legitimate apps. According to a tweet by Yusuke Osumi, a Security Researcher at Yahoo, the attacker lures the victims into installing the malware in their systems by sending them an SMS message with a Google Play Store link, reportedly sent from overseas. Additionally, they entice the users by displaying a requirement to update their security software. 

This way, the victim ignorantly installs the fraudulent app from Google Play Store and ends up installing the malware. The malware asks the user for a community password but cleverly enough, it claims the password is incorrect, so the user has to enter a more precise password. It does not matter if the password is incorrect or not, as this community password can later be used by the attacker for the NTT DOCOMO fee services and gives way to online funds. 

Thereafter, the malware displays a fake ‘Mobile Security’ structure on the user’s screen; the structure of this Mobile Security structure interestingly resembles that of an outdated display of McAfee cell security. 

How does the malware function

A native library called ‘libmyapp.so’ written in Golang, is loaded through the app execution. When the library is loaded, it attempts to connect with C&C servers utilizing an Internet Socket. WAMP (Internet Software Messaging Protocol) is then employed to speak and initiate Distant Process Calls (DPC). When the link is formulated, the malware transmits the community data and the victim’s phone number, registering the client’s procedural commands. The connection is then processed when the command is received from the server like an Agent. Wherein, the socket is used to transmit the victim’s Community password to the attacker, when the victim enters his network password in the process.

The attacker makes fraudulent purchases using this leaked information. For this, the RPC command ‘toggle_wifi’ switch the victim’s Wi-Fi connection status, and a reverse proxy is provided to the attacker through ‘connect_to’. This would allow connecting the host behind a Community Handle Translation (NAT) or firewall. With the help of a proxy, now the attacker can ship by request through the victim’s community network. 

Along with any other methods that the attackers may use, the malware can also use reverse proxy to acquire a user’s mobile and network information and implement an Agent service with WAMP for fraudulent motives. Thus, it is always advised by Mobile Security Organizations to be careful while entering a password or confidential information into a lesser-known or suspicious application.

UPI Turns Webless

 

While UPI has grown in popularity since its inception in 2016, it has yet to reach rural areas where smartphone ownership is low and internet access is spotty. Volumes should increase as more low-cost handsets connect to the UPI system, promoting financial inclusion. 

This could be India's Unified Payments Interface's next great step (UPI). Governor of the Reserve Bank of India Shaktikanta Das introduced UPI123Pay, a digital software that allows users of feature phones to send money, on Tuesday. They will be equipped to do almost everything that smartphone users can on this payment platform, with the exception of scan-and-pay. There is no need for an internet connection. 

All that is required is a feature phone connected to a bank account, and funds can be transmitted to any other UPI user without the usage of a credit card. This should significantly boost the use of India's proprietary platform for cashless transactions. 

UPI transfers have already increased as a result of the pandemic, with over 4.5 billion worth over $8.3 trillion reported in February, up from just over 1.3 billion worth 2.2 trillion two years ago. The tally is expected to rise.

LINE Pay leaked 133,000 Users' Data to GitHub

Yesterday, digital messaging and payment facility platform ‘LINE Pay’ – released a statement in which it said that around 133,000 clients’ payment data was erroneously published on GitHub between September and November this year. The incident affected more than 51,000 Japanese users and around 82,000 Taiwanese and Thai users.

Data detailing individuals in a LINE Pay promotional program that was organized between late December 2020 and April 2021 was accidentally uploaded to the collaborative coding crèche by an employee. After the attack findings, the company has notified its customers and the fintech division of the company has issued an official apology letter and assured its users of future protection. 

The data that has been leaked includes the time, date, amount of transactions, and user and franchise store identification numbers. However, telephone, addresses, credit card, and bank account numbers were not leaked, the names of the customers and other credentials could be accessed with little effort. 

Additionally, many political figures and dignitaries stopped using this app since the July 2021 cyberattack. Also, Japanese government officials have stopped using this app when it was discovered that important information was being leaked to China. Prior to the discovery, Japan extensively used this communication app for many regional official communications. 

GitHub--headquartered in California, USA, has been a subsidiary of Microsoft since 2018. The platform is commonly used for organizing open-source projects for software development (As of November 2021, GitHub reports having over 73 million developers). It provides the distributed version control and source code management (SCM) functionality of Git and its own factors. Besides the aforementioned, it also offers access control and several collaboration features such as feature requests, bug tracking, task management, continuous integration, and wikis for every project.