Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Lookout. Show all posts

Hundreds of Predatory Loan Apps on Google Play and Apple App Store

Lookout Threat Lab team came up with new research in which they have discovered that around 300 mobile loan applications on Google Play and the App Store collect user credentials from mobile devices and harass borrowers for repayment. 

These apps reportedly have been found working in Southeast Asian and African countries, as well as India, Mexico, and Colombia, allegedly promising to provide fast-track work and fully-digital loan approvals with fair loan terms. 

However, in reality, these are just tricks to lure victims for quick cash to ensnare borrowers into fraud loan contracts and ask them to provide access to their sensitive data including their contact details, SMS messages, addresses, etc.  

In total, the team of researchers has uncovered 251 Android apps on the Google Play store with over 15 million collective downloads. Along with this, 35 apps on the App Store were in the top 100 finance apps in their regional stores. 

Users reported that their loans come with hidden fees, high-interest rates, and repayment conditions that are less favorable than what is promised on the app stores. Researchers also discovered that the information exfiltrated from mobile devices is sometimes used for creating pressure on users for repayment. 

According to the research, there are a few essential steps that you can take to protect your system and yourself from loan scams. 

  • The first and most important step one should take is to apply for loans from established institutions. Before applying for a loan one should study and research thoroughly the organization’s history, registration with legal agencies, and reputation.
  • Before accepting conditions and granting permissions to any app, first learn what permission should be granted, especially when the app asks to grant access to contacts, location, SMS, and files. 
  • Always Install apps from official sources, before installing apps check and read from multiple sources whether the app is legitimate or not.
All in all, the apps have a very similar business model, which is to lure victims into fraud loan terms and blackmail them to pay. Along with this, the research reads that the loan operators also display scam-like actions. 

'Hermit' Spyware Deployed in Syria, Kazakhstan, and Italy



Lookout Inc. discovered an enterprise-grade Android surveillanceware being used by the authorities operating within Kazakhstan's borders. Lookout researchers identified evidence of the spyware, called "Hermit," being used in Italy and northern Syria. 

Researchers got a sample of "Hermit" in April 2022, four months after a series of violently suppressed nationwide rallies against government policies. The Hermit spyware was most likely built by RCS Lab S.p.A, an Italian surveillance firm, and Tykelab Srl. 

The Hermit spyware was most likely produced by Italian surveillance vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company accused of acting as a front company, according to Lookout. 

In the same market as Pegasus creator NSO Group Technologies and Gamma Group, which invented FinFisher, is a well-known developer with previous interactions with governments such as Syria. This appears to be the first time that a modern RCS Lab mobile spyware client has been publicly disclosed. 

The spyware is said to be spread by SMS messages that spoof users into installing what appear to be harmless apps from Samsung, Vivo, and Oppo, which, when launched, load a website from the impersonated company while silently initiating the kill chain. 

Spyware has been seen to infect Android smartphones in the past. The threat actor APT-C-23 (aka Arid Viper) was linked to a series of attacks targeting Middle Eastern users with new FrozenCell versions in November 2021. Last month, Google's Threat Analysis Group (TAG) revealed that government-backed actors in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia are purchasing Android zero-day exploits for covert surveillance efforts. 

As per Lookout, the samples studied used a Kazakh language website as a decoy, and the main Command-and-control (C2) server used by this app was a proxy, with the true C2 being located on an IP from Kazakhstan. "They call themselves 'lawful intercept' organizations since they claim to only sell to customers with legitimate surveillance purposes, such as intelligence and law enforcement agencies. Under the pretext of national security, similar technologies have been used to phish on corporate executives, human rights activists, journalists, academics, and government officials "as per the researchers. 

The revelations came as the Israel-based NSO Group is rumored to be in talks to sell its Pegasus technology to US defense contractor L3Harris, which makes StingRay cellular phone trackers, raising concerns it could allow law enforcement to deploy the controversial hacking tool.

Phishing Scam Tempts Military Families

 

Threat analysts at Lookout have reported in new findings that a phishing campaign is victimizing members of the United States military units and their families. As per the report, it is a long-running operation that has impersonated various military support organizations and personnel profiles to lure victims into advance-fee scams, stealing sensitive personal information and financial data. 

Motivated by monetary benefits, malicious actors are stealing financial sensitive data from victims which includes bank account information, photo identification, names, addresses, and phone numbers, Lookout said in the report. 

“Based on our analysis, it’s clear that the threat actor is looking to steal sensitive data from victims such as their photo identification, bank account information, name, address, and phone number…,” wrote Lookout’s threat analysts in a blog post published today. 

“…With this information, the actor could easily steal the victim’s identity, empty their bank account and impersonate the individual online,” the blog further read.

The group of scammers created a series of websites that appears legitimate and genuine, the operators enhanced the authenticity of the sites by adding various advertisements for Department of Defense services (DODS) to falsely indicate their affiliation with the military. 

Sources accounted, the operators offer high-priced services that are never delivered such as leave applications, communication permits, and care packages, to lure clients into thinking that they are interacting with a military member. Cybersecurity threat analysts have also reported that Nigeria is the scammers’ operational base. 

“The websites were primarily hosted by Nigerian providers that are offshore or ignore the Digital Millennium Copyright Act (DMCA). We were able to further confirm the operator’s location from a phone number one of the web developers accidentally left on the draft version of the site. The country code of the number is from Nigeria,” said researchers. 

“We were also able to link this group to numerous other scams advertising fake delivery services, crypto-currency trading, banks, and even online pet sales,” researchers added.

Mobile Phishing Attacks Surge, Researchers Warn Energy Sectors

 

There has been seen a surge in cyberattacks, threat actors are extensively going after mobile phishing attacks and victimizing the energy sectors, pharmaceuticals industries, government entities, and finance departments by targeting workers with phishing and malware campaigns designed to take advantage of potential security vulnerabilities in smartphones and tablets. 

Recently, a report has been published by cybersecurity researchers at Lookout in which they warned energy sectors against cybercrimes. According to the report, there has been a great surge from 2020 (161%) in mobile phishing attacks targeting the energy sectors. Threat actors strive to break into networks used to provide services including gas and electricity. 

Cyber attacks through mobile phishing against energy sectors globally account for around 17% which is higher than other sectors including finance, pharmaceuticals, government, and manufacturing. Notably, these independent cyber criminals are not the only threat against energy sectors, state-backed threat actors are also targeting networks of energy providers.

"The energy industry is directly related to the wellbeing and safety of citizens, globally," Stephen Banda, senior manager of security solutions at Lookout, reported.

"Threat actors know that mobile devices aren't usually secured in the same way as computers. For this reason, mobile phishing has become one of the primary ways threat actors get into corporate infrastructure," said Banda. 

"By launching phishing attacks that mimic the context that the recipient expects, attackers are able to direct a user to a fake webpage that mimics a familiar application login page. Without thinking, the user provides credentials and data has been stolen," he added. 

Phishing emails and malware become more difficult to notice in smartphones and tablets because the smaller screen provides very few opportunities while smartphones and tablets might not be secured as comprehensively as laptops and desktop PCs, it creates opportunities for attackers to compromise networks. 

 "The majority of attacks start with phishing, and mobile presents a multitude of attack pathways. An anti-phishing solution must block any communication from known phishing sites on mobile devices — including SMS, apps, social platforms, and email," said Banda.