Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Mobile Malware. Show all posts
Mobile Malware
Bank Information Security Cyber Attacks data security Data Theft Fake Apps Malicious Apps Malware attacks Mobile Malware

Massive Mobile Malware Campaign Targets Indian Banks, Steals Financial Data

 

Zimperium's zLabs research team has uncovered a significant mobile malware campaign that targets Indian banks. First reported on February 5, 2025, this threat was orchestrated by a threat actor called FatBoyPanel. Nearly 900 malware samples are used in the campaign, which is distributed via WhatsApp and uses malicious apps that impersonate banking or government apps to steal private and sensitive financial data from unsuspecting users.  

Once installed, the malicious apps steal the users data, such as credit and debit card information, ATM PINs, Aadhaar card details, PAN card numbers, and mobile banking information. Additionally, the malware uses sophisticated stealth techniques to conceal itself and avoid detection or removal by intercepting SMS messages that contain OTPs. 

By using the reputation and legitimacy of Indian banks and government agencies to trick users into thinking the apps are authentic, this cyberattack is a clear illustration of how threat actors have advanced to a new level. These cybercriminals are deceiving users into downloading malicious apps intended to drain accounts and compromise sensitive data by posing as trustworthy organizations. 

Upon closer examination, the malware can be divided into three different types: hybrid, firebase-exfiltration, and SMS forwarding. Different exfiltration techniques are used by each variant to steal confidential information. By employing live phone numbers to intercept and reroute SMS messages in real time, these Trojan Bankers go beyond standard attacks. By hiding its icon, the malware makes itself even more difficult to remove. 

According to a Zimperium report, more than 1,000 malicious applications were created with the intention of stealing banking credentials. An estimated 50,000 victims were impacted by the campaign, which revealed 2.5GB of financial and personal data kept in 222 unprotected Firebase buckets. Attackers have been able to trick users into divulging extremely sensitive information by using phony government and banking apps that are distributed via WhatsApp. 

This breach has serious repercussions, including the possibility of identity theft, financial loss, and privacy violations for impacted users. In order to assist authorities in locating the cybercriminals responsible for FatBoyPanel, Zimperium has shared the gathered data with them. Users should use security software to identify and eliminate malware, update their devices frequently, and refrain from downloading apps from unidentified sources in order to protect themselves. 

On Thursday, Feb. 20, Zimperium, the global leader in mobile security, will release new research highlighting the evolving landscape of mobile phishing attacks.

As organizations increasingly rely on mobile devices for business operations including BYOD, multi-factor authentication, cloud applications, and mobile-first workflows, mobile phishing is becoming one of the most severe threats to enterprise security. Adversaries are exploiting security gaps in mobile and cloud-based business applications, expanding the attack surface and increasing exposure to credential theft and data compromise.

Zimperium’s latest research provides a data-driven look at how attackers are evolving their tactics to evade detection and why businesses must rethink their security strategies to stay ahead. 

Key findings from the report include: Mishing surge: Activity peaked in August 2024, with over 1,000 daily attack records. Smishing (SMS/text based phishing) attacks dominate globally with 37% in India, 16% in the U.S., and 9% in Brazil. Quishing (QR code phishing) is gaining traction, with notable activity in Japan (17%), the U.S. (15%), and India (11%). Stealthy phishing techniques: 3% of phishing sites use device-specific detection to display harmless content on desktops while delivering malicious phishing payloads exclusively to mobile users. Zimperium’s research emphasizes that traditional anti-phishing solutions designed for desktops are proving inadequate against this shift, making mobile threat defense a critical necessity for organizations worldwide.

The FatBoyPanel campaign emphasizes the need for increased vigilance in an increasingly digital world and the increasing sophistication of cyber threats. Keeping up with online security best practices is crucial to reducing risks and protecting financial and personal information as cybercriminals improve their tactics.
Read more »
Online attacks
cyberattack news malware Mobile Malware News Online attacks

FBI Warns Against Public USB Charging Stations Due to “Juice Jacking” Threat

The FBI has issued a cautionary alert for travelers, urging them to avoid using public USB charging stations found in airports, hotels, and other public spaces. A rising cyber threat, known as “juice jacking,” enables cybercriminals to steal sensitive data and install malware through these ports. While convenient for charging devices on the go, these stations are increasingly being exploited to compromise personal and financial security.

The Mechanics Behind Juice Jacking

Juice jacking takes advantage of a fundamental vulnerability in USB technology, which supports both power delivery and data transfer. When an unsuspecting user plugs their device into a compromised USB port, malware can be silently installed, or data can be extracted without their knowledge. The malicious software may remain dormant, activating later to steal passwords, lock files for ransom, or even mine cryptocurrency, which can drain the device’s battery and degrade its performance.

Adding to the complexity of this threat, even charging cables can be tampered with to include hidden components that extract data as soon as they are connected. This makes it possible for travelers to fall victim to juice jacking even if they avoid public charging stations but use unfamiliar or unverified cables.

The threat of juice jacking extends far beyond U.S. borders. Airports, hotels, and shopping malls worldwide have reported similar incidents, as the universal nature of USB charging technology makes it a convenient vector for cyberattacks. The rise in reported cases has prompted security experts to raise awareness about this subtle yet significant risk, urging travelers to rethink how and where they charge their devices.

How to Protect Yourself

To stay safe, the FBI and cybersecurity professionals recommend adopting these precautions:

  • Carry Personal Chargers: Use your own charging devices and power banks to avoid reliance on public USB ports.
  • Use a USB Data Blocker: This small device allows charging while preventing data transfer, effectively neutralizing the threat of juice jacking.
  • Opt for Wall Outlets: Whenever possible, plug devices directly into a wall outlet for charging, as this eliminates the risk of data theft.

Some airports and transportation hubs are beginning to address the issue by installing “charge-only” stations that disable data transfer capabilities. However, such solutions are not yet widespread, making it essential for individuals to remain vigilant and proactive in protecting their devices.

Corporate and Financial Sector Responses

Businesses are taking the juice jacking threat seriously, with many companies updating travel policies to discourage employees from using public USB ports. Instead, employees are being provided with approved chargers and power banks to ensure the safety of corporate devices and sensitive data.

The financial sector is also raising alarms, advising customers to avoid conducting banking transactions or accessing sensitive accounts while connected to public USB ports. Even a brief connection to a compromised charging station could lead to unauthorized access to financial apps and accounts, potentially resulting in significant losses.

While steps are being taken to make public charging safer, the onus remains on travelers to prioritize device security. By carrying personal charging equipment, avoiding unverified cables, and utilizing tools like USB data blockers, individuals can mitigate the risks of juice jacking and safeguard their personal and financial information against this evolving cyber threat.

Read more »
Ransomware
Artificial Intelligence Cyber Security Cybersecurity Mobile Malware phishing Ransomware

Mobile Menace: McAfee's 2023 Report on the Top Mobile Threats

Mobile security

Mobile Data Security: Insights from McAfee's 2023 Consumer Mobile Threat Report

Mobile devices are an essential part of our lives today. From staying connected with our loved ones to handling our finances and work-related tasks, smartphones have become indispensable. However, this convenience comes with a price. 

As our dependence on mobile devices increases, so do the risks associated with mobile data security. In this blog post, we will explore some insights from McAfee's 2023 Consumer Mobile Threat Report and discuss how we can protect our mobile data.

According to the report, cybercriminals are getting more sophisticated in their approach toward mobile threats. They are using advanced techniques such as ransomware, malware, and phishing attacks to target mobile devices. 

One of the primary reasons behind the rise in mobile malware is the increase in app usage. Malicious apps often masquerade as legitimate ones, making it challenging to identify them. Once they gain access to your device, they can steal your personal information or lock your device, demanding a ransom payment. Another alarming trend highlighted by the report is the rise of phishing attacks. 

Cybercriminals are using social engineering techniques to trick users into providing their login credentials, credit card details, or other sensitive information. They do this by creating fake login pages that look identical to the original ones. Once you enter your details, criminals can use them to gain unauthorized access to your accounts.

McAfee's report suggests the following these things-

Stay safe from malicious apps

Millions of apps are available on the App Store and Google Play Store, but some of them may contain malware, which can provide hackers access to your device's data once downloaded. 

McAfee's Mobile Threat Report advises that users should be particularly cautious when downloading image editors and photography apps, business and phone utility apps, gaming tips and cheats, and social media tools. 

Users should also be wary of fake ChatGPT apps or those that claim to be powered by GPT-4. Additionally, users should be cautious of apps that charge excessively, which could be a red flag, as ChatGPT, Google's Bard, and Microsoft's Bing are all free to use on the web.

If an app has infected your device with malware, there may be some indicators such as increased mobile data consumption, rapid battery drain, subscriptions that you did not knowingly sign up for, or unfamiliar apps on your home screen. 

The report suggests running a virus scan with a trusted security app, restarting your device, deleting any suspicious software, or performing a factory reset as a last resort if your phone has been infected with malware.

Staw away from scammers

You should be cautious of scammers who may reach out to you through various means such as email, text, or social media direct messages. In the past, scams could be identified by incorrect grammar, spelling, or syntax in their messages. 

The report suggests scammers are now leveraging AI tools like ChatGPT to produce convincing and accurate scams without grammatical errors. This means that users need to conduct more thorough investigations to determine whether they are being scammed.

When trying to identify a scam, it's essential to look for certain indicators. Scammers often try to make you act urgently, contact you from unfamiliar numbers or names, and pressure you to provide personal information. You should remain vigilant and cautious when receiving unexpected messages or requests for information.

Keep a watch over kids

The risk of malware is not limited to work-related apps, such as productivity tools or photo editors. According to McAfee, malicious apps can also be disguised as apps aimed at children. These apps can be promoted on popular social media platforms like Instagram, TikTok, and YouTube and often target children by advertising cheats or gaming mods for games like Minecraft and Roblox. 

As children do not possess the same level of critical thinking skills as adults, it is essential to help your children keep their devices safe.

To safeguard your child's device, McAfee recommends setting clear boundaries on app downloads and ensuring that your child consults with you before downloading any apps so that you can verify their legitimacy. Additionally, you should lock your child's device to prevent them from entering any payment information into malicious apps. 

It's also important to keep track of any in-app purchases your child wishes to make, as these can be for game add-ons, character skins, or upgrades, which can be expensive. As these apps target children, your child may be misled into using your money to make costly purchases.
Read more »
Mobile Malware
Android Android Malware Coronavirus malware Mobile Malware

Android users may face hacker attacks under the guise of applications about coronavirus


Cybercriminals attack users of Android mobile devices using malicious applications disguised as legitimate information software about the new COVID-19 coronavirus infection. After installing the malicious app, the hacker gained control of the victim's Android device through access to calls, SMS, calendar, files, contacts, microphone, and camera.

Hackers continue to exploit people's fear of spreading the virus: malicious applications were found by experts on sites with domains associated with the coronavirus. Researchers have not yet discovered such applications on the Google Play Store.

Experts report that the apps were created using the Metasploit tool used for penetration testing. This software allows anyone with basic computer knowledge to create malicious applications in just 15 minutes: it’s enough to configure Metasploit for your goal, select the exploit and payload.

Such applications can easily gain control of the device. After launching on a device running on the Android operating system, the application hides the icon from the screen so that it is more difficult to detect and remove it.

Vasily Diaghilev, head of Check Point Software Technologies representative office in Russia and the CIS, says that in the current situation, the most alarming thing is how quickly and easily malicious applications can be created and reminds us of the need to follow the rules of digital hygiene.

Check Point researchers previously reported that more than 30,103 new coronavirus-related domains were registered in the past few weeks, of which 0.4% (131) were malicious and 9% (2,777) were suspicious. In total, since January 2020, more than 51 thousand domains associated with the coronavirus have been registered.
Read more »
Mobile Malware
Android Android Malware Check Point Google Play Store malware Mobile Malware

Check Point: 56 apps from the Google Play Store hide a new dangerous malware


Check Point experts have identified a new family of malware in the Google Play Store. It was installed in 56 Google Play Store apps that have been downloaded almost a million times by users worldwide. 24 apps among the damaged 56 are children's games, as well as utilities such as calculators, translators, cooking apps and others. As it is specified, applications emulate the behavior of a real user.

Tekya malware uses the MotionEvent mechanism in Android that simulates a click on an ad banner (first discovered in 2019) to simulate user actions and generate clicks.

Imitating the actions of a real person does not allow the program or a third-party observer to understand the presence of fraud. This helps hackers to attack online stores, make fraudulent ads, promote advertising, promote sites in search engine results, and also serve to carry out banking operations and other illegal actions.

During the research, Tekya went unnoticed by the VirusTotal and Google Play Protect programs.
Hackers created copies of official popular apps to attract an audience, mostly children since most apps with Tekya malware are children's games.

However, the good news is that all infected apps have already been removed from the Google Play.
This case shows that malicious app features can still be found in Google Play. Users have access to almost 3 million apps in the Google Play Store, and hundreds of new ones are downloaded daily, making it difficult to check the security of each individual app.

Although Google is taking steps to ensure security and prevent malicious activity on the Google Play Store, hackers are finding ways to access users' devices through the app store. So, in February, the Haken family of malware was installed on more than 50 thousand Android devices through various applications that initially seemed safe.
Read more »
Mobile Malware
Banking Malware Cyber Crime Cyber Safety Cyber Security. malware Mobile Malware

Hike in Banking Malware Attacks; Mobile Malware A Part of Cyber-Crime Too!



Banking malware is on a rise and the percentage of the wreckage it causes has risen up to 50%.

The viral banking malware usually is on the lookout for payment data, credentials and of course, cash.

Development kits for mobile malware code are easily available on underground portals and hence this issue is relevant.

The creators of mobile bankers henceforth allow the fabrication of new versions of malware that could be distributed on an enormous scale.

Ramnit (28%), Trickbot (21%) and Ursnif (10%) are apparently the most widely known types of the malware.

Mobile malware happens to be pretty difficult to identify and equally so to deal with as they use similar malicious techniques that are applied on computers.

The variants of the malware that were recurrently identified by the anti-virus solutions were Android-bound Triada (30%), Lotoor (11%) and Hidad (7%).

Turning the anti-malware off, using transparent icons with empty application labels, delayed execution to bypass sandboxes, and encrypting the malicious payload are a few of the evasion techniques being employed, per sources.

Read more »
Subscribe to: Posts (Atom)