by admin | May 25, 2021 | Markets, Networking, News, Technology
New Delhi : Two new sophisticated Android Banking trojan viruses are exploiting mobile users’ behaviour in India to gain access to their confidential data, global IT security firm Quick Heal warned on Tuesday.
Security experts at Quick Heal Security Labs have detected “Android.Marcher.C” and “Android.Asacub.T” — the two trojans that imitate notifications from popular social applications such as WhatsApp, Facebook, Skype, Instagram and Twitter as well as some of the leading banking apps in India.
By gaining access to incoming messages through administrative privileges, these malware also allow hackers to bypass the two-factor OTP authentication typically used for securing online transactions in India, the researchers warned.
“Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users,” said Sanjay Katkar, Co-founder and CTO, Quick Heal Technologies Limited.
“The fact that we’ve detected three similar malware in less than six months indicates that hackers are now targeting mobile users, who are far more vulnerable to sophisticated phishing attacks,” he added.
While “Android.Marcher.C” uses the Adobe Flash Player icon to look like a genuine app, “Android.Asacub.T” mimics an Android Update icon.
Whenever users access an app on the database of these malware, they are tricked into entering sensitive information such as banking credentials, card details, and login IDs/passwords before they can continue using the app.
This is not the first time that Quick Heal Security Labs has detected such a malware.
The researchers previously raised an alert in January this year about a similar Android Banking Trojan.
Known as “Android.banker.A2f8a”, the malware was distributed through a fake Flash Player on third-party app stores and mimicked more than 232 banking and cryptocurrency apps.
The security researchers have recommended Android users to avoid downloading apps through third-party app stores or through links provided in SMS and email.
“Always keep ‘Unknown Sources’ disabled, and verify app permissions before installing any app from official stores,” the security firm said.
Users must also keep their Google Play Protect service always ‘ON’ and install a reliable mobile security app to detect and block fake/malicious apps, it added.
—IANS
by admin | May 25, 2021 | Markets, Technology
San Francisco : A new cryptocurrency-mining bot, named “Digmine”, that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.
After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates.
Facebook Messenger works across different platforms but “Digmine” only affects the Messenger’s desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.
“Digmine” is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.
If the user’s Facebook account is set to log in automatically, “Digmine” will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.
The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.
A known modus operandi of cryptocurrency-mining botnets and particularly for “Digmine” (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income, the blogpost stated.
The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.
If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.
—IANS
by admin | May 25, 2021 | Markets, Technology
By Sourabh Kulesh, New Delhi, (IANS) India is among the top five countries in the world to be attacked by ransomware — malware that forces its victims to pay a ransom through certain online payment methods in order to grant access to their systems, or to get their data back, says an executive from Russia-based software security group Kaspersky Lab.
“Ransomware attacks are high in India and it is one the top five countries that has most infections,” Vitaly Kamluk, Head of APAC Global Research and Analysis Team, Kaspersky Lab, told IANS.
According to statistics presented by Kamluk during a roundtable discussion on “Security Threat landscape” here on Friday, India takes the first spot in the list of countries that were attacked by Teslacrypt ransomware in March-May 2016 and ranked fourth in the countries that was attacked by Locky ransomware during the same period.
In India, while 11,674 users were attacked by TeslaCrypt ransomware during March-May 2016, 564 users were attacked by Locky ransomware during the same period.
Ransomware is a type of malware that prevents or limits users from accessing their system.
Locky is a Windows ransomware infection that was released in the middle of February 2016. This ransomware infection affects all versions of Windows.
TeslaCrypt ransomware is now defunct. Its master key was released by the developers and a free decryption tool is now available on the internet.
While explaining the data received by Kaspersky Labs, Kamluk said Karnataka (36.58 per cent) was the most affected state with ransomware with Tamil Nadu (16.72 per cent) taking the next spot.
Next came Maharashtra (10.86 percent), followed by Delhi (10.00 per cent), West Bengal (6.70 per cent), Uttar Pradesh (5.33 per cent), Telangana (4.54 per cent), Kerala (3.87 per cent), Gujarat (2.35 per cent) and Haryana (1.96 per cent) at the last spot.
While talking about the global trends, Kamluk said there are majorly five types of ransomware that are making the rounds on the internet today — encryption ransomware, master boot record (MBR) ransomware, screen locker, ransomware encrypting web servers and mobile device ransomware, which is majorly affecting Android devices.
Kamluk noted that internet users who are not aware are the entities most prone to ransomware attacks.
“Popular propagation methods of the infection include infected websites, malvertising (malicious advertising), transfer of affected file via e-mail – such as documents or multimedia files — or instant message and social networks,” he noted.
While answering a question about whether to pay or not to pay to get the data back, Kamluk said, “an attacked user should not pay the ransom as there is no guarantee that the attacker will release a key to you”.
To be safe or to avoid data loss after being attacked by a cyber criminal, Kemluk advised the users to have backups and keep it in a safe place. He said users should use reliable antivirus solution and update them regularly to patch any vulnerable loopholes.
He said governments and antivirus service companies should work together to check the cyber attacks.
“CoinVault decryptor was built by Kaspersky Lab and the Netherlands’ National High Tech Crime Unit to counter such attacks,” he noted, adding that thousands of decryption keys are available for CoinVault, Bitcryptor and CryptXXX infections with the company.
On being asked, will there be a decline in antivirus software usage after the launch of hardware security modules such as “crypto-level security in hardware” in microprocessors, Kemluk said, “Antivirus software is kind of a personal advisor. Unless you have a very technical friend to reverse engineer the threat, you will need these softwares to do that work for you. Antivirus softwares are going to stay because developers will be developing new softwares over time.”
Kaspersky is now rolling out 360-degree security solutions for enterprises, Altaf Halde, Managing Director (South Asia) Kaspersky Lab, India said.
“We have started offering very focussed services to the enterprises, such as solutions for data centres, light agent solution for virtualised environment that does not degrade its speed and performance and solutions for industrial security,” Halde noted.
(Sourabh Kulesh can be contacted at sourabh.k@ians.in)
