by admin | May 25, 2021 | Markets, Networking, News, Technology
New Delhi : Two new sophisticated Android Banking trojan viruses are exploiting mobile users’ behaviour in India to gain access to their confidential data, global IT security firm Quick Heal warned on Tuesday.
Security experts at Quick Heal Security Labs have detected “Android.Marcher.C” and “Android.Asacub.T” — the two trojans that imitate notifications from popular social applications such as WhatsApp, Facebook, Skype, Instagram and Twitter as well as some of the leading banking apps in India.
By gaining access to incoming messages through administrative privileges, these malware also allow hackers to bypass the two-factor OTP authentication typically used for securing online transactions in India, the researchers warned.
“Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users,” said Sanjay Katkar, Co-founder and CTO, Quick Heal Technologies Limited.
“The fact that we’ve detected three similar malware in less than six months indicates that hackers are now targeting mobile users, who are far more vulnerable to sophisticated phishing attacks,” he added.
While “Android.Marcher.C” uses the Adobe Flash Player icon to look like a genuine app, “Android.Asacub.T” mimics an Android Update icon.
Whenever users access an app on the database of these malware, they are tricked into entering sensitive information such as banking credentials, card details, and login IDs/passwords before they can continue using the app.
This is not the first time that Quick Heal Security Labs has detected such a malware.
The researchers previously raised an alert in January this year about a similar Android Banking Trojan.
Known as “Android.banker.A2f8a”, the malware was distributed through a fake Flash Player on third-party app stores and mimicked more than 232 banking and cryptocurrency apps.
The security researchers have recommended Android users to avoid downloading apps through third-party app stores or through links provided in SMS and email.
“Always keep ‘Unknown Sources’ disabled, and verify app permissions before installing any app from official stores,” the security firm said.
Users must also keep their Google Play Protect service always ‘ON’ and install a reliable mobile security app to detect and block fake/malicious apps, it added.
—IANS
by admin | May 25, 2021 | Business, Corporate, Corporate Buzz, Markets, Networking, Sales, SMEs, Technology
New Delhi : Global IT security firm Quick Heal’s Enterprise Security brand Seqrite has discovered an advertisement on DarkNet forum that claims to have access to data of over 6,000 Indian businesses that include Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises.
Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, tracked the advertisement where the unknown hacker has priced the information at 15 Bitcoins (nearly Rs 42 lakh) and is offering network takedown of affected organisations for an unspecified amount, the company said in a statement on Tuesday.
“This can be a major tool of mass disruption if a non-state actor gets hands on it,” Seqrite said on its website.
The organisations whose services may be at risk are: UIDAI (Aadhaar), Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare, Employees’ Provident Fund Organisation and various Indian state government portals, among others.
“We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above mentioned organisations and enterprises can get affected,” Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal, told IANS.
Following a detailed investigation, researchers identified the affected organisation as India’s national Internet registry IRINN (Indian Registry for Internet Names and Numbers) which comes under the National Internet Exchange of India (NIXI).
As a precautionary measure, Seqrite reached out to the government authorities and Asia Pacific Network Information Centre (APNIC), recommending to them to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates.
According to the researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service (DoS) attack-like condition.
“This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India,” the company said.
“Along with the access, the hacker is also selling credentials and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC),” it added.
The IRINN provides allocation and registration services of IP addresses and autonomous system numbers.
It comes under NIXI which “is the neutral meeting point of the ISPs in India with the primary objective being the facilitation of exchange of domestic Internet traffic between peering ISP members”.
—IANS
