Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.
Starry Addax conducts phishing attacks tricking their targets into installing malicious Android applications we’re calling “FlexStarling.” …
Read More Tag: ANDROID
09/04/2024
Phishing home pageA sophisticated malicious campaign is currently underway, aimed at compromising Android devices in Italy through the SpyNote malware. This is disguised as the “INPS Mobile” application, available for download on a specifically created domain yesterday, with the aim of deceiving victims.
The phishing page, reported by D3lab to CERT-AGID, is carefully designed with logos and content that reproduce the official ones of the Institute.…
Summary: Google is suing two China-based Android app developers for allegedly scamming 100,000 users worldwide through fake cryptocurrency and investment apps, with victims losing up to $75,000.
Threat Actor: China-based Android app developers | China-based Android app developers Victim: 100,000 users worldwide | 100,000 users worldwide
Key Point :
Google is suing two China-based Android app developers for allegedly scamming 100,000 users worldwide through fake cryptocurrency and investment apps.…Summary: A self-service check-in terminal used in a German Ibis budget hotel was found to be leaking hotel room keycodes, potentially affecting hotels around Europe. The security flaw allowed anyone to easily aggregate room keycodes, posing risks such as theft and jeopardizing the personal safety of guests.…
Summary: This article discusses the escalating threat of a fake e-shop campaign that targets banking security across various regions. The campaign has expanded from targeting Malaysian banks to financial institutions in Vietnam and Myanmar, using sophisticated tactics and Android malware with screen-sharing capabilities.
Threat Actor: Unknown | fake e-shop campaign Victim: Financial institutions in Malaysia, Vietnam, and Myanmar | Malaysian banks, Vietnam, Myanmar
Key Point :
A fake e-shop campaign has expanded its reach from Malaysian banks to financial institutions in Vietnam and Myanmar.…In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions:
DDoS Attack Capabilities Communication with Command and Control (C&C) Server Evade detection Network Setup and Configuration Process ManipulationGafgyt malware, which is also known as Bashlite has targeted millions of vulnerable IoT devices in the last few years.…
Executive summary
Read More The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.…
Hihi 
! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.
Our mission is straightforward: we want an advanced hassle-free solution to reverse Android applications, especially malware. We need a tool that integrates decompilation, decryption, dynamic debugging, and vulnerability detection.…
The Pixel Update Bulletin provides details on security vulnerabilities, functional improvements, and updates for supported Pixel devices.
Key Point:
Security patch levels of 2024-04-05 or later address all issues in the bulletin and the April 2024 Android Security Bulletin. All supported Google devices will receive an update to the 2024-04-05 patch level.…
Key TakeawaysOnce again, a fake e-shop campaign has been detected, this time targeting 18 Malaysian banks with upgraded malicious applications.
The campaign has progressed from its initial focus on Malaysian banks to a broader scope that now encompasses banks in Vietnam and Myanmar.
The latest version of the malware introduces advanced features such as screen-sharing functionality, the utilization of accessibility services, and intricate communication with command and control servers, signifying an elevated level of sophistication and perseverance. …
Read More ______________________ Vultur banking malware for Android poses as McAfee Security app
Key Point : * Vultur banking trojan for Android has advanced remote control capabilities and an improved evasion mechanism. * Distributed over Google Play through dropper apps in late 2022. * Included in Zimperium’s top 10 most active banking trojans for targeting 122 banking apps in 15 countries.…
____________________ Summary: A PhaaS campaign called “Darcula” has been targeting organizations in over 100 countries using more than 20,000 fake domains. The campaign utilizes unique tools and platforms to carry out phishing attacks, including sending messages through iMessage and RCS protocols. The attackers primarily target postal services and other institutions that rely on consumer trust.…
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time.
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.…
____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point 
:
– The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023.
– End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains
‘darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns. Rather than the more typical PHP, the platform uses many of the same tools employed by high-tech startups, including JavaScript, React, Docker, and Harbor. …
Summary : The article discusses how hackers are targeting high-risk individuals’ personal accounts as corporate accounts become more secure. It provides recommendations from cybersecurity experts to counter such attacks.
Key Point :
Activate two-step verification: Use multifactor authentication to enhance security for email, social media, and financial accounts.…
____________________ Summary: Vietnam Securities Broker, VNDirect, faces cyberattack leading to trading suspension.
Key Point :
– VNDirect’s data was encrypted by professional hackers.
– Only VNDirect was affected, no risk of contagion to other financial organizations.
– Restoration process includes customer accounts, floor trading, and other financial services.…
Summary: Apps found on Google Play are turning devices into proxy network nodes without users’ knowledge, posing a security risk.
Key Point:
Apps with hidden proxy network functionality are being removed from Google Play.
The LumiApps SDK is used to enroll devices in a residential proxy network.…
It’s tax season, that wonderful time of year when a refund check might be showing up in your mailbox—or going out to be sent to the government.
Around the world, many countries are gearing up for tax time.
This becomes a common time for hackers to step in.…
Summary : The leaked data trove belonging to the Chinese hacking contractor iSoon reveals its links to Chinese APT groups, showcasing its involvement in cyberespionage operations on behalf of Beijing.
Key Point :
The leaked data trove belonging to iSoon reveals its links to Chinese state hacking groups RedHotel, RedAlpha, and Poison Carp.…