Summary: A new banking Trojan called Antidot has been discovered by Cyble Research and Intelligence Labs, targeting Android devices with sophisticated malware features.

Threat Actor: Antidot Trojan | Antidot Trojan Victim: Android users | Android users

Key Point :

The Antidot Trojan disguises itself as a Google Play update application and displays a fake update page in multiple languages to target Android users in different regions.…
Read More

Threat Actor: Unknown | Unknown Victim: France Solar | France Solar Price: $1,000 Exfiltrated Data Type: Personal information of users

Additional Information :

The leaked database contains information on approximately 42,000 users. The full dump size is specified to be 200 MB. Key data fields include user IDs, client IDs, personal details such as names, addresses, contact numbers, emails, birthdays, nationalities, and more.…
Read More

Summary: The National Cyber Security Centre (NCSC) in the UK has launched a new platform called Share and Defend to help disrupt cybercrime and online fraud across the country by providing a list of malicious domains to communications providers for blocking.

Threat Actor: N/A Victim: N/A

Key Point :

The NCSC’s Share and Defend system aims to enhance cybersecurity in the UK by sharing a list of malicious domains with communications providers, allowing them to add these domains to blocklists.…
Read More

Key Takeaways 

A new Android Banking Trojan, “Antidot,” masquerading as a Google Play update application, displays fake Google Play update pages in multiple languages, indicating a wide range of targets.  

Antidot incorporates a range of malicious features, including overlay attacks and keylogging, allowing it to compromise devices and harvest sensitive information. …
Read More

Summary: Apple and Google have announced an industry specification for Bluetooth tracking devices that will alert users to unwanted tracking.

Threat Actor: Unwanted tracking | unwanted tracking Victim: Users | users

Key Point :

Apple and Google have collaborated on a specification called “Detecting Unwanted Location Trackers” to alert users if their device is being used to track them.…
Read More

Summary: The Federal Trade Commission (FTC) is warning auto manufacturers about their data collection and sales activities, specifically regarding the sharing of sensitive car data with advertisers.

Threat Actor: None identified.

Victim: Auto manufacturers.

Key Point:

The FTC is closely monitoring the data collection and sales practices of auto manufacturers, particularly the sale of geolocation data and the disclosure of sensitive information.…
Read More

Summary: The Avast Q1/2023 Threat Report highlights the increase in social engineering scams and the evolving tactics used by cybercriminals to exploit deepfakes, YouTube, malvertising, and phishing.

Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations

Key Point :

Social engineering scams have increased by 61% on mobile and 23% on desktop.…
Read More

Threat Actor: Centre | Centre Victim: Patriot Mobile | Patriot Mobile Price: Unknown Exfiltrated Data Type: Personal information of approximately 65,000 users

Additional Information :

The breach occurred in 2022. The compromised data includes Account PINs, full names, email addresses, credit scores, physical locations, dates of birth, the last four digits of Social Security Numbers (SSNs), account balances, and enrollment types.…
Read More

Research by: Antonis Terefos

Introduction

PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments. PDFs have evolved into a standard format for presenting text, images, and multimedia content with consistent layout and formatting, irrespective of the software, hardware, or operating system used to view them.…

Read More

Summary: The content discusses the rise of insider threats, specifically in the context of work-from-home employees and increasing financial pressures.

Threat Actor: Insider Threats | Insider Threats Victim: Various organizations and businesses | organizations and businesses

Key Point:

Filings to anti-fraud non-profit Cifas have increased by 14% due to insider threats, with work-from-home employees and financial pressures being contributing factors.…
Read More

Summary: This content discusses a phone scam where cybercriminals pose as the PayPal security team and trick victims into giving them access to their online accounts.

Threat Actor: Cybercriminals | cybercriminals Victim: PayPal users | PayPal users

Key Point :

Cybercriminals pretend to be the PayPal security team and call victims, claiming there is unusual activity on their accounts.…
Read More

AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.

A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …

Read More

Summary: This content discusses a technique called GhostStripe that can interfere with autonomous vehicles by exploiting their reliance on camera-based computer vision, causing them to not recognize road signs.

Threat Actor: Unknown | GhostStripe Victim: Tesla and Baidu Apollo drivers | Tesla, Baidu Apollo

Key Point:

A technique called GhostStripe exploits the reliance of autonomous vehicles on camera-based computer vision to interfere with their ability to recognize road signs.…
Read More

Key Takeaways

CRIL (Cyble Research and Intelligence Labs) has discovered a new ransomware variant named Trinity. This variant employs a double extortion technique to target victims. 

The Threat Actors (TA) behind Trinity ransomware utilize both victim support and data leak sites.  

CRIL’s analysis unveiled that a ransomware called “2023Lock” shares a similar ransom note format and underlying codebase with Trinity, indicating it could be a new variant of 2023Lock. …
Read More
Introduction

In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed in private, there was no publicly available reliable option for us to use at the time, which led us to develop our own nanoMIPS disassembler and decompiler module for Ghidra.…

Read More

Threat Actor: Unknown | Unknown Victim: Australian citizens | Australian citizens Price: $3,500 Exfiltrated Data Type: Australian citizenship data

Additional Information :

The threat actor is allegedly selling a database containing Australian citizenship data for the year 2024. The database is reported to contain 14 million records, each potentially containing sensitive personal information.…
Read More

Victim: qstartlabs.com Country : Actor: lockbit3 Source: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/post/BhQslxzg6WLJo2xO6638deba23e4d Discovered: 2024-05-06 16:56:51.824552 Published: 2024-05-06 13:44:00.000000 Description : Software. Development. For. Startups. Begin your startup journey with QStart Labs, —your dedicated tech team for web, mobile, and AI application development. Better than that we also blend cutting-edge technology with strategic insight, propelling your…

Ransomware Victims – ALL Other Victims by lockbit3…

Read More