Brazil has been the target of multiple threat actors groups for years, including in the world of mobile banking. In addition to the ongoing activity from threat actors focused on the country’s traditional banking ecosystem, increased targeting of more modern financial services technologies has also been observed.…
Tag: SMS
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.
Phishing has always been one of the most prevalent and relentless cyberthreats.…
Intro
Read More
Resecurity has identified a large-scale smishing campaign targeting US Citizens. Previous incidents have impacted victims from the U.K, Poland, Sweden, Italy, Indonesia, Japan, and other countries. The threat group behind the campaign was skillfully impersonating the Royal Mail, New Zealand Postal Service (NZPOST), Correos (Spain), PostNord, Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate).…
By Trellix · August 17, 2023 This story was also written by Phelix Oluoch
Executive SummaryScattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022. Scattered Spider has largely been observed targeting telecommunications and Business Process Outsourcing (BPO) organizations.…
Published On : 2023-08-18
EXECUTIVE SUMMARYThe CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV. This threat actor is responsible for the development of CypherRAT and CraxsRAT, which in the last 3 years was purchased by over 100 distinct threat actors on a lifetime license.…
As technology continues to evolve, there is a growing concern about the potential for large language models (LLMs), like ChatGPT, to be used for criminal purposes. In this blog we will discuss two such LLM engines that were made available recently on underground forums, WormGPT and FraudGPT. …
This is the third part of our research based on an investigation of a series of attacks against industrial organizations in Eastern Europe.
The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems.
In total we have identified over 15 implants and their variants planted by the threat actor(s) in various combinations.…
Key points
Starting from the end of 2022, an Android Spyware called SpyNote was observed to carry out bank fraud due to its many features.
SpyNote abuses Accessibility services and other Android permissions in order to:– Collects SMS messages and contacts list;– Record audio and screen;– Keylogging activities;– Bypass 2FA;– Tracking GPS locations.…
Read More
During a recent proactive hunt for malicious mobile malware, Sophos X-Ops researchers from SophosLabs discovered a group of four credential-harvesting apps targeting customers of several Iranian banks. Most of the apps are signed using the same – possibly stolen – certificate, and share various classes and strings.…
Authored by Yukihiro Okutomi
McAfee’s Mobile team observed a smishing campaign against Japanese Android users posing as a power and water infrastructure company in early June 2023. This campaign ran for a short time from June 7. The SMS message alerts about payment problems to lure victims to a phishing website to infect the target devices with a remote-controlled SpyNote malware.…
What are WyrmSpy and DragonEgg surveillanceware?
Read More
WyrmSpy and DragonEgg are two advanced Android surveillanceware that Lookout attributes to high-profile Chinese threat group APT41, also known as Double Dragon, BARIUM, and Winnti.
While APT41 is mostly known for exploiting web-facing applications and infiltrating traditional endpoint devices, these malware are rare reported instances of the group exploiting mobile platforms.…
Introduction to Letscall
Read More
In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers.…
In partnership with vx-underground, SentinelOne recently ran its first Malware Research Challenge, in which we asked researchers across the cybersecurity community to submit previously unpublished work to showcase their talents and bring their insights to a wider audience.
Today’s post marks the start of a series highlighting the best entries, beginning with the winner from Pol Thill, Cyber Threat Intelligence Analyst at QuoIntelligence.…
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.…
Fake VPN Sites Distributing Various Malware Strains
Read More
Threat Actors (TAs) commonly employ fake phishing websites as their preferred method for distributing malware. This is due to the ease of luring victims into clicking on links contained in phishing emails or sms. TAs often use brand impersonation in their phishing campaigns to deceive users effectively, creating an illusion of trustworthiness and legitimacy to trick unsuspecting individuals.…
Found in Environments Protected by: Mimecast
Author: Olwen Brangan
Cofense Phishing Defense Center
The Cofense Phishing Defense Center discovered a multi-stage phishing campaign targeting customers from Xneelo, a South African web hosting provider who supports over 500,000 customers. Xneelo provides customers with two options of control panels to manage accounts: the Xneelo control panel and the older KonsoleH control panel.…
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.We…
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data – Krebs on Security
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016.…
Researchers at Lookout have discovered a new Android surveillance tool which we attribute with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Named BouldSpy for the “BoulderApplication” class which configures the tool’s command and control (C2), we have been tracking the spyware since March 2020.…