Saturday , January 18 2025
Android

Android malware attack Indian banks: Infected 419 devices

Researchers discovered a new Android banking trojan aimed at Indian users. This malware pretends to be essential utility services to deceive users into sharing sensitive information.

The malware has compromised 419 devices, intercepted 4,918 SMS messages, and stolen 623 banking credentials. The ongoing campaign is expected to affect more devices and result in more stolen data.

AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

Amazon Web Services (AWS) has recently fixed two major security vulnerabilities in its cloud services: Amazon WorkSpaces, Amazon AppStream 2.0,...
Read More
AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

Malware Trends Review 2024: Ever Recorded Cyber Threats

Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A...
Read More
Malware Trends Review 2024: Ever Recorded Cyber Threats

Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

A recent Infoblox Threat Intel report reveals a sophisticated botnet that exploits DNS misconfigurations to spread malware widely. This botnet,...
Read More
Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

CVE-2024-9042
Code Execution Vulnerability Found in Kubernetes Windows Nodes

A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows worker nodes. It has a...
Read More
CVE-2024-9042  Code Execution Vulnerability Found in Kubernetes Windows Nodes

Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

The hacking group "Belsen Group" has posted over 15,000 unique FortiGate firewall configurations online. The data dump, reportedly obtained by exploiting...
Read More
Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

Registration open for 1st Agile Cyber Drill 2025

Registration open for "1st Agile Cyber Drill-2025" scheduled for February 26, 2025 online with an awards ceremony for 9 March...
Read More
Registration open for 1st Agile Cyber Drill 2025

30 Days to Go for FutureCrime Summit 2025

The FutureCrime Summit 2025 is just 30 days away. This conference is the largest on technology-driven crime, covering topics like...
Read More
30 Days to Go for FutureCrime Summit 2025

Microsoft January 2025 Patch, 159 Vuls, 10 Critical RCE’s

Microsoft's January Patch Tuesday update fixed 159 vulnerabilities, including 10 critical Remote Code Execution (RCE) issues. These updates are essential...
Read More
Microsoft January 2025 Patch, 159 Vuls, 10 Critical RCE’s

CVE-2023-37936
Fortinet released update for a critical cryptographic key vuln

Fortinet released security patches for a critical vulnerability (CVE-2023-37936) involving a hard-coded cryptographic key. This flaw lets remote, unauthorized attackers...
Read More
CVE-2023-37936  Fortinet released update for a critical cryptographic key vuln

Millions of Accounts Vulnerable due to Google’s OAuth Flaw

A critical flaw in Google’s "Sign in with Google" system has put millions of Americans at risk of data theft....
Read More
Millions of Accounts Vulnerable due to Google’s OAuth Flaw
   Scammer messages reaching users via Whatsapp, Source: mcafee

Cybercriminals are using WhatsApp’s large user base in India to share harmful APKs that, when installed, give them access to victims’ financial information.

The malware creator has developed a mobile app to manage the C2 infrastructure directly, bypassing web interfaces and communicating straight with C2 servers, unlike earlier malware.

   C2 management mobile application, Source: Mcafee

The app can remotely instruct infected devices to send SMS messages to certain numbers. It uses Firebase Realtime Database for easy storage and retrieval of configuration data, emphasizing direct device control and data extraction.

McAfee research has identified 419 unique devices infected with a specific malware variant, which is expected to rise due to the continuous evolution and spread of new strains.

The malware poses as a gas bill payment app and uses the PayRup logo to trick users into trusting it.

Phishers use the trust associated with messaging platforms to trick users into downloading harmful software, risking financial loss and personal information theft.

After installation and granting permissions, the app requests sensitive financial information like card and bank details, which it sends to a C2 server while showing a fake payment failure message.

   JWT token exposed in plaintext, Source: Mcafee

Investigators found 5,558 records in the database, including 4,918 SMS messages and 623 financial records. Analysis of package names indicates a complex scam targeting financial institutions and utility services.

Eight unique package prefixes were identified, each linked to specific scam themes involving major banks like Axis, ICICI, and Punjab National Bank, along with regional banks and utility providers.

Due to the rise of scams on messaging platforms like WhatsApp, users should be cautious with messages from unknown sources and use strong security software to protect against threats.

Check Also

fraud

Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts

Bangladeshi Social media posts have raised concerns about unauthorized withdrawals from bank accounts, affecting at …

Leave a Reply

Your email address will not be published. Required fields are marked *