Morrissey Technology

Loading

malware

Horrified, a New Virus Appears That Drains Your Account and Deletes Your Cellphone Data

Morrissey Technology – A malware or malicious software on Android called BingoMod was found to be able to drain accounts and delete cellphone data. This malware was found to be promoted via text messages, and masquerades as a legitimate mobile security tool. This malware can steal up to 15,000 Euros or IDR 262 million per transaction. According to the researchers who analyzed it, BingoMod is currently under active development. They say malware authors are focusing on adding code obfuscation and various evasion mechanisms to reduce detection rates.

Researchers at Cleafy, an online fraud management and prevention solution, reported BleepingComputer, found BingoMod distributed in smishing (SMS phishing) campaigns. They use various names that usually indicate mobile security tools such as APP Protection, Antivirus Cleanup, Chrome Update, InfoWeb, SicurezzaWeb, WebSecurity, WebsInfo, WebInfo, and APKAppScudo. In one example, the malware used the icon for the free AVG AntiVirus & Security tool available on Google Play. During the installation process, the malware requests permission to use the Accessibility Service, which provides advanced features that allow broad control over the device.

Once active, BingoMod steals any login credentials, takes screenshots, and reads SMS messages. To perform on device fraud (ODF), the malware creates a socket-based channel to receive commands and an HTTP-based channel to send screenshot feeds, thereby enabling near real-time remote operations. ODF is a common technique used to initiate criminal transactions from a victim’s device, circumventing standard anti-fraud systems that rely on identity verification and authentication. Cleafy researchers explain the Virtual Network Computing (VNC) activity abusing Android’s Media Projection API to obtain screen content in real-time.

Once received, the content is converted into a suitable format and transmitted via HTTP to the cybercriminal or threat actor’s infrastructure. One of the features of this activity is that it can leverage Accessibility Services to impersonate users and enable screen-casting requests, which are exposed by the Media Projection API. Commands that a remote operator can send to BingoMod include clicking on certain areas, writing text on certain input elements, and launching applications. This malware also enables manual overlay attacks via fake notifications initiated by cybercriminals. Additionally, devices infected with BingoMod can also be used to further spread malware via SMS.

https://www.gvardeysk.org/

Malware

There’s Dangerous Malware Hiding for Years on Google Play

Morrissey Technology – Security researchers at Kaspersky discovered malware, or rather spyware, called Mandrake hiding inside an application on Google Play. This spyware was found in crypto asset, astronomy and utility tools applications, which are available officially within Google Play. What’s worse, Mandrake has been available for two years and has been downloaded 32 thousand times.

The sample studied by Kaspersky featured advanced obfuscation and evasion techniques, allowing it to remain undetected by security vendors. Interestingly, Mandrake is not new spyware at all. Its action was first discovered in 2020 by BitDefender, which at that time discovered that this spyware infected in two large waves.

Applications compromised by Mandrake were first available on Google Play between 2016-2017, and then appeared again between 2018-2020. And, the ultimate ability of this spyware is that it can operate without being detected by Google, which can then infect large numbers of users, reaching hundreds of thousands of victims over four years. This espionage malware was then discovered again by Kaspersky researchers in April 2024 with more sophisticated capabilities.

“This new sample features advanced obfuscation and evasion techniques, including redirecting malicious functions to native obfuscated libraries using OLLVM, implementing certificate pinning for secure communication with command and control (C2) servers, and performing extensive checks to detect whether Mandrake is operating on rooted devices or in an emulated environment,” Kaspersky wrote.

The applications infiltrated by Mandrake this time were all published on Google Play in 2022. These applications are presented as file sharing applications via Wi-Fi, astronomy service applications, Amber for Genshin games, crypto asset applications, and applications with logic puzzles . As of July 2024, none of these apps had been detected as malware by any vendor, according to VirusTotal. Although it is no longer on Google Play, the app has been available for a long time, and was most downloaded in Canada, Germany, Italy, Mexico, Spain, Peru and the UK.

“After evading detection for four years in its initial version, the latest Mandrake campaign remained undetected on Google Play for another two years. This demonstrates the sophisticated skills of the threat actors involved. It also highlights a troubling trend: as restrictions and security checks tighten “As regulations become more stringent, the sophistication of threats that slip through official app stores increases, making them increasingly difficult to detect,” said Tatyana Shishkova, principal security researcher at Kaspersky’s GReaT (global research and analysis team).

https://hupack.com/-/for4d/

For4d

https://emservices.mx/

https://purenewsmag.com/

Situs Toto

https://sditalfirdausgedawang.sch.id/

Bandar Togel

https://cdn.org.br/

Malware in Chrome Web Store

Watch out! Lots of Malware in Chrome Web Store

Morrissey Technology – Google may claim that less than 1% of extension installations from the Chrome Web Store contain malware. However, other security researchers have different data. For your information, currently the Chrome Web Store contains more than 250 thousand extensions — a kind of additional application for the Chrome browser. Google boasts that its security team has succeeded in reducing the number of extensions containing malware from the Web Store.

“Just like other software, extensions can also contain risks,” said Google’s cybersecurity team.

However, other data emerged from a Stanford University security research team, consisting of Sheryl Hsu, Manda Tran, and Aurore Fass, who collaborated with the CISPA Helmholtz Center for Information Security.

They researched the Security-Noteworthy Extension (SNE) in the Web Store, and this SNE is an extension that is categorized as malware, violates Chrome Web Store rules, or an extension that has security holes.

During July 2024 to February 2023, there were 346 million users who installed extensions in the SNE category FOR4D. 63 million of them violated Web Store rules, and three million had security holes, meaning extensions containing malware were installed 280 million times.

In fact, in that time period there were only 125 thousand extensions available in the Chrome Web Store. The trio of researchers also found that Chrome extensions that are safe and do not contain malware usually don’t last long, only 51.8 to 62.9% survive after one year. Meanwhile, extensions that fall into the SNE category can actually last for an average of 380 days, and can even reach 1,248 days if they only contain security holes.

The SNE that lasted the longest in the Chrome Web Store was TeleApp, which lasted for 8.5 years and was last updated on December 13, 2013. When it was discovered to contain malware on June 14, 2022, this extension was removed. What’s worse, the application or extension rating doesn’t help much to find out the presence of malware in this SNE case.

“Overall, users never give SNE a low rating, which may be because users may not realize that this extension is dangerous. There is also the possibility that there are bots that give fake reviews and give high ratings to the extension,” wrote the research team in his paper.

https://knowyouridol.com/-/for4d/

https://stirringthefire.com/-/for4d/

Malware

Signs That Your Cellphone has Been Affected by Malware and How to Deal With it, Don’t Underestimate it

Morrissey TechnologyMalware viruses are dangerous enemies and threaten the devices you own, including the smartphone you currently hold. The reason is, malware can steal various information on the device, including banking information. There are several signs that your cellphone has been infected with malware that you should be aware of. Don’t ignore it, your account balance can run out if you ignore it. The following are the characteristics you should be aware of.

Characteristics of a cellphone being affected by malware

1. There is a warning about viruses that may infect you
2. The antivirus software used is no longer functioning
3. There is a significant decrease in the operating speed of the device FOR4D
4. You notice that the storage space on your device has decreased significantly and unexpectedly
5. Your device stops working or doesn’t work at all.

Here are the steps you can take to protect your device from malware:

1. Activate Google Play Protect

It’s easy. First, open the Google Play application, then tap the Profile icon FOR4D. Continue to Tap Protect > Settings > enable or disable Scan apps with Play Protect.

2. Update the device

Make sure to always update your device when it is available. If you don’t find notifications because they are turned off, you can go to Settings > System > System update. Later you will see a status update to continue.

3. Delete suspicious applications

It is important to delete or uninstall applications that are not important, untrusted, sourced from third parties, or outside the Google Play Store. To delete it, do the steps Settings > Apps & notifications > See all apps > click the application you want to uninstall > Uninstall.

4. Security checkup

• On your Android phone or tablet, open a web browser such as Chrome

• Go to myaccount.google.com/security-checkup FOR4D

• To fix security issues in your account, follow the steps provided.

DuneQuixote

Get to know DuneQuixote, The Malware Used by Hackers to Steal Data

Morrissey Technology – Dangerous malware continues to evolve. According to the cyber security company, Kaspersky, a new type of malware called DuneQuixote is currently emerging which targets government entities, both in the Middle East, Asia Pacific, Europe and North America.

DuneQuixote incorporates snippets taken from Spanish poetry to increase persistence and avoid detection, with the ultimate goal of cyber espionage. With this malware, hackers are able to spy on and retrieve the target’s sensitive data.

In its official statement, Kaspersky revealed that the initial malware dropper was disguised as a corrupted installer file for a legitimate tool called Total Commander. Inside this dropper, embedded are strings from Spanish poetry, with the strings varying from sample to sample.

According to principal security researcher at Kaspersky’s GReAT (Global Research and Analysis Team), Sergey Lozhkin, this variation aims to change the signature of each sample, making detection with traditional methodologies more difficult.

Embedded within the dropper is malicious code designed to download additional payloads in the form of a backdoor called CR4T. This backdoor, developed in C/C++ and GoLang, aims to give attackers access to the victim’s machine.

Specifically, the GoLang variant uses the Telegram API for C2 FOR4D communications, implementing public Golang telegram API bindings.

“This malware variation shows the adaptability and ingenuity of the threat actors behind this campaign. “At the moment, we have found two similar implants, but we strongly suspect the presence of additional implants,” said Sergey.

Kaspersky telemetry identified victims in the Middle East as early as February 2024. Additionally, multiple uploads of the same malware to semi-public malware scanning services occurred in late 2023, with more than 30 submissions. Other suspected sources of VPN exit points are located in South Korea, Luxembourg, Japan, Canada, the Netherlands, and the United States.

To avoid becoming a victim of attacks targeted by known or unknown cybercriminals, Kaspersky researchers recommend implementing the following steps:

Give your SOC team access to the latest threat intelligence (IT). The Kaspersky Threat Intelligence Portal is a single point of access for enterprise IT, providing cyber attack data and insights collected by Kaspersky over more than 20 years.

Upskill your cybersecurity team to address the latest targeted threats with Kaspersky online training developed by GReAT experts. For timely endpoint-level detection, investigation and remediation of incidents, deploy an EDR solution like Kaspersky Endpoint Detection and Response

In addition to adopting critical endpoint protection, implement enterprise-grade security solutions that detect advanced threats at the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform

Since many targeted attacks start with phishing or other social engineering techniques FOR4D, introduce security awareness training and teach practical skills to your team for example, through the Kaspersky Automated Security Awareness Platform.

VPN Malware

Watch Out For 28 VPNs and This Application is Listed as a Google Warning Indicating Malware

Morrissey Technology – The use of VPNs has surged in recent years along with the growing need to browse the web more safely and avoid geo-fenced content.

Millions of people have installed VPNs on their Android phones, but it’s a good idea to pay attention to these warnings before downloading a new VPB on your device.

The HUMAN team of cybersecurity experts at Satori threat intelligence has issued a warning after discovering some VPN malware and bad software.

Once installed, they can use a new threat, called PROXYLIB, to carry out ad fraud as well as phishing for personal data and password spraying. This is a brute force attack that attempts to break into accounts using passwords found in previous data breaches.

Even more concerning, all the apps found to contain the malware were available through the Google Play Store, meaning millions of people may have been able to access them.

All of them have been banned by Google but this serves as a reminder to be careful before installing new software.

“The Satori Threat Intelligence HUMAN team recently identified a group of VPN apps available on the Google Play Store that turn users’ devices into proxy nodes without their knowledge,” the team explained in a blog post.

“The 28 apps containing the PROXYLIB SDK identified in this report have been removed from the Play Store and HUMAN continues to work to stop the threat posed by PROXYLIB.”

It has been confirmed that the Google Play Protect service will help stop PROXYLIB FOR4D attacks in the future, so it’s best to make sure this function is enabled.

Unfortunately, the Satori Threat Intelligence team says more attacks are possible and Android users should remain vigilant when installing a new VPN.

“We hope that threat actors will continue to develop their TTPs to continue selling access to residential proxy networks generated by applications containing PROXYLIB,” Satori added as reported by the Mirror.

“HUMAN recommends that users download mobile applications exclusively from official marketplaces, such as the Google Play Store or iOS App Store. Furthermore, users should avoid clones or “mods” of popular applications that may allow malware or unwanted functions such as the PROXYLIB residential proxy registration of the nodes discussed in this report to masquerade as harmless software.”

You can find a complete list of apps expected to be impacted by Google’s ban. It is currently unclear whether developers knew their apps were infected with the threat or whether they were added later by cybercriminals.

The following is a list of applications affected by Google’s ban :

• Lite VPN

• Anims Keyboard

• Blaze Stride

• Byte Blade VPN

• Android 12 Launcher

• Android 13 Launcher

• Android 14 Launcher

• CaptainDroid Feeds

• Free Old Classic Movies

• Phone Comparison

• Fast Fly VPN

• Fast Fox VPN

• Fast Line VPN

• Funny Char Ging Animation

• Limo Edges

• Oko VPN

• Phone App Launcher

• Quick Flow VPN

• Sample VPN

• Secure Thunder

• Shine Secure

• Speed Surf

• Swift Shield VPN

• Turbo Track VPN

• Turbo Tunnel VPN

• Yellow Flash VPN