Select Page
Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware.

“Xenomorph is a trojan that steals credentials from banking applications on users’ devices,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

“It is also capable of intercepting users’ SMS messages and notifications, enabling it to steal one-time passwords and multi-factor authentication requests.”

The cybersecurity firm said it also found an expense tracker app that exhibited similar behaviour, but noted that it couldn’t extract the URL used to fetch the malware artefact.

images from Hacker News

VPN vs. DNS Security

VPN vs. DNS Security

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let’s discuss both.

VPN Explained

VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by redirecting your traffic via a server run by a VPN host. It establishes a protected connection in public networks. It does protect your actions from being seen by your ISP and potential hackers, however, it does not provide full protection and can still let intrusions happen.

Worth noting, VPN does gain access to restricted resources in your region, but bear in mind, it might be collecting your personal data. This problem relates mostly to free and cheap VPN services. In addition to that, VPNs, depending on their type, can proxy requests or not.

Most of the free ones do not even encrypt your data. According to Cybernews, last year 20 million emails and other personal data like location & legal information were stolen via VPN.

images from Hacker News

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution.

“By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution,” Palo Alto Networks Unit 42 said in a Thursday report.

OpenLiteSpeed, the open source edition of LiteSpeed Web Server, is the sixth most popular web server, accounting for 1.9 million unique servers across the world.

The first of the three flaws is a directory traversal flaw (CVE-2022-0072, CVSS score: 5.8), which could be exploited to access forbidden files in the web root directory.

images from Hacker News

Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks

Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks

The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world.

The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison.

Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands, according to a criminal complaint filed in the District of New Jersey.

A search of the defendant’s home in August and October 2022 by Canadian law enforcement unearthed a file stored on a device containing what’s suspected to be a list of “prospective or historical” victims as well as screenshots of communications exchanged with “LockBitSupp” on the Tox messaging platform.

Also found were a text file with instructions to deploy LockBit ransomware, the malware’s source code, and a website that’s believed to be the control panel operated by the group to administer the ransomware.

images from Hacker News

New Updates for ESET’s Advanced Home Solutions

New Updates for ESET’s Advanced Home Solutions

It’s no secret that antivirus software is as essential to your computer as a power cord.

However, the threats don’t stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email.

ESET’s latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are built with ESET’s signature light footprint for gaming, browsing, shopping and socializing with no interruptions or slowdowns.

Introducing enhanced security for Windows, Mac and Android

For more than 30 years, ESET® has created industry-leading IT security software and services, protecting businesses worldwide from ever-evolving digital threats.

images from Hacker News

Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland

Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.

The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place within an hour of each other across all victims.

The Microsoft Threat Intelligence Centre (MSTIC) is now tracking the threat actor under its element-themed moniker Iridium (née DEV-0960), a Russia-based group that’s publicly tracked by the name Sandworm (aka Iron Viking, TeleBots, and Voodoo Bear).

“This attribution assessment is based on forensic artefacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity,” MSTIC said in an update.

The company also further assessed the group to have orchestrated compromise activity targeting many of the Prestige victims as far back as March 2022, before culminating in the deployment of the ransomware on October 11.

images from Hacker News