In today’s daily round up – Qualcomm has patched three zero-day vulnerabilities which were actively exploited in targeted attacks against Android devices, Dedge Security has raised €4 million in seed funding to bolster its platform, and PTSD Resolution has teamed up with the Chartered Institute of Information Security to provide trauma therapy services to cybersecurity professionals.
TeaBot, a highly sophisticated type of malware, is increasingly infecting Android smartphones. Cybersecurity firm Zscaler’s ThreatLabz reported a sharp rise in malicious activity leveraging TeaBot this week.
TeaBot, also known as “Anatsa,” is designed to impersonate seemingly harmless applications such as PDF and WR code readers. Once installed on an Android smartphone, it acts as a Trojan horse containing numerous financial scams.
“[TeaBot] is a known Android banking malware that targets applications from over 650 financial institutions, primarily in Europe. We observed Anatsa actively targeting banking applications in the US and UK. However, recent observations indicate that threat actors have expanded their targets to include banking applications in Germany, Spain, Finland, South Korea, and Singapore,” explains Zscaler ThreatLabz.
The SonicWall Capture Labs team reported on threat actors developing malicious, fake Android apps to impersonate Google, Instagram, Snapchat, WhatsApp, and X.
When downloaded by victims and once permissions have been granted to use them, illegitimate apps aim to steal sensitive data from Android devices, such as contacts, text messages, call logs, and passwords.
In conclusion, in its investigations on hacking claims, Zscaler found that only an isolated test environment was compromised.
The investigation arrived after a hacker named ‘IntelBroker’ confirmed that he breached Zscaler, offering to sell their data for $20K. The incident investigation is now also being conducted with Europol.
According to a Broadcom report, a banking trojan named “Cerberus” pretending to be a Google Chrome update has successfully distributed to numerous systems.
Affecting only Android users, the Cerberus malware allows attackers to completely control affected systems through its complex remote access capabilities.
Commercial surveillance technology targeting smartphones, once the province of spymasters, is now becoming widely available on the open market. It is not only high-profile individuals such as politicians who are now threatened but also business people and ordinary smartphone users.
Half of the known zero-day exploits (a previously unknown vulnerability) used against Google and Android devices can be attributed to commercial surveillance vendors (CSVs), according to a new 50-page report from Google, Buying Spying: Insights into Commercial Surveillance Vendors.
“The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” says Google.
Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.
IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.
Google has warned users of Android devices to take specific precautionary measures to prevent malware infection. This warning comes after a reported increase in malware aimed at stealing information and money.
Precautionary measures advised by the service provider include turning on Google Play Protect, updating software, and removing untrusted apps.
Singaporean police have warned Android phone users of a new malware variant that is capable of resetting Android phones to factory settings. Reports say that more than $7.3 million has been lost through threat actors using the malware variant. The malicious code is hidden in social media posts, advertising the sale of different items. It is then downloaded when the applicant clicks on the link to make a payment.
A malicious malware attack targeting Asia’s power grid has been reported.
Called ShadowPad or PoisonPlug the malware allows for credential theft. Reports allege the malware to be the work of novel threat operation RedFly.
In today’s roundup; Russian threat actors target the Ukranian Military, browser-hacking malware found on the phones of Xiaomi users, and a LockBit data leak.
In today’s roundup; a Chinese cyberespionage group deploys malware, new Android malware, MMRat, unlocks phones, and DreamBus malware targets RocketMS servers.
Editorial Team
