Android Malware Steals 1,000 Euros In Around 5 Seconds Via PayPal

Another malware discovered in November masked as a battery enhancement application—called Android Optimization is as of late been brought into highlight to have been customized in such a way so as to send 1,000 euros to cyberthieves by means of PayPal in around 5 seconds and all this without the user being able to stop it.

The malware is being circulated by third party applications therefore making it unavailable in the official Google Play Store.

The malware is depicted as one to sagaciously exploit Google's Accessibility Services, intended to assist individuals with disabilities, to trick users into giving the hackers some control of the phone.

After the malware approaches the user for authorization to "Enable Statistics "in the wake of being installed this empowers the cybercriminals to take control of the phone remotely when the user opens certain applications, for the most part some being: PayPal, Google Play, WhatsApp, Skype, Viber, Gmail, and some other banking applications.

ESET researchers found that the malware can demonstrate users overlay phishing pages made to look like legitimate banking applications, or other well-known applications, such as, Gmail, WhatsApp, Skype and Viber, approaching the users for credit card certifications.

 “The whole process takes about 5 seconds, and for an unsuspecting user, there is no feasible way to intervene in time. The attackers fail only if the user has insufficient PayPal balance and no payment card connected to the account. The malicious Accessibility service is activated every time the PayPal app is launched, meaning the attack could take place multiple times.” wrote ESET researcher Lukas Stefanenko in a blog post.

A video by ESET showing how the malware works

Hackers stole 1 billion Rubles from a number of large Russian banks

Participants of the criminal community through the Internet were able to steal more than 15 million dollars from the major Banks of Ukraine and Russia. Defendants face up to 15 years in a high security colony.

According to police, the head of the organized criminal community is a citizen of Ukraine Yuri Lysenko. From July to November 2014, he attracted about 20 Russians to the hacker group.

The prosecutor said that the hackers could put 200 thousands rubles on the Bank card, and then transfer them to another card. Then the Trojan program was launched and canceled the transaction. Banks returned this money from their own funds to the Sender’s account, as they believed that the transfer failed. As a result, hackers received the amount twice. The attackers managed to withdraw more than 1 billion rubles this way.

In addition, from March to July 2015, hackers installed special devices inside ATMs which gave them the ability to control the cash withdrawal. So they stole more than 5.7 million rubles (86 thousands $) this way.

The lawyer intends to refute the accusation of Lysenko, since all the information was transmitted to the investigation by Anton Testov, who was sentenced to 7 years, and who made a deal with the investigation. In the opinion of the defense, he could deliberately stipulate former accomplices in order to receive a shorter term.

Blockpass and Infinito Wallet Launch Most Secure KYC-Enabled Security Token Wallet

HONG KONG, Dec 12, 2018 - (ACN Newswire) - Blockpass and Infinito Wallet have announced the launch of the world's most secure and convenient KYC-enabled security token wallet, providing regulatory compliance while putting traders in full control of their security tokens. The wallet is an integration of the Blockpass KYC Connect solution and the world leading universal wallet.

As can be evidenced in a spate of recent partnerships and developments, Blockpass believes that the future of decentralised trade - and therefore the future of all trade - lies in the exchange of securities tokens. Infinito Wallet, in its desire to provide the most versatile and innovative cryptocurrency wallet, is committed to supporting securities tokens as the upcoming innovation to transform markets. Through their partnership, Blockpass and Infinito Wallet will bring easy access to securities tokens and other Blockchain services as they enter into mainstream adoption.

Infinito Wallet is the world's leading universal mobile wallet, a single safe place for all types of major coins and tokens. Currently it supports BTC, ETH, ADA, EOS, NEO, ONT, LTC, BCH, ETC, DASH, DOGE, along with GAS, ONG and all tokens built on ERC20, NEP-5 and EOS with more to come based on the roadmap. Users can register to easily manage tokens that require KYC Profile with Infinito Wallet, and even apply to enjoy other blockchain services. Currently, Infinito Wallet has been downloaded by more than 300,000 users globally and has received positive reviews from the blockchain community. It can serve not just as the most powerful, secure universal wallet service for leading coins and tokens, but also a crypto wallet that offers many free rewards to users worldwide. Infinito App Square is a built-in DApp marketplace where users have seamless access to a wide range of innovative dApps and blockchain services.

Blockpass is a digital identity application and service that brings control back to the user. Blockpass provides a streamlined and cost-effective user onboarding process for regulated industries and any kind of online service. From the Blockpass application, users can create, store, and manage a data-secure digital identity that can be used for an entire ecosystem of services or token purchase.

"Today's announcement with identity system leader Blockpass is another solid step in building our authority in the security token space and consolidating our position as leader in the cryptocurrency wallet ecosystem. Partnering with Blockpass will allow Infinito Wallet users to store, send, receive and utilize their security token," said Jack Thang Nguyen, Project Director of Infinito Wallet.

Adam Vaziri, CEO of Blockpass, said: "Security tokens continue to be the focus of discussions for the cryptocurrency and blockchain ecosystems and we are committed to improving access to this promising technological development. Our longstanding partners, Infinito Wallet, were perfectly suited to work with us to provide this regulatory compliant solution which will give users control in such a vital area. We are excited to be at the forefront of the security token revolution."

Blockpass has announced a number of key collaborations recently, most notably with Edinburgh Napier University for the creation of the pioneering new blockchain research laboratory, the Blockpass Identity Lab. With five fully funded Studentships and led by Professor Bill Buchanan, the Blockpass Identity Lab will focus on the creation of world-leading knowledge and innovation around citizen-focused systems which enshrine the right to privacy.

Malware ‘Operation Sharpshooter’ hits government and defense firms: McAfee

McAfee's research team have found a new malware campaign that has targeted dozens of private and government organizations around the world.

The malware campaign dubbed as  “Operation Sharpshooter” has targeted more than 100 organizations in 24 countries in just a few weeks. The organizations were affected by the campaign includes nuclear sector, defense, energy, and financial companies.

The hackers send a  phishing email giving an impression to the reader as a recruitment message, once he/she opens the message, the Rising Sun implant is installed inside the device and it gives a fully functional, modular backdoor that performs reconnaissance on victims’ network.

After setting up of the Rising Sun implant, attackers gain a full access to machine level info, including documents, usernames, network configuration, and system settings.

"We know that this campaign was intended to conduct espionage, indeed it was only recently launched. The question of the ultimate purpose remains to be seen," Raj Samani, chief scientist at McAfee, told CNBC.

"In many cases, such attacks are a precursor for something else, however, we are hopeful that identifying and sharing the details will prevent the true nature of the campaign from being carried out."

As per the primary investigation, it appears that the attack could be linked to the Lazarus Group, a cybercrime group associated with North Korea because it uses the same source code of a hack that targeted South Korean firms in 2015.

The “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,” the research said.

Google+ hit by second bug, exposes data of 52 million users

Google has announced that it would now shut down the consumer version of Google+ from April 2019 instead of the initial deadline of August 2019. The decision came in the wake of another massive data breach which compromised the data of 52.5 million users.
The data that was configured to stay on private was exposed to developers of apps requesting permission to access the user data; it entailed information such as names, email addresses, gender and age of the customers.
It is reported as to be an additional bug in the Google+ People application programming interface (API) that triggered the data exploit, Google identified the vulnerability and rectified it by 13th November which means that the illicit data exposure lasted for a total of six days.
Though Google confirmed that no evidence of data being misused or being compromised by a third party was found, it still is advancing the shutting down of the service from the month of April 2019 itself. In addition to that, the access to Google+ APIs will be cut off in 90 days.
Google has no evidence, "that the app developers that inadvertently had this access for six days were aware of it or misused it in any way"  is how David Thacker, VP of Product Management for G Suite puts it.
"Our testing revealed that a Google+ API was not operating as intended. We fixed the bug promptly and began an investigation into the issue," David mentioned in a blog post. "We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. ... We want to give users ample opportunity to transition off of consumer Google+. "
The vulnerability did not expose passwords and more sensitive user information pertaining to financial and social security matters but some profile data exchanged privately between users that weren't supposed to be the in public domain was put to risk.
"Issues like these, which have direct security implications, reflect the world we live in today with agile development. The whole goal is to get the code and features out to customers faster, but with that comes the risk of exposure and introducing something like this." says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec.

Google, at its best, is notifying the users about the breach and is trying to configure a mechanism that could barricade other apps from illegitimately drawing their user data for nefarious gains.