Breaking News »

Latest Hacking News

New android malware puts users data at risk with taxi apps

A modified version of notorious mobile banking Trojan "Faketoken" has resurfaced which is able to steal credentials from popular taxi applications and ride-sharing apps, Moscow-based cyber security firm Kaspersky Lab said on Friday.

A year-old piece of Android malware poses a huge threat to anyone who stores bank card information for in-app purchases.

According to Kaspersky Lab, in the past year or so since its discovery, Faketoken has worked its way up from primitive bankbot capabilities like intercepting mTAN codes, to being able to encrypt files and eavesdrop on communications. While the modifications continue, its focus is spreading too, from low-level nuisance to serious security threat, to the point where it can overlay about apps to capture user credentials. 

"The new version of 'Faketoken' performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim," Kaspersky Lab said in a statement.

The malware, which likely sneaks onto smartphones through bulk SMS messages with a prompt to download some pictures, begins by monitoring all of the calls and apps the user launches. Upon receiving a call from (or making a call to) a certain phone number, the malware begins to record the conversation and sends it back to command and control. By the same token, when a user launches a targeted application, Faketoken substitutes its UI with a fake (but identical) one, prompting the victim to enter his or her bank card data.

The trojan virus has an identical interface, with the same colour schemes and logos, which creates an instant and completely invisible overlay. The malware puts screen overlays on an estimated 2,000 apps, including taxi booking, hotels and flights, to fake payment information windows. Kaspersky hasn't named the affected apps yet.

"The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ride-sharing services, means that the developers of these services may want to start paying more attention to the protection of their users," said Viktor Chebyshev, security expert at Kaspersky Lab. 

Kaspersky labs reports that Faketoken has been mainly spotted in Russia but also notes that its evolution has kept pace with its spread around the globe.

Ukrainian National Bank warns of possible cyber-attack at Independence Day

The Ukrainian National Bank said that the country's banking system would be in danger of cyber attack on the eve of Independence Day.

According to the Bank, the virus is distributed through emails as a Microsoft word document.  It is reported that antivirus will not be able to detect it and the malware takes complete control of the infected computers.

Representatives of Ukrainian cyber police noted that usually hackers attack on the eve of important events. So, the Ukrainian authorities reported that a cyber attack will occur on August 24.

It should be noted that, even back in June, the NotPetya malware attack also began on June 27th, the day before Constitution Day in Ukraine.

- Christina

Apple secure Enclave in threat, hacker claims to decrypt mobile security

iOS users are advised to be alert as a hacker who claims to hack Apple's secure enclave(SEP ) firmware has revealed decryption key generation protocol for the Apple secure enclave, which was supposed to be very secure and was responsible for all the touch ID transactions in iOS devices.

A hacker who goes by the handle xerub and claims to hack Apple's secure enclave just released full decryption key.

If this comes out to be a valid hack, then it's a major security threat for iOS devices which uses SEP.

In all of the latest iOS devices, SEP is responsible for providing security to the device, it's completely isolated from the other parts of the device , it has its own Operating system.SEP handles all touch ID transactions in the device, only SEP has the protocol to generate unique ID (UID) for the device which is completely indifferent to other processes in the device.

Now since its firmware code is claimed to be hacked, it's a major security blow to iOS users.

Since the release of iPhone 5S, every iOS device comes with SEP, which is responsible for Touch Id transactions, there is a small co-processor embedded in the processor, that runs completely on its own with its own separate OS, no process is entangled with SEP. SEP generates unique ID(UID) every time system reboots.

Protection of UID is the sole purpose of SEP, with the claims of hacking SEP, all the Touch ID actions, passwords, verifications and security features are vulnerable.

Xerub said "The fact that [the SEP] was hidden behind a key worries me " he added "Is apple not confident enough to push SEP decrypted as they did with kernels past iOS 10 " He added that while SEP is amazing tech the fact is it's a "black box","Obscurity helps security- I am not denying that", he said.

"I think public scrutiny will add to the security of SEP, in the long run, Apple's job is to make [SEP]" as secure as possible, It's a continuous process.There is actually no point at which you can say right now it's 100% secure "Xerub said.

He further added"Decrypting the firmware itself does not equate to decrypting user data", as there are several layers needed to be decrypted, as result, it's not going to have massive impact on the users.

According to the Apple's spokesperson, eho chose to remain unidentified, stated that the release of SEP key doesn't directly compromise data ."There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information"

The Apple source further added that "it's not an easy leap to say it would make getting at customer data possible".

There are no plans to roll out a fix this time from Apple.

HBO's social media accounts hacked

A notorious hacking group has compromised the social media account of the Time Warner-owned cable network, HBO, on Wednesday night.

The hacking group is called OurMine, and they took whole control of the main HBO’s Facebook and Twitter accounts, as well as their network's shows including Game of Thrones.

Message posted on both the social media website read, “Hi, OurَMiَne are here, we are just testing your security, HBO team please contact us to upgrade the security – ourmine .org -> Contact.

While some of the social media posts were removed quickly.

However, HBO did not respond to the BBC's request for comment.

OurMine has a reputation for hacking high-profile Twitter accounts of a wide range of media accounts in past including Netflix, Marvel and Google.

It seems that they didn’t do any harm to the company, they were just demonstrating the group’s ability to take over the account.