Search This Blog

Showing posts with label McAfee. Show all posts

Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware

A smishing campaign which goes by the name Roaming Mantis is imitating a logistics firm to hack SMS messages and contact list of Android users from Asia since 2018. Last year, Roaming Mantis advanced its campaign impact by sending phishing URL messages and dynamic DNS services that attacked targets with duplicate Chrome extension "MoqHao." From the start of 2021, Mcafee Mobile Research Team has confirmed that the group is attacking users from Japan with the latest malware named SmsSpy. 

The corrupted code infects Android users that use either one of the two versions that depend upon variants of operating systems used by attacked systems. The phishing technique incorporated here shares similarities with earlier campaigns, still, the Roaming Mantis URL has the title "post" in composition. A different phishing message impersonates to be a Bitcoin handler and then takes the target to a malicious site (phishing) where the victim is requested to allow an unauthorized login attempt. 

McAfee reports, "During our investigation, we observed the phishing website hxxps://bitfiye[.]com redirect to hxxps://post.hygvv[.]com. The redirected URL contains the word “post” as well and follows the same format as the first screenshot. In this way, the actors behind the attack attempt to expand the variation of the SMS phishing campaign by redirecting from a domain that resembles a target company and service." Different malware, as a characteristic of the Malware distribution program, is sent which depends upon the Android OS variant that gained login to the phishing site. In Android OS 10 and later variants, malicious Google Play applications will get downloaded. In Android OS 9 and earlier variants, malicious Chrome applications will get downloaded. 

Because the infected code needs to be updated with each Android OS update, the malware actor targets more systems by spreading the malware that finds OS, instead of just trying to gain a small set with a single malware type. "The main purpose of this malware is to steal phone numbers and SMS messages from infected devices. After it runs, the malware pretends to be a Chrome or Google Play app that then requests the default messaging application to read the victim’s contacts and SMS messages," said McAfee.

Creator of McAfee Antivirus Software Charged For Conspiracy?

 

Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in the U.S. McAfee and his bodyguard Jimmy Gale Watson Jr are found guilty of advertising cryptocurrencies on Mr. McAfee's huge Twitter follower base to inflate prices. As per prosecutors, these currencies were then sold, earning a total of $2m (€1.45 M). The accused have not issued any response to the charges made.  Currently, McAfee (age 75) is under detention in Spain due to separate charges relating to tax fraud, that he is denying. 

The fresh charges were filed in the Manhattan Federal Court, New York. He is facing potential extradition to the U.S, whereas Watson was captured earlier this week. According to BBC, "in 2012, he made headlines after police in the Central American country of Belize investigated the death of one Mr. McAfee's neighbors and named him as a 'person of interest'. Mr. McAfee left the country saying he feared for his own safety. Officials ultimately said he was not a suspect." McAfee and his bodyguard are accused of buying promoting the cryptocurrency assets on Twitter, where Mr. McAfee has millions of followers. 

As per the US justice department and the Commodity Futures Trading Commission, the plan was to sell these assets the moment the asset's price rose. The pair is said to make $11M (€8m) from the cryptocurrency startup payments via promoting the assets on Twitter, while the investors who bought them were unaware of the payments. As per the federal prosecutor, this equals exploiting a widely used social media platform (in this case Twitter) and the enthusiasm of investors in the growing cryptocurrency sector to profit millions via deceit and lies. In the former case which was disclosed the previous year. 

Mr. McAfee was charged for not filing tax returns from 2014-2018. He is also accused of using different people's names to hide his assets which include a yacht and property. "The entrepreneur, who was born in the UK, also launched unsuccessful bids to become the Libertarian Party's candidate for the US presidential elections in 2016 and 2020. Mr. McAfee has previously expressed his disdain for taxes, tweeting in 2019 that he had not filed tax returns for years because "taxation is illegal", reports BBC.  

'Ransomware Task Force': Microsoft, McAfee and Rapid7 Coalition

 

19 tech companies, cybersecurity firms, and non-profits have collaborated with the Institute for Security and Technology (IST) to form a new group called "The Ransomware Task Force" (RTF) to tackle the increasingly destructive and prevalent threat of ransomware. The joint venture includes big names such as Microsoft, McAfee, Rapid7, Cybereason along with other cyber advocacy groups, threat intelligence, think tanks, and research groups – The Global Cyber Alliance, The Cyber Threat Alliance, and The CyberPeace Institution, to name a few. 
 
The primary focus of The Ransomware Task Force will be to provide security against Ransomware attacks by engaging various stakeholders in assessing technical solutions and identifying loopholes in already existing solutions. The idea is to work collectively on building a roadmap to address the scope of the threat based on an 'industry consensus' instead of relying upon individual suggestions.  
 
The founding members came together to combat a form of cybercrime that they believe is expansive in its scope and has led to violent consequences that go beyond economic ruination. Actively addressing the threat of ransomware while providing clear guidance will effectively diminish the varying levels of the ransomware kill chain. Other founding partners include Aspen Digital, Citrix, Resilience, SecurityScorecard, The Cybersecurity Coalition, Stratigos Security, Team Cymru, Third Way, UT Austin Stauss Center, Shadowserver Foundation. The website for The Ransomware Task Force inclusive of full membership and leadership roles will be rolled out in January 2021.  
 
While giving insights, the Institute for Security and Technology, one of the founding members, said, “The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise,”
 
As per Sam Curry, one of the founding members of RTF and Chief Security Officer at Cybereason, "Time and time again, we see ransomware capabilities deployed early in hacking operations but not immediately detonated,"  
 
"In these cases, the ransomware is detonated only after preliminary stages of the attack are finished across all compromised endpoints to achieve maximum impact on the victim. Reducing hackers' attempts to amplify the impact of ransomware attacks will drive down ransomware costs for the victim and decrease the victim's inclination to pay ransom demands."

Resurgence in Ransomware Being Driven By a Surge of New Malware Families


A US based cyber security firm through its most recent threat report observed a 118% increase in new Ransomware strains basically in the first quarter of 2019 as compared with the last of 2018. It believes that the resurgence in ransomware is being driven by a flood of new malware families that are regularly more focused on.

The firm discovered that attackers were targeting the governments and organizations which were followed by companies in the financial, chemical, defence and education sectors. Their information corresponded with an ever expanding number of ransomware attacks standing out as truly newsworthy, especially US governments and urban communities, very much like the Texas Ransomware attack.

This new spate of ransomware attacks is said to have been a move away from 'spray and pray' ransomware strategies, in such targeted attacks, spear phishing – sending vindictive emails from an "apparently trusted person"  – is progressively being utilized to gain initial access 68% of the time.

Attackers are likewise said to have been utilizing unknown email services to oversee the ransomware crusades. The most widely recognized groups of ransomware during this period are known to be Dharma (otherwise called Crysis), GrandCrab and Ryuk.

In any case, McAfee, made some amazing disclosures also, first the cyber security firm found that culprits are turning to various attack approaches with regards to coin mining malware, like the CookieMiner malware focusing on Apple users.

Furthermore, also, it found an average of 504 'new threats per minute' in the first quarter of 2019 and noticed that more than 2.2 billion stolen account credentials were made accessible on the cybercriminal underground during the same period.

Its discoveries depend on the information accumulated from its Global Threat Intelligence cloud,, which comprises of over a billion sensors checking for different sorts of cyber dangers around the globe.

Raj Samani, McAfee fellow and chief scientist, stresses on the fact that the impact of these threats is very real and added further that “It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer-facing major fraud. And we must not forget that for every cyber-attack, there is a human cost.”

Amazon Prime Day A Cyber Attack Target?




Researchers discover that the upcoming Amazon Prime Day sale is said to bring about hackers setting up a variety of Prime Day-related tricks intended to fool users into giving up their sensitive data.

Utilizing an 'Amazon Phishing Kit' the hackers can ship out malignant emails that have all the earmarks of being sent from Amazon, consisting of links that direct the victims to a fake Amazon login page.

As reported by Wired, shopping occasions like Prime Day stand for an easy-to-access opportunity for scamsters hoping to hoodwink victims into forking over their own information.

Crane Hassold, threat intelligence manager at the digital fraud defense firm Agari told Wired, 'Cybercriminals take advantage of popular, highly visible events when consumers are expecting an increased frequency of emails, when their malicious emails can hide more easily in the clutter,'

As indicated by security researchers from McAfee, scammers can make an email that seems like it's originating from a real organization, while utilizing a pack called 16Shop.

The biggest risk for the users is their credit card information, birthdays, addresses, and even social security numbers. The kit was initially intended to target Apple users, however as indicated by researchers, Prime Day appears, by all accounts, to be hackers' current target.

To avoid from being misled, analysts suggest investigating emails sent by Amazon with additional thoroughness and ceasing from following links to enter login data sent through email.

Just making a decision about an email by whether the address it's sent from is never again adequate state security analysts, since even emails can be faked. Instead, it's ideal to go legitimately to an organization's page by entering a URL into your address bar and afterward continue from that point.

Amazon Prime Day takes will take place on July 15 and 16.

Around 25 million Home Voice Assistants vulnerable to hacking globally

          





According to a cybersecurity report of McAfee, over 25 million voice assistants which are connected  IoT(internet of things ) devices at home globally are at huge risk of hacking.

Raj Samani, McAfee Fellow and Chief Scientist at McAfee said “ Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings”

He further added that “From building botnets, to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals,”

The hackers around the world are exploiting basic vulnerabilities of IoT devices like easily guessable passwords, weak security settings, exploitation through voice commands.

According to the “Mobile threat report” from McAfee, there has been a 550 percent increase in security vulnerabilities related to fake apps in the second half of 2018.

According to the report “"Most notably, the number of fake app detections by McAfee's Global Threat Intelligence increased from around 10,000 in June 2018 to nearly 65,000 in December 2018,"

 Gary Davis, Chief Consumer Security Evangelist at McAfee said "The rapid growth and broad access to connected IoT devices push us to deliver innovations with our partners that go beyond traditional anti-virus. We are creating solutions that address real-world digital security challenges,"


McAfee and Samsung are now in partnership to secure Samsung Galaxy S10 devices from a malicious hacking attempt