Search This Blog

Showing posts with label spyware and malware. Show all posts

Skygofree Malware: One of Most Advanced Spyware Ever Seen

Russian cybersecurity lab, Kaspersky, has found out a new advanced Android spyware having “never before seen” features that lets hackers carry out advanced surveillance on Android phones, such as location-based audio recording, WhatsApp message theft, and connecting an infected device to Wi-Fi networks controlled by cybercriminals.

The malware, dubbed as “Skygofree,” was reportedly found on malicious websites in Italy. According to Kaspersky, the malware is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares.

More information including, Skygofree's commands, indicators of compromise, domain addresses, and device models targeted, can be found in their blog post on Securelist.

The spyware functions by tricking the “Accessibility” feature present in Android to help users with disabilities access their apps. Using this, the spyware can read the messages displayed on the screen, even those sent by the user.

Skygofree is also capable of taking pictures and video, recording audio and noise according to the location specified by the hacker, record Skype conversations, seizing call records, geolocation data, and other sensitive data.

Kaspersky believes that, just like an earlier hack in 2015 by Hacking Team, an Italy-based spyware developer, Skygofree was also developed by Italians.

Skygofree has allegedly been active since 2014 and has been targeting select individuals, who are all from Italy. The spyware has been undergoing regular development since then and as many as 48 commands were found in the latest version.

#Eurograbber Campaign - Trojan steals $47 Million from 30k European Bank accounts

Eurograbber Banking Trojan

A highly sophisticated cybercriminal campaign , dubbed as "Eurograbber" , enabled criminals to steal more than $47 million (€36 million) from more than 30,000 bank accounts belong to corporate and individuals across Europe.

The finding comes from a case study published by Security firm Check Point and online fraud prevention solutions provider Verasafe .

According to the case study, the attack began in Italy, and soon after, tens of thousands of infected online bank customers were detected in Germany, Spain and Holland.

The campaign starts when a victim unknowingly clicks a malicious link in a spam email or possibly through general web surfing. Clicking on the link directs them to a site that attempts to drop the Banking Trojan - a malware that steals Bank login credentials.

The next time the victim logs in to their bank account , the Trojan intercepts the session and displays fake banking page that informs the customer of the “security upgrade” and instructs them on how to proceed.

The page recommend user to input their smartphone OS and phone number. Once victim gave the phone details, the Eurograbber Trojans sent SMS with a link to a fake "encryption software"- in fact, it is "Zeus in the mobile" (ZITMO) virus.

Once the Eurograbber are installed on the victims' PC and smartphone, the trojan lays dormant until the next time the customer accesses their bank account. When victim log in , immediately it transfers victim's money to criminals' account.

The Trojan then intercepts the confirmation text message sent by the bank, forwarding it to C&C server via a relay phone number. The server uses the message to confirm the transaction and withdraw the money.