TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

-
Image
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino  said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a  history  of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Post a Comment

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

-

 

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows.

The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.

"An attacker with no valid credentials exploit missing view authorization checks in the web application to execute arbitrary code on the server," Rapid7 security researcher Ryan Emmons said in a new report.

It's worth noting that CVE-2024-45195 is a bypass for a sequence of issues, CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856, which were addressed by the project maintainers over the past few months.

Both CVE-2024-32113 and CVE-2024-38856 have since come under active exploitation in the wild, with the former leveraged to deploy the Mirai botnet malware.

Rapid7 said all three older shortcomings stem from the "ability to desynchronize the controller and view map state," a problem that was never fully remediated in any of the patches.

A consequence of the vulnerability is that it could be abused by attackers to execute code or SQL queries and achieve remote code execution sans authentication.

The latest patch put in place "validates that a view should permit anonymous access if a user is unauthenticated, rather than performing authorization checks purely based on the target controller."

Apache OFBiz version 18.12.16 also addresses a critical server-side request forgery (SSRF) vulnerability (CVE-2024-45507, CVSS score: 9.8) that could lead to unauthorized access and system compromise by taking advantage of a specially crafted URL.


Comments

Post a Comment

Popular posts from this blog

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

-
Image
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino  said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a  history  of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Read more

SpyAgent Android malware steals your crypto recovery phrases from images

-
Image
  A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. A cryptocurrency recovery phrase, or seed phrase, is a series of 12-24 words that acts as a backup key for a cryptocurrency wallet. These phrases are used to restore access to your cryptocurrency wallet and all of its funds in the event you lose a device, data is corrupted, or you wish to transfer your wallet to a new device. These secret phrases are highly sought after by threat actors, as if they can gain access to it, they can use it to restore your wallet on their own devices and steal all of the funds stored within it. As recovery phrases are 12-24 words, they are hard to remember, so cryptocurrency wallets tell people to save or print the words and store them in a safe place. To make it easier, some people take a screenshot of the recovery phrase and save it as an image of their ...
Read more

23andMe to pay $30 million in genetics data breach settlement

-
Image
  DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. The  proposed class action settlement , filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval. "23andMe believes the settlement is fair, adequate, and reasonable," the company said in a  memorandum filed Friday . 23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during annual training sess...
Read more