Welcome to Bytewavelabs—your premier source for cybersecurity news, tips, and strategies. Our blog is dedicated to providing you with the latest updates on cybersecurity trends, best practices, and practical solutions to protect your digital assets. From detailed guides on how to secure your personal information to expert analysis of emerging cyber threats, CyberSafe Insights covers it all. Stay ahead of the curve with our actionable insights and expert advice tailored for both individuals
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a history of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Get link
Facebook
X
Pinterest
Email
Other Apps
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Get link
Facebook
X
Pinterest
Email
Other Apps
-
Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard.
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
"A novel attack that can infer eye-related biometrics from the avatar image to reconstruct text entered via gaze-controlled typing," a group of academics from the University of Florida said.
"The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar."
Following responsible disclosure, Apple addressed the issue in visionOS 1.3 released on July 29, 2024. It described the vulnerability as impacting a component called Presence.
"Inputs to the virtual keyboard may be inferred from Persona," it said in a security advisory, adding it resolved the problem by "suspending Persona when the virtual keyboard is active."
In a nutshell, the researchers found that it was possible to analyze a virtual avatar's eye movements (or "gaze") to determine what the user wearing the headset was typing on the virtual keyboard, effectively compromising their privacy.
As a result, a threat actor could, hypothetically, analyze virtual avatars shared via video calls, online meeting apps, or live streaming platforms and remotely perform keystroke inference. This could then be exploited to extract sensitive information such as passwords.
The attack, in turn, is accomplished by means of a supervised learning model trained on Persona recordings, eye aspect ratio (EAR), and eye gaze estimation to differentiate between typing sessions and other VR-related activities (e.g., watching movies or playing games).
In the subsequent step, the gaze estimation directions on the virtual keyboard are mapped to specific keys in order to determine the potential keystrokes in a manner such that it also takes into account the keyboard's location in the virtual space.
"By remotely capturing and analyzing the virtual avatar video, an attacker can reconstruct the typed keys," the researchers said. "Notably, the GAZEploit attack is the first known attack in this domain that exploits leaked gaze information to remotely perform keystroke inference."
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a history of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. In the notification sent to impacted clients, the company says that hackers had access to its network for nearly a year, between August 2023 and June 2024. Slim CD is a provider of payment processing solutions that enables businesses to access electronic and card payments via web-based terminals, mobile, or desktop apps. The firm first detected suspicious activity on its systems this year on June 15. During the investigation, the company discovered that hackers had gained access to its network since August 17, 2023. “The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024,” reads the notification to impacted individuals. However, Slim CD says that the threat actor viewed or obtained access to credit card information this year for two days, between June 14th an...
A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. Meta says that WhatsApp's "View once" feature (introduced three years ago ) enables users to share photos, videos, and voice messages privately, seeing that the recipient shouldn't be able to forward, share, copy, or screenshot their messages because they will automatically disappear from chats after being opened once. "Once you send a view once photo, video, or voice message, you won’t be able to view it again," the company explains on its support website. "Any photos or videos you send won’t be saved to the recipient’s Photos or Gallery. The recipient also can’t take a screenshot of anything you send using view once." However, "View once" will only block WhatsApp users from screenshotting what is being sent on mobile devices because deskt...
Comments
Post a Comment