TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

-
Image
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino  said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a  history  of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Post a Comment

Chinese hackers linked to cybercrime syndicate arrested in Singapore

-

 

Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate."

During raids on Monday, the police arrested six of the men and seized electronic devices with hacking tools installed and ready for carrying out cyberattacks, stolen personally identifiable information (PII), and credentials for servers known to be controlled by known hacker groups.

The operation involved 160 officers of Singapore’s police, intelligence agencies, and internal security department.

“On 9 September 2024, about 160 officers from the Singapore Police Force’s Criminal Investigation Department, Police Intelligence Department, Special Operations Command and the Internal Security Department conducted simultaneous raids at multiple residential locations island-wide,” reads the police’s announcement.

“The operation led to the arrest of the six men who are believed to be linked to a global syndicate which conducts malicious cyber activities.”

A seventh man, a Chinese national, was arrested separately, according to national news sources.

Various electronic devices and $1,394,000 in cash and cryptocurrencies have been seized by the police, and will be examined as part of the ongoing investigations.

The seven individuals arrested in Singapore are:

  • 42-year-old Chinese national Sun Jiao – had access credentials for hacker servers, five laptops, six phones, S$24,000 cash, and USD$850,000 in cryptocurrency
  • 38-year-old Chinese national Zhang Qingqiao – found in possession of unauthorized personal data, two laptops, three phones, and S$52,000 cash
  • 35-year-old Chinese national Huang Qin Zheng – found with hacking tools, two laptops, four phones, and S$2,600 cash
  • 32-year-old Chinese national Liu Yuq – police seized specialized software for controlling malware (e.g., PlugX backdoor), three laptops and four phones
  • 38-year-old Chinese national Yan Peijian – suspected of buying illegal personal data, had one laptop, nine phones, and S$465,000 in cash
  • 34-year-old Singaporean Goh Shi Yong – arrested for subscribing to two Singtel broadband plans for three of the Chinese nationals

PlugX is a remote access trojan (RAT) type of malware that is used as a backdoor on compromised systems. It has been associated with attack campaigns attributed to Chinese threat actors because it was observed since 2008 mostly in cyber espionage activities attributed to Chinese state-sponsored hacking groups.

Among the known Chinese advanced threat actors that leveraged PlugX in cyber operations are APT10 (Stone Panda), APT41 (Winnti), and Mustang Panda.

However, authorities in Singapore have not specified the threat group the men are believed to be associated with.

Comments

Post a Comment

Popular posts from this blog

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

-
Image
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino  said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a  history  of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Read more

SpyAgent Android malware steals your crypto recovery phrases from images

-
Image
  A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. A cryptocurrency recovery phrase, or seed phrase, is a series of 12-24 words that acts as a backup key for a cryptocurrency wallet. These phrases are used to restore access to your cryptocurrency wallet and all of its funds in the event you lose a device, data is corrupted, or you wish to transfer your wallet to a new device. These secret phrases are highly sought after by threat actors, as if they can gain access to it, they can use it to restore your wallet on their own devices and steal all of the funds stored within it. As recovery phrases are 12-24 words, they are hard to remember, so cryptocurrency wallets tell people to save or print the words and store them in a safe place. To make it easier, some people take a screenshot of the recovery phrase and save it as an image of their ...
Read more

23andMe to pay $30 million in genetics data breach settlement

-
Image
  DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. The  proposed class action settlement , filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval. "23andMe believes the settlement is fair, adequate, and reasonable," the company said in a  memorandum filed Friday . 23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during annual training sess...
Read more