TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

-
Image
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino  said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a  history  of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Post a Comment

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

-

 

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided.

"If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account.

"Using laws from the pre-smartphone era to charge a CEO with crimes committed by third-parties on the platform he manages is a misguided approach."

Durov was charged late last month for enabling various forms of criminal activity on Telegram, including drug trafficking and money laundering, following a probe into an unnamed person's distribution of child sexual abuse material on the messaging service.

He also highlighted the struggles to balance both privacy and security, noting that Telegram is ready to exit markets that aren't compatible with its mission to "protect our users in authoritarian regimes."

Durov also blamed "growing pains that made it easier for criminals to abuse our platform." The popular messaging app recently crossed 950 million monthly active users.

"That's why I made it my personal goal to ensure we significantly improve things in this regard," he said. "We've already started that process internally, and I will share more details on our progress with you very soon."

The company has since updated its FAQ to allow users to report illegal content within private and group chats by flagging it for review using a dedicated "Report" button, a major policy shift and a feature that was previously off-limits.

A previous version of the FAQ had stated: "All Telegram chats and group chats are private amongst their participants. We do not process any requests related to them."

Durov's statement, however, doesn't delve into the lack of end-to-end encryption (E2EE) protections by default, which users have to explicitly enable in one-to-one chats.

"It is also a 'cloud messenger,' meaning that all messages live on Telegram's servers rather than the user's device," Moxie Marlinspike, creator of the E2EE messaging app Signal, pointed out.

"With one query, the Russian Telegram team can get every message the French president has ever sent or received to his contacts, every message those contacts have ever sent or received to their contacts, every message those contacts' contacts have ever sent or received, etc."

Matthew Green, a security researcher and an associate professor of computer science at Johns Hopkins University, further called out the platform for making it an onerous process that requires at least four clicks on Telegram's iOS app.

"The feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them," Green said.

"As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do. Secret Chats only works if your conversation partner happens to be online when you do this."

Comments

Post a Comment

Popular posts from this blog

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

-
Image
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino  said . "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms." "These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware." TrickMo, first caught in the wild by CERT-Bund in September 2019, has a  history  of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud. The mobile-focused malware is assessed to be the work of the ...
Read more

SpyAgent Android malware steals your crypto recovery phrases from images

-
Image
  A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. A cryptocurrency recovery phrase, or seed phrase, is a series of 12-24 words that acts as a backup key for a cryptocurrency wallet. These phrases are used to restore access to your cryptocurrency wallet and all of its funds in the event you lose a device, data is corrupted, or you wish to transfer your wallet to a new device. These secret phrases are highly sought after by threat actors, as if they can gain access to it, they can use it to restore your wallet on their own devices and steal all of the funds stored within it. As recovery phrases are 12-24 words, they are hard to remember, so cryptocurrency wallets tell people to save or print the words and store them in a safe place. To make it easier, some people take a screenshot of the recovery phrase and save it as an image of their ...
Read more

Flipper Zero releases Firmware 1.0 after three years of development

-
Image
  After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable hacking device. Flipper Zero is a programmable device for pentesters that has faced controversy after users posted videos online showcasing illegal activities. Because of this, the gadged has been banned or restricted in some countries  Canada ,  Brazil , and on the  Amazon  e-commerce platform. At a glance, the first stable major firmware release solidifies support for 89 radio, 4 infrared, and 20 RFID protocols. It adds faster Bluetooth and NFC communications, JavaScript support, dynamic third-party application loading, and a month of battery life in standby mode. Overview of Firmware 1.0 features Source: Flipper Zero It is important to underscore that while Flipper Zero's previous firmware versions had  introduced  some of the features present in the latest revision, such as  they ...
Read more