ICT Security-Sécurité PC et Internet

The malicious app spreads the BlackRock malware, which steals credentials from 458 services – including Twitter, WhatsApp, Facebook and Amazon.

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps.

Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. However, as of now the app is only available on Apple’s App Store mobile application marketplace – there’s no Android version yet (though plans are in the works to develop one).

Cybercriminals are swooping in on Android users looking to download Clubhouse by creating their own fake Android version of the app. To add a legitimacy to the scam, the fake app is delivered from a website purporting to be the real Clubhouse website – which “looks like the real deal,” said Lukas Stefanko, researcher with ESET.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps

Cybercriminals are trying every trick up their sleeve to benefit from the Coronavirus pandemic and the subsequent chaos that it has generated. The latest trap that they have laid to trick users is by releasing malicious spying apps disguised as COVID-19 updates and information applications.

Trend Micro’s cybersecurity researchers discovered an ongoing cyberespionage campaign at the end of March, 2020, which they named Project Spy. According to their assessment, through Project Spy, the attackers are infecting Android and iOS devices with spyware distributed through apps titled Coronavirus Updates, Wabi Music, Concipit 1248 and Concipit Shop.

See: Over half a million Zoom accounts being sold on hacker forum

These apps can perform a variety of functions including transferring data from Telegram, WhatsApp, Threema, and Facebook messages.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps

A million Google accounts have been compromised in a massive fraud campaign exploiting Android devices and Google Play.

At the heart of the campaign is a new variant of Android malware dubbed Gooligan, concealed in dozens of Android apps that exploit two unpatched flaws in Android to root infected devices.

The malware nabs email account information and authentication tokens for accessing Google accounts. The attackers use the tokens to install select apps from Google Play on an infected device to boost in-app advertising revenue.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Android

According to Acronis' co-founder and technology president Stas Protassov, Bluetooth has had several vulnerabilities in the past, including as recently as February when BlueFrag, a critical vulnerability that affected multiple Android and Apple iOS devices which then required patching. 

Left unpatched, devices could be breached by hackers within the vicinity and the user's personal data stolen, Protassov warned. He also stressed the need for users to update their devices' firmware to ensure vulnerabilities are promptly fixed. And as with any app, they also should check the permissions that all contact tracing apps requested. 

Most of these apps, including Singapore's TraceTogether, use Bluetooth signals to detect others in close proximity, and security observers say it could leave the smartphone susceptible to threats, especially if there are undiscovered or unfixed vulnerabilities. 

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=SweynTooth

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Contact+tracing

The spyware poses as a legitimate application, spreading via SMS messages to victims’ contact lists.

An Android malware dubbed “FunkyBot” has started making the scene in Japan, operated by the same attackers responsible for the FakeSpy malware. It intercepts SMS messages sent to and from infected devices.

According to FortiGuard Labs, the malware (named after logging strings found in the persistence mechanism of the payload) masquerades as a legitimate Android application. The payload thus consists of two .dex files: One is a copy of the original legitimate application that the malware is impersonating, and the other is malicious code.

As for the kill chain, a packer first determines which version of Android the phone is running on, in order to generate the proper payload. After that, the payload is started by calling the method `runCode` class through Java reflection. This starts a class called KeepAliceMain, which is used as persistence mechanism by the malware.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android