Eight crypto jacking applications found on the Microsoft Store they abuses victim’s CPU cycle to mine Moreno without user knowledge. Symantec detected the malicious applications on Microsoft Store disguised as the applications for computer and battery optimization tutorial, internet search, web browsers, and video viewing and download.
Malicious Applications Names Below
1) Fast-Search Lite
2) Battery Optimizer
3) VPN Browser Plus
4) Downloader for YouTube Videos
5) Clean Master plus
7) Findoo Browser 2019
8) Findoo Mobile & Desktop Search
The mining scripts once activated abuses computer’s CPU cycle’s to mine Moreno crypto currency for the attackers.
According to Symantec, the applications appear to be published between April and December 2018 and the number of users infected with the app still remains unknown.Once the application launched it leverages XMR coin hive mining scripts through Google Tag Manager(GTM) from the attacker’s domain servers. the coin hive script loaded from remote location http://statdynamic[.]com/lib/crypta.js.
"How to secure your personal information and financial information"
"One of the largest fears when it comes to our precious finances is that they might be taken from us when we least expect it. This fear has rapidly moved from having physical cash stolen to having our entire digital information footprint snatched from us. But, while this is a very real worry, there are ways to help possible cyber crime to protect our user information when conducting business online."
1) Password Encryption Technic.
One of the easiest ways of protecting your user information when doing business online – yet also one of the most overlooked – is proper password encryption. Using one password across the board has been shown to increase the likelihood of cybercrime, while a strong password should also feature encryption as well as a strong combination of characters.
If you are conducting financial business online, make sure that the site you use – whether it be e-commerce or banking – has a strong level of password encryption. Most websites already employ strong password authentication and an encrypted SSL certificate to protect your information, so make sure that wherever you input user information, this basic level of encryption is involved. Our user information especially in coincidence with our other user personal information is our most important asset, so we need to ensure that it is as protected as it possibly can be throughout every step of our online experience. The three key ways in which we can protect our user information are to ensure the sites we use the information on and for are password encrypted, to transfer our money into cryptocurrency that is safer and more secure, and to use a VPN when committing any user information to our screens. Using these ways, we should have a more-protected online experience with our financial information/personal information.
2) Cryptocurrency Wallet Technic.
Many more people have started on cryptocurrency journeys and are swapping traditional methods of storing money to digital ones for the level of safety and security that they provide. Indeed, digital wallets that store money in the form of tokens of cryptocurrency are harder to steal from and aim to prevent cybercrime and hackers.This can be beneficial for anyone starting on any form of online trading, which is usually a target for cybercrime. For instance, CFD trading can be conducted on cryptocurrency, which allows traders to own primary values rather than the asset itself, which is a more protected way of trading, done on platforms connected to digital wallets. The safety of the cryptocurrency wallet means that even if a cybercriminal bypasses the other methods for keeping financial information safe, there is a back-up that ensures they can’t access your hard-earned funds.
3) Virtual Private Network Technic.
The bottom line is that we can’t fully transfer on others to protect our user information online. Happily, there are ways we can take matters into our own hands to ensure we have the appropriate levels of protection necessary. One way is through a VPN. A VPN ("virtual private network") helps you keep safe when transmitting information across public, unsecured or unencrypted networks.VPNs allow you to share files safely with a group and ensure everyone within is protected. They also allow items to be sent unknown online. VPNs can bypass security filters on websites as they have unknown protection themselves. VPNs can also be a cheaper alternative to some costly ways of ensuring your network is more protected and give better peace of mind.
Skimming code steal credit card information of payment from E-commerce websites
Many of E-commerce sites infected with the malicious skimming code that steals the customer payment card information from checkout pages. The malicious code found inserted with the number of e-commerce websites providing various services such as ticketing, touring, flight booking services and shopping cart sites.As stated in the researcher analysis report, 250 and many more e-commerce sites found injected with the malicious skimming codes. With further analysis, researchers observed that e-commerce websites are not directly compromised.
The inserted skimmer script capable of reading the payment details entered on the checkout pages by the users and send the data to the attacker’s server. With Adverline’s case, Magic art Group 12 embedded the skimming toolkit employs two obfuscated scripts, the first script capable of reverse engineering and the second one is the skimmer.
The first script constantly checks for browser debugger console and cleaned the messages to deter detection and analysis. Second script checks for the pages that contain following strings such as “checkout,” “billing,” and “purchase.If the script catches any of the targeted string the script will get executed and perform the skimming activity. The captured payment data including any number, e-commerce website’s domain are sent through HTTP post request with Base64 coding.
Take Care About Pre-Installed Malware In Mobile Devices.
The latest study states that a forthcoming mobile device may come with "pre-installed mobile malware" along with the malicious code in it. Pre-installed malware means that the mobile device already installed with malicious code in the system level that cannot be removed easily. There are two types of pre-installed malware that is based on the location of the app which is one of the important aspects of the apps. 1 ./system/app/:– The apps which is posted in this location something that you are repeatedly using such as, camera, FM, video player and photo viewers.
2. /system/priv-app/:– This is very important app location and most of the important apps such as settings and system UI, which contain the functionality for the back/home buttons on Android devices reside in it. Mobile Malware
Researchers analyzed the code of this malware and confirmed that the known pre-installed malware Pups. This Malware infects the system UI and repeatedly installs variants of Android malware to eventually steal the sensitive information.
Another device is UTOK Q55 that infect with Potentially Unwanted Programs (PUPs) monitoring apps that collect and report sensitive information from the device. This particular Monitor app is hardcoded in the highly-important Settings app. In effect, the app used to uninstall other apps would need to be uninstalled itself to remediate pure irony.
As per Researchers the best way to deal these devices
1) Away from this infected Devices. We have seen some manufacturers that have been infected:-
a) THL T9 Pro
b) UTOK Q55
c) BLU Studio G2 HD
2) If you already bought, return that device.
3) If you already bought the device, directly contact the manufacturer.
Experimenter discovered "Malicious Android Apps" that uploaded in Google play store with Sophisticated click cheat functionality affected around two million Android users.
Some of the malicious apps are unnoticed for a month and year, some of the apps were uploaded in June 2018 and one of the injurious flashlight apps alone downloaded around one million users. Attacker created these ad-clicker malware apps with more persistent functionality and flexible than other previous versions.
Numerous of the apps contain downloader functionality and it using command and control server in order to retrace the files. Attackers send the direct instructions via C&C server to the malware apps that act like a normal ad that showing by legitimate apps. Also, they are using particular click fraud tools to report to the network using particular models of both Android and iOS mobile phones and also full-screen ads are disturbing users to create more thought and force them to click on it.
The affected user can experience malicious activities when the app using a high amount of data and consume the phone’s battery power. These all the malicious apps generate fraudulent requests that cost ad networks significant revenue using the affected clicks.
Infected Application Method Of Working - How It's working
Initially, once it’s launched, it just starts communicating with its C&C server by sending an HTTP GET request and servers return the “SDK” commands along with URL to download an “SDK” module. In this case, the c2 module keeps checking the time interval in “exp” filed and it keeps connecting with every 10 min to get its SDK again. Another module called “mob” perform the ad-clicking and instruction from the C2 server and also server replies on another JSON structure that contains the parameters it will use to download the advertisement.
Also, researchers launch the same developers who placed their malicious apps through the iTunes Store. In order the decrease the chance of catching any malicious from the Ad network, attackers forcing User-Agent and device fields generated network traffic looks like actual traffic that originates from real devices. The click fake remains persistent, even when the user forces the app to drop and Out of 22 apps, 19 apps were created after June 2018. Most of them have contained this “SDK” downloading function since the first version. Researchers said
A VIRUS, CAPABLE TO DAMAGE GADGETS THROUGH BLUETOOTH
The new way to hack is named BlueBorne. When a hacker exploits vulnerabilities in the Bluetooth protocol. The virus is transferred from one device to another and acts in such a way that users do not suspect for their system getting hacked.
According to the head of the research arm of Armis Labs Ben Seri, BlueBorne threatens billions of devices and can lead to the same mass infection as the WannaCry virus. Infection can occur within ten seconds after scanning the nearest devices with Bluetooth enabled, the program will detect the vulnerability. Armis Labs experts say "BlueBorne can be used by cybercriminals for such purposes as cyber espionage, data theft, the introduction of extortion programs," The detected vulnerabilities are present on all devices with Android, Linux, Windows and all versions of iOS.
"Almost all devices with Bluetooth are potentially vulnerable to BlueBorne," said Armis Labs. Four of the eight representatives of Armis Labs rated vulnerabilities BlueBorne as critical. Using them, attackers can get full control over a mobile device or steal encrypted data. Three operating system manufacturers have already stated that they have released updates for the elimination of vulnerabilities. Apple said that BlueBorne doesn't affect systems on iOS 10 or newer versions. Windows released the corresponding update in July, and Google - in August, but its installation may take some time. Linux also develops a way to protect against a new virus, but under the control of this operating system, there are many devices (for example, TVs) that either does not receive updates or do it too rarely.
Armis - BlueBorne Explained - YouTube
In August, it was noticed that hackers distributed a malicious program through e-mails, in which they claimed to clarify the details of the unreleased series of the popular Game "The Game of Thrones".