Over 600 blacklisted Bitcoin apps found in popular app stores may allow hackers to steal from users
Researchers found that GooglePlay, which hosted 272 of the blacklisted apps, as well as APKFiles and 9Apps – both of which hosted 54 and 52 blacklisted apps respectively – were the top app stores guilty of making the blacklisted apps available to users. Over 600 blacklisted Bitcoin apps found in popular app stores may allow hackers to steal from users As Bitcoin prices began skyrocketing and more users started investing in the cryptocurrency, more and more Bitcoin apps began popping up. Security researchers analysed over 18,000 apps across 20 app stores to find that 661 blacklisted Bitcoin apps were still available to users, leaving users vulnerable to hackers. However, some of these apps, despite having been banned, are still available to users in popular app stores. Security experts discovered over 600 blacklisted Bitcoin apps that were still available for download to users. Researchers also warned that the rise in unofficial and potentially malicious apps could likely scare off potential investors looking to purchase Bitcoin. By checking the developer’s name, user reviews and the number of app downloads, investors can measure the validity of an app and be more confident in their choice. According to RiskIQ researchers, the cybercriminals behind the banned apps can steal money and data by tricking users that have downloaded the malicious apps into handing over massive sums of money or sensitive and personal details. Researchers at RiskIQ found that three percent of apps with “Bitcoin exchange” in the title, 2. Before handing over any cash or personal data, investors should carry out thorough research into the exchange and wallet apps they intend to use,” RiskIQ EMEA vice president Fabian Libeau said in a statement.
Overseas education consultant loses Rs 32 lakh to hackers
The accused used her email ID to communicate with colleges abroad and diverted her commission on admissions to their bank accounts. Since then, the hackers had been communicating with the colleges using her email ID and getting the commission in another bank account. Recently, the colleges informed her that they had already transferred her commission to her bank account. The hackers had put up fake invoices and got her commission money in banks in Germany and Belarus. The victim said she suspected that her former staff — Pujitha Guttikonda and N Sunitha in connivance with the latter’s husband Arun Muthyala, hacked her email ID and communicated with her clients. In her letter to the SSP, Barthwal mentioned the fake email IDs and the accounts used to receive the money. The victim checked with her bank and found that money never reached her account. She stated that she was following up with the colleges about her commission related to admissions since mid-2016. They made changes in the domain and used duplicate email IDs. She earned commission on admitting and enrolling students in colleges abroad.
What is Lebal? New sophisticated malware found targeting several universities, government agencies
According to researchers at Comodo Threat Research Labs, the developers behind the malware camouflaged their malicious payload in several layers. The malicious link itself is disguised as a Google Drive link. Rather than deploying the malware through the usual email attachments, Comodo said the hackers tried to build a “complicated chain to bypass technical security means and deceive human vigilance. As we can see from the example above, it is not so easy to distinguish a malicious file or link, even for a cybersecurity aware user. New sophisticated malware found targeting several universities, government agencies Security researchers have spotted a new strain of sophisticated malware that is targeting a number of high-profile entities, including five universities, 23 private companies and several government organisations. Once downloaded, the malware figures out the version of OS and applications running on the infected machine steals private data from the user’s browsers such as cookies and credentials, and scours for information about email and instant messenger clients. According to their analysis, researchers said this attack has been targeting 30 mail servers and appears to be linked to an IP address and domain in Sao Paolo, Brazil. Phishing emails become more sophisticated and refined,” Fatih Orhan, head of Comodo Threat Research Labs, said. That’s why for ensuring security today, companies need to not only train people for the cybersecurity vigilance skills but use reliable technical protection means as well. Once a user clicks on it, the hackers’ website pops up with the malicious “Lebal copy.
Hackers are now exploiting YouTube ads to hijack your computer and secretly mine cryptocurrency
Coincheck hack: Massive cryptocurrency heist sees hackers steal over $500m as exchange halts trading
One of the biggest cryptocurrency exchanges in Tokyo, Coincheck was hacked and over $500m (£352m) worth of digital currency was stolen by hackers in what is now considered to be the biggest cryptocurrency heist to date. Coincheck stored other cryptocurrencies in the more secure multisig wallets, however, the NEM tokens were stored in a hot wallet. Hackers reportedly stole NEM tokens, which is a recently launched digital currency that has already reportedly been ranked the 10th digital currency in the world. Coincheck reportedly said that it is aware of the address where the stolen NEM tokens are currently being stored by hackers. For instance, while Coincheck stores both Bitcoin and Ethereum in cold storage wallets, Bitcoin is stored in a multisig cold storage wallet. The cryptocurrency exchange also reportedly said that it used various types of wallets to store different cryptocurrencies. Coincheck announced the hack in a press conference, adding that Japanese law enforcement, as well as Japan’s financial service agency, has been alerted about the cryptocurrency heist, CoinTelegraph reported. Bleeping Computer reported that the hackers may have stolen almost seven percent of all the NEM tokens currently in circulation. Hackers managed to get a hold of the private key of the hot wallet, which was being used to store the NEM tokens, which in turn allowed them to siphon off all the funds. This may help the cryptocurrency exchange in helping track the hackers and possibly help regain access to the stolen money.
What is jackpotting? US Secret Service warns of hack that makes ATMs spit out cash like slot machines
US Secret Service warns of hack that makes ATMs spit out cash like slot machines The US Secret Service has been quietly warning ATM operators of sophisticated “jackpotting” ATM attacks that began in Mexico and have now hit the United States. During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” the Secret Service memo reads. To carry out this attack, the hackers gain physical access to the machine, remove and replace the hard drive with one prepared by the attackers with stolen ATM platform software and use an industrial endoscope to depress an internal button to reset the machine. Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services,” Dmitry Volkov, Group IB’s head of the investigation, said in an earlier report. The Secret Service alert noted that hackers can also use the endoscope to locate the part of the machine where they can attach a cord to let them sync their laptop and run malicious malware such as Ploutus. In 2016, a hacker group named Cobalt targeted a number of countries in Europe using similar attacks along with ATMs in Thailand, Taiwan, Malaysia and others, according to Russian cybersecurity firm Group IB. According to a confidential Secret Service memo sent to financial institutions and obtained by cybersecurity expert Brian Krebs, hackers have been targeting stand-alone ATMs located in pharmacies, big-box retailers and drive-through ATMs. The attack involves cybercriminals using specialised electronics, a form of malware or both to control the ATM machine and forces it to spit out cash.
Hackers could bypass Lenovo’s fingerprint scanner using a hardcoded password – Are you affected?
Here is the full list of affected machines according to Lenovo: ThinkPad L560 ThinkPad P40 Yoga, P50s ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560 ThinkPad W540, W541, W550s ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT) ThinkPad X240, X240s, X250, X260 ThinkPad Yoga 14 (20FY), Yoga 460 ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z ThinkStation E32, P300, P500, P700, P900. The security flaw was discovered in its Fingerprint Manager Pro software — an application embedded in certain Lenovo products that allows users to easily log into their PC and authenticate configured websites using fingerprint recognition. In a security advisory issued last week, the company warned that sensitive data stored by the software, including users’ Windows login credentials and fingerprint data, is encrypted using a weak algorithm. Hackers could bypass Lenovo’s fingerprint scanner using a hardcoded password – Are you affected. Lenovo has disclosed a security vulnerability in some of its devices that could allow a malicious actor to bypass the fingerprint scanner. Select models of Lenovo’s ThinkPad, ThinkCentre and ThinkStation systems are affected by this vulnerability. The high severity-rated flaw could potentially allow a hacker to log into a vulnerable computer using the hard-coded password and decrypt one’s credentials and sensitive data. Models with Windows 10 have not been affected by the flaw. Devices running Lenovo Fingerprint Manager Pro for Windows 7, 8 and 8. Jackson Thuraisamy from Security Compass first identified the issue and reported it to Lenovo.
TopHat campaign: Hackers target the Middle East using malware-laced Arabic files about political events
Security researchers have detected a fresh wave of attacks targeting users in the Middle East that leverage popular third-party services such as Google+, Pastebin and bit. Screenshot of the malicious Google profile used by Scote malware in this campaign Palo Alto Network “In the TopHat campaign, we have observed yet another instance where a threat actor looks to be using political events to target individuals or organizations within the Palestine region,” researchers said. The final technique uses self-extracting executable files to download a phony document onto the user’s computer and deploy the malware. Hackers deployed the malware using four techniques – two using malicious RTF files, one leveraging self-extracting Windows executables and the fourth using RAR archives. According to researchers at Palo Alto Networks Unit 42, hackers have been using Arabic language documents related to current political events as lures to dupe curious victims into downloading and running malicious malware. It uses an attack called “Don’t Kill My Cat” or DKMC that allows the attacker to load a legitimate bitmap (BMP) file that includes shellcode within it. Meanwhile, the downloaded file with a RTF extension – which is actually a VBScript – executes a PowerShell command to download and execute the malware. In this campaign, some Google+ profiles that were used to deliver the malware contained the name “Donald Trump” while other topics referred to President Abbas. The TopHat campaign was found to have some overlaps discovered with the previously reported DustySky campaign when the attacker was identified to be submitting their files for testing purposes. The new Scote malware family uses various tricks and tactics to evade detection but, so far, “provides relatively little functionality to the attackers once deployed,” researchers said.
IOTA cryptocurrency heist: Hackers ‘steal $4m’ from accounts using phishing scam
Malicious websites used to generate password details for the fintech network IOTA are reported to blame for the theft of nearly $4m (£2. The top Google result for an online seed generator – a website called iotaseed. On a dedicated Reddit page, a moderator published a notice that warned users of the IOTA network to never use online seed generators unaffiliated with the platform. Some users had the misfortune of using the wrong online seed generators, and were burned,” tweeted crypto expert Nic Carter. The victims literally shared the keys to their wallets with the attackers by using the attackers’ website,” Rottmann explained. Blockchain identity system ShoCard meets GDPR standards Read more Attackers also used a distributed-denial-of-service (DDoS) attack against the platform, it emerged. Users are now taking to the official IOTA website forum to discuss the next steps. Commenters on Reddit have since argued that the situation could have been avoided if IOTA created and maintained its own seed generator – a service it does not offer for wallets. Reports now indicate that the hackers, who remain unknown, ran a phishing scheme using third-party “seed generators” in order to hijack credentials. The seed is the equivalent of a username/password.
Dutch banks, tax office hit by DDoS attacks amid reports of intel spying on Russia-linked Cozy Bear
Several top banks and the national tax authority in the Netherlands were briefly crippled by a series of powerful DDoS attacks targeting their networks over the weekend, according to local news reports. Rabobank tweeted on Monday that it was suffering DDoS attacks while ABN AMRO said it experienced three hours-long DDoS attacks on Saturday and Sunday (27 and 28 January. The slew of cyber attacks come just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014. It is not clear who is behind the recent spate of DDoS attacks targeting the Dutch banks and authorities or if they are linked to the recent reports regarding Cozy Bear. Klaas Knot, president of Dutch central bank DNB, said on local TV programme Buitenhof that cyber attacks targeting banks are frequent but “serious business. The notorious hacking outfit has been linked to the Democratic National Committee hack during the 2016 US presidential election together with another group dubbed Fancy Bear or APT28. The Dutch tax authority also said it was hit by DDoS attacks that temporarily took down its website and online services for about 5-10 minutes on Monday. AIVD reportedly no longer has access to the Cozy Bear hacking group’s network. Last week, Dutch media outlets De Volkskrant and Nieuwsuur reported that the country’s intelligence agents were able to gain access to cameras monitoring the space where the hackers were based located in a university building near the Red Square in Moscow. ABN Amro, ING and Rabobank confirmed in separate statements that they were attacked with their online and mobile banking services temporarily knocked offline.