Archive for March 11, 2023

Xenomorph Android malware now steals data from 400 banks

Posted in Commentary with tags on March 11, 2023 by itnerd

ThreatFabric is reporting on a new fully automated Android banking Trojan referred to as “Xenomorph 3rd Generation.” By its maker, the Hadoken Security Group. The first version of this malware was spotted by ThreatFabric in February of 2022, where it had over 50,000 downloads. The malware was targeting 56 European banks dropper apps published on the Google Play Store. That first version used injection for overlay attacks and abused accessibility services permissions to intercept and steal one time codes.

The second generation of this Trojan was released in June of 2022 and was notable for having a complete code overhaul but was only released in low volume short bursts, apparently for testing purposes. Researchers say that this third version is the most flexible yet, fully automating the process of data theft, including credentials, account balances, perform banking transactions, and finalize fund transfers.

This third version is being offered on a dedicated website and targets more than 400 banking and financial institutions, including several crypto wallets and includes financial institutions from all continents.

“This new version of the malware adds many new capabilities …, most notably the introduction of a very extensive runtime engine powered by Accessibility services, which is used by actors to implement a complete ATS framework. …, Xenomorph is now able to completely automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation.”

Ted Miracco, CEO, Approov had this comment:

   “The fact that this malware has gone through several iterations since its initial detection in February 2022, with each version becoming more advanced and sophisticated, demonstrates the ongoing efforts of cybercriminals to stay ahead of security measures.

   “This includes using multi-factor authentication wherever possible, and correctly. For example SMS based 2FA on the same mobile device that is using the compromised mobile app to access sensitive data will be completely vulnerable against attacks using this Xenomorph trojan attack. The second factor needs to be on a non-compromised platform, for example another device or a hardware based authentication key to be effective. As technology continues to advance, so too will the sophistication of cyber threats, making it essential for all of us to remain vigilant and proactive in protecting ourselves and our data.”

Seeing as this malware has gone through three revisions illustrates the fact that the makers of this malware are here to stay. Which means that the average consumer as well as those who hunt for this sort of thing have to work twice as hard to make sure that nobody gets taken advantage of by the people behind threats like this.

Stopping Abuse In The Digital Age: The Anti-Human Trafficking Intelligence Initiative

Posted in Commentary with tags on March 11, 2023 by itnerd

Human trafficking is one of the most horrendous yet tragically overlooked crimes of our times. And the practice is unfortunately thriving in the digital age. For example, the BBC recently called out “Pig Butchering” call centers in South East Asia who are luring young people with promises of great jobs and perks “overseas”, only to literally trap them into a life existence they are not allowed to leave, working in criminal fraud call centers.

Charitable organizations such as the Anti-Human Trafficking Intelligence Initiative (ATII) are fighting to put an end to this modern “digital” slavery by donating time and resources to help investigate cases and working with police to shut down this shadow industry. While researching enhanced intelligence solutions to improve upon their mission, they approached HYAS, a world-leading authority on cyber adversary infrastructure, to better leverage their limited resources.

In a blog post, HYAS details how they are working with ATII, donating time and resources and joining in the battle to stop human trafficking. Larry Cameron, CISO for ATII said that HYAS Insight, “Saved us weeks of investigation time.” And when it comes to an industry as nefarious as human trafficking, each minute can mean the difference between life and death.

I encourage you to read the blog post and consider what you can do to fight this crime which is unacceptable by any standard.