Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

By: Swati Khandelwal

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication.

In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and poorly secured routers.

DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more.

Hijacking routers’ DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher—both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers.

Discovered by security researchers at Kaspersky Lab, the new malware campaign has primarily been targeting users in Asian countries, including South Korea, China Bangladesh, and Japan, since February this year.

Once modified, the rogue DNS settings configured by hackers redirect victims to fake versions of legitimate websites they try to visit and displays a pop-up warning message, which says—”To better experience the browsing, update to the latest chrome version.”

MORE: https://thehackernews.com/2018/04/android-dns-hijack-malware.html

New Android Malware Secretly Records Phone Calls and Steals Private Data

By: Swati Khandelwal

Android trojans and malware usually have a similar approach when it comes to infecting their targets: malicious App installation. Once it takes place, the damage sometimes can be remediless, because of strategic information said on a voice call or sensitive document is just gone and there is nothing else to do.
While Security specialists keep sending the same message on how to keep your mobile secure, like to not install apps from 3rd-party stores, protect the devices with pin or password, etc., it’s hard for the majority having it done.
A Smartphone designed to be secure from its conception is the best approach to mitigate all those risks and protect your assets and strategic information. SIKURPhone, together with SikurOS is the choice for your Secure Business Platform.

Text by Alexandre Vasconcelos.

Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed “Naver Defender.”

Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.

Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago.

Though researchers haven’t attributed the malware to any hacking or state-sponsored group, South Korean media have linked KevDroid with North Korea state-sponsored cyber espionage hacking group “Group 123,” primarily known for targeting South Korean targets.

The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

  • record phone calls & audio
  • steal web history and files
  • gain root access
  • steal call logs, SMS, emails
  • collect device’ location at every 10 seconds
  • collect a list of installed applications

More: https://thehackernews.com/2018/04/android-spying-trojan.html

Facebook Collected Your Android Call History and SMS Data For Years

By: Swati Khandelwal

Facebook knows a lot about you, your likes and dislikes—it’s no surprise.

But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year.

tweet from Dylan McKay, a New Zealand-based programmer, which received more than 38,000 retweets (at the time of writing), showed how he found his year-old data—including complete logs of incoming and outgoing calls and SMS messages—in an archive he downloaded (as a ZIP file) from Facebook.

Facebook was collecting this data on its users from last few years, which was even reported earlier in media, but the story did not get much attention at that time.

Since Facebook had been embroiled into controversies over its data sharing practices after the Cambridge Analytica scandal last week, tweets from McKay went viral and has now fueled the never-ending privacy debate.

A Facebook spokesperson explained, since almost all social networking sites have been designed to make it easier for users to connect with their friends and family members, Facebook also uploads its users’ contacts to offer same.

As Ars reported, in older versions of Android when permissions were a lot less strict, the Facebook app took away contact permission at the time of installation that allowed the company access to call and message data automatically.

Eventually, Google changed the way Android permissions worked in version 16 of its API, making them more clear and granular by informing users whenever any app tries to execute permissions.

More: https://thehackernews.com/2018/03/facebook-android-data.html

Presentan un teléfono seguro para invertir en bitcoins: ¿de qué se trata?

By: Desiree Jaimovich

Barcelona (enviada especial). SikurPhone es un teléfono diseñado especialmente para los que tienen (o están interesados en tener) inversiones en bitcoins. Se supone que ofrece mayor comodidad y seguridad para gestionar las criptomonedas por varios motivos.

El teléfono tiene un sistema operativo “propio”, que en realidad no es más que una versión personalizada del Android 7.0. Desde el celular no se pueden bajar aplicaciones de Google Play, sino solo aquellas que estén diseñadas especialmente dentro del ecosistema de la empresa.

Al no estar en contacto con apps de terceros, el móvil está menos expuesto a ser hackeado, destaca Alexandre Vasconcelos, vocero de Sikur. Esto es un buen punto, teniendo en cuenta que tan solo en 2017, Google tuvo que eliminar unas 700 mil aplicaciones maliciosas y expulsar a más de 100 mil desarrolladores de su tienda virtual, por intentar afectar los dispositivos de los 2 mil millones de usuarios de Android que hay en el mundo.

Los creadores del teléfono dicen que tan sólo en la última semana sometieron el equipo al testeo de un centenar de hackers y ninguno logró romper las barreras de seguridad del sistema

MORE: https://www.infobae.com/america/tecno/2018/03/01/presentan-un-telefono-seguro-para-invertir-en-bitcoins-de-que-se-trata/

Security-Focused ‘SIKURPhone’ Announced at MWC 2018

By: AFP Relaxnews

Earlier this week at the MWC 2018 in Barcelona, German cybersecurity company Sikur, launched SIKURPhone, a smartphone designed to protect data as well as cryptocurrency

Sikur’s new encrypted smartphone has been tried and tested by hackers, to ensure users’ cryptocurrencies, such as Bitcoin, are safe from theft. Such a device may have only appealed to those carrying around delicate corporate data or sensitive government documents a few years ago. But in today’s world of hackers, set on trying their luck in a cryptocurrency market worth over $460 billion, a lot more people have a lot more to lose.

SIKURPhone is ultimately a practical choice rather than a flashy one — the specs remain mediocre and nowhere near those of a flagship item. A little smaller than an iPhone, the device has a 5.5-inch full high definition ‘gorilla glass’ display, 4GB of RAM, 64GB of storage, a 13MP rear camera and a 5MP front camera. Where it does stand out from the crowd is in its “unhackable” built-in cryptocurrency wallet, tailored to safeguard digital coins, such as Bitcoin. The company is so confident about its new device that it even put it to the test, hiring professional hackers to do “rigorous hacking tests for two months.” Hackers ultimately failed to break in.

SIKURPhone essentially runs on Android, although it is an altered version that provides the basics: calls, messages, document storage, etc. As for third-party apps, such as Instagram and Facebook, they will eventually be accessible but not before being vetted for privacy concerns by the company. According to Sikur, the phone’s fingerprint authentication function can also be used to recover personal data in the case of a lost device or a forgotten password.

More: https://www.news18.com/news/tech/security-focused-sikurphone-announced-at-mwc-2018-1674481.html

Encrypted SIKURPhone protects data and cryptocurrency

By: Rob LeFebvre

The security-focused Granite Phone captured the interest of even non-corporate customers when it came out in 2015. Now the folks at Sikur are back with a next-generation , promising the first fully encrypted, hack-proof smartphone that can safely store cryptocurrencies. Only 20,000 units will be available for presale beginning February 27th at a promotional price of $799. The company expects to deliver them in August of this year.

The phone itself has a 5.5-inch “full HD” Gorilla Glass display, 4GB of RAM, 64GB of storage, a 13MP rear and 5MP front camera and sports a 2800 mAh battery. SIKURPhone also sports fingerprint authentication, which the company claims can help recover personal data if the device gets lost or you forget your password. It runs a fork of Android, and any third-party apps must be vetted and confirmed by the company before they’re available in an upcoming app store.

When the original Granite Phone came out, it was essentially for security-conscious governmental and corporate users, but the device found a pretty strong foothold with everyday consumers. SIKURPhone adds a secure cryptocurrency wallet along with its secure OS, communication systems and third-party apps. “Securely storing information on our devices is one of our strong points,” said CEO Cristiano Iop. “We succeeded with browser and messaging security. Then we asked, why not do it with ? Cryptos are stored seamlessly and securely on our cloud, without compromising safety.”

MORE: https://www.engadget.com/2018/02/27/sikurphone-encrypted-data-cryptocurrency-pre-order/

Empresa lança smartphone próprio para armazenar criptomoeda

By: Reuters

 

SÃO PAULO (Reuters) – A empresa de segurança Sikur revelou nesta segunda-feira um telefone celular dedicado para armazenar criptomoedas, em meio à crescente demanda de investidores por proteção contra crimes cibernéticos no volátil mercado de moedas virtuais de cerca de 450 bilhões de dólares.

O produto, lançado durante uma feira de telecomunicações de Barcelona, o Sikurphone foi lançado com preço de 799 dólares durante a fase de pré-vendas, afirmou a companhia em nota.

A Sikur desenvolve sistemas de criptografia que podem ser instalados em aparelhos iOS, da Apple, ou Android, do Google, assim como em tablets e PCs.

Há três anos, a empresa já havia lançado um celular com criptografia, o Granitephone, que faz comunicações por vídeo, voz, mensagens, chats e compartilhamento de documentos, usando o sistema operacional Android.

Mais: https://br.reuters.com/article/internetNews/idBRKCN1GA2YZ-OBRIN

Skygofree — Powerful Android Spyware Discovered

By: sikur

Capturar

by Mohit Kumar

 

Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely.

Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years.

Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs.

The ‘remarkable new features’ include location-based audio recording using device’s microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers.

Skygofree is being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution campaign was most active, according to Kaspersky’s telemetry data.

Italian IT Firm Behind Skygofree Spyware?

skygofree-android-malware

Researchers at Kaspersky Lab believe the hacker or hacking group behind this mobile surveillance tool has been active since 2014 and are based in Italy—the home for the infamous ‘Hacking Team’—one of the world’s bigger players in spyware trading.

MORE: https://thehackernews.com/2018/01/android-spying-malware.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Android banking trojan targets more than 232 apps

By: sikur

Capturar

by Rene Millman

January 05, 2018

Security researchers have found a new strain of malware targeting banking apps on Android devices.

Called Android.banker.A2f8a, researchers at Quick Heal Security Labs said that the malware has targeted more than 232 banking apps, stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server. It also displays an overlay screen (to capture details) on top of legitimate apps.
The malware being distributed through a fake Flash Player app on third-party stores. Bajrang Mane, a researcher at Quick Heal Security Labs said that this not surprising given that Adobe Flash is one of the most widely distributed products on the Internet.
He added that after installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. “Once this is done, the malicious app hides its icon soon after the user taps on it,” said Mane.
He said that the app carries out malicious tasks – it keeps checking the installed app on the victim’s device and particularly looks for 232 apps.
“If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password,” said Mane.
The malware can also read all incoming and outgoing texts and can also bypass the OTP-based two-factor authentication on the victim’s bank account. It can also change the device’s ringer volume to silence text message notifications.
Mane said that users should avoid downloading apps from third-party sources or from links sent via text messages or emails.
“Always keep ‘Unknown Sources’ disabled. Most importantly, verify app permissions before installing any app even from official stores such as Google Play. Always keep your device OS and mobile security app up-to-date,” he added.
Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

This New Android Malware Can Physically Damage Your Phone

By: sikur

phone-swollen-battery

Due to the recent surge in cryptocurrency prices, not only hackers but also legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of your PC to mine Bitcoin or other cryptocurrencies.

Just last week, researchers from AdGuard discovered that some popular video streaming and ripper sites including openload, Streamango, Rapidvideo, and OnlineVideoConverter hijacks CPU cycles from their over hundreds of millions of visitors for mining Monero cryptocurrency.

Now, researchers from Moscow-based cyber security firm Kaspersky Lab have uncovered a new strain of Android malware lurking in fake anti-virus and porn applications, which is capable of performing a plethora of nefarious activities—from mining cryptocurrencies to launching Distributed Denial of Service (DDoS) attacks.

Dubbed Loapi, the new Android Trojan can perform so many more malicious activities at a time that can exploit a handset to the extent that within just two days of infection it can cause the phone’s battery to bulge out of its cover.

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist