Android users beware banking trojan is back

Apr 03 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Sponsored by

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s wishes western governments put as much effort into catching cyber criminals as they do to catching people who say mean things on the internet πŸ‘€πŸ˜¬πŸ™ˆ

Today’s hottest cybersecurity news stories:

  • πŸ“± Android users beware! Vultur banking trojan is back 🐎

  • ⚠️ Bad news day for Android! Phones are being enslaved πŸ§Ÿβ€β™‚οΈ

  • ❌ Google forced to delete billions of incognito browsing records πŸ—ƒοΈ

Vultur’s back to pick the bones πŸ¦…β˜ οΈπŸ’€

🚨 Vultur Banking Trojan Strikes Android Devices with Enhanced Capabilities! πŸ”₯

The infamous Android banking trojan, Vultur, has reemerged with a vengeance, equipped with advanced features and sophisticated evasion techniques, posing a significant threat to unsuspecting users, as revealed by NCC Group researcher Joshua Kamp.

πŸš€ Evolution of Threat

Originally uncovered in 2021, Vultur has undergone a significant transformation, leveraging Android's accessibility services APIs to execute its malicious deeds. Now, it employs encryption and masquerades as legitimate applications, enhancing its stealth and efficacy.

🎭 Deceptive Distribution Tactics

Vultur spreads through trojanized dropper apps on the Google Play Store, cunningly disguised as authenticator and productivity tools. Additionally, telephone-oriented attack delivery (TOAD) techniques lure victims via SMS messages and phone calls, leading them to download the malware.

πŸ§Ÿβ€β™‚οΈ Infiltration and Control

Once installed, Vultur deploys multiple payloads to establish a connection with its command-and-control (C2) server, granting remote access and control over the infected device. Its arsenal includes capabilities like remote interactions, file management, and app manipulation.

🎯 Aiming for Total Control

The trojan's recent enhancements underscore its focus on maximising control over compromised devices. From intercepting SMS messages to blocking specific apps and bypassing lock screen security measures, Vultur aims to infiltrate every aspect of users' digital lives.

πŸ“ˆ Rising Threat Landscape

The emergence of malware-as-a-service operations like Octo highlights the growing sophistication of cyber threats targeting Android users. With campaigns spanning thousands of compromised devices, the impact of these attacks is widespread and severe.

πŸ›‘οΈ Protecting Android Users

While Google Play Protect offers some defence against known versions of Vultur, users must remain vigilant and exercise caution when downloading apps from unofficial sources. Regular security updates and robust antivirus solutions are critical to safeguarding against evolving threats.

Stay informed, stay protected. Together, we can defend against the relentless onslaught of cyber adversaries and secure our digital futures.

Join the webinar on April 10: Combating threats through a continuous compliance with Vanta, CrowdStrike, and AWS

As the movement towards cloud-first continues, how can teams ensure their cloud security and compliance programs are optimized? On April 10, join leaders from Vanta, CrowdStrike, and AWS as they discuss ways to leverage continuous compliance and security to proactively monitor cloud infrastructure.

Geez, if I had an Android I’d be getting paranoid 😬😬😬

🚨 Google Play Store Infested with Malicious Android Apps Creating Proxies! πŸ“±

A troubling discovery by HUMAN's Satori Threat Intelligence team unveils a cluster of Android VPN apps on the Google Play Store, secretly transforming users' devices into residential proxies (RESIPs) for nefarious purposes.

πŸ” Unveiling Operation PROXYLIB

Codename PROXYLIB reveals the insidious intent behind 29 VPN apps, now removed by Google, equipped with a Golang library to covertly enlist devices into a proxy network, unbeknownst to users.

πŸ›‘οΈ The RESIP Menace

Residential proxies, sourced from real IP addresses provided by ISPs, offer anonymity but are a playground for threat actors. These proxies conceal malicious activities by masking the true origin of attacks, making detection and attribution challenging.

πŸ”’ Exploiting User Trust

Malware operators deploy deceptive tactics, tricking users into installing seemingly innocuous apps that, unbeknownst to them, hijack their devices into a botnet. The infected devices are then monetized by selling access to the proxy network.

πŸš€ Ingenious Integration of Malware

The Android VPN apps seamlessly integrate with remote servers, enrolling infected devices into the proxy network and executing malicious requests. Some apps even incorporate SDKs from LumiApps, expanding the botnet's reach with unsuspecting users.

πŸ›‘οΈ LumiApps' Dubious Role

LumiApps' SDK, disguised as a benign service, enables the embedding of proxyware into legitimate apps, blurring the line between utility and exploitation. This insidious tactic fuels the expansion of the proxy network and enriches threat actors at users' expense.

πŸ” The Nexus of Criminality

Evidence suggests that threat actors behind PROXYLIB are profiting from LumiApps and Asocks by selling access to the proxy network. LumiApps incentivizes developers with cash rewards based on the traffic routed through infected devices, amplifying the botnet's scale.

πŸ›‘οΈ Protecting Against Proxyware Threats

Users must exercise caution when downloading apps, especially VPNs, from unverified sources. Regular security updates and awareness of deceptive tactics are crucial defences against proxyware and botnet infiltration.

Stay vigilant, stay informed. Together, we can disrupt the operations of cybercriminals and safeguard our digital ecosystem.

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)

🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Porn mode privacy FTW πŸ˜‚πŸ˜‚πŸ˜‚

🚨 Google Settles Class Action Lawsuit Over Privacy Concerns πŸ”’

In a landmark move, Google has agreed to settle a class action lawsuit alleging privacy violations related to its Chrome browser's "incognito" mode, promising sweeping changes to protect users' browsing activities.

πŸ“œ The Lawsuit Unveiled

Initiated in 2020, the lawsuit accused Google of misleading users by tracking their internet browsing activities despite using the "incognito" or "private" mode on web browsers like Chrome, leading to concerns about privacy breaches.

πŸ’Ό Terms of Settlement

Google's settlement agreement, awaiting approval from U.S. District Judge Yvonne Gonzalez Rogers, promises substantial relief to affected users. The company pledges to purge billions of data records reflecting users' private browsing activities, marking a significant step towards restoring trust.

πŸ›‘οΈ Enhanced Privacy Measures

As part of the settlement, Google commits to a comprehensive data remediation process, including the deletion of identifiable information and blocking third-party cookies within Chrome's Incognito Mode for five years. Additionally, Google plans to eliminate tracking cookies by default by year-end.

πŸ” Clarification and Transparency

Google has updated the wording of Incognito Mode to clarify its functionality, ensuring users understand that it doesn't alter data collection practices by websites. This transparency aims to empower users to make informed decisions about their online privacy.

🚫 Crackdown on Spam and Phishing

In parallel efforts to bolster security, Google has implemented measures to automatically block bulk senders in Gmail who don't adhere to email sender guidelines, reducing the risk of spam and phishing attacks.

πŸ”’ Ensuring Privacy and Accountability

While the settlement marks a pivotal moment in addressing privacy concerns, ongoing vigilance and accountability are paramount. Users must remain informed about privacy settings and continue advocating for transparency and data protection in digital platforms.

Stay informed, stay empowered. Together, we can champion privacy rights and foster a safer online environment for all.

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles