1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous Android malware could steal passwords and other da

    From TechnologyDaily@1337:1/100 to All on Mon Jul 31 15:15:03 2023
    This dangerous Android malware could steal passwords and other data just by using images

    Date:
    Mon, 31 Jul 2023 14:57:26 +0000

    Description:
    Don't take photos of your passwords, guys, malware can read those.

    FULL STORY ======================================================================

    Cybersecurity researchers from Trend Micro have uncovered two malware
    variants built for the Android system, one of which is able to steal information stored on photos and pictures.

    In a report published on the companys website, it was said that CheeryBlos, and FakeTrade, two malware families, were recently discovered, with one even making its way to Google Play, Androids official app repository.

    The researchers that discovered the apps concluded that they both belong to the same threat actor, given that they use the same network infrastructure
    and the same certificates. These malware variants were hiding in different apps, including an app called SynthNet that was uploaded to Google Play. According to a BleepingComputer report, it had some 1,000 downloads before being removed from the store.

    But this isnt the only way the apps were distributed. The threat actors used common distribution tactics, such as social media channels, or phishing websites. They would promote the apps on Telegram, Twitter, or YouTube, presenting them as AI tools or cryptocurrency miners. Some of the apps are called GPTalk, Happy Miner, or Robot999. Suffice to say, if you have any of these installed on your endpoints, remove them immediately.

    The goal of the malware was to steal valuable data from the compromised devices, including any cryptocurrencies the users might have sitting in
    mobile app wallets. One of the ways the malware did that was by overlaying
    any crypto apps with an invisible (or fake) user interface where the user, should they enter their credentials, would hand them over to the attackers. The other method was by hijacking the clipboard. If a user copies a crypto wallet, the malware will replace it in the clipboard with another address belonging to the attackers. So when the victim pastes the address, unless
    they double-check it character for character, theyll end up sending their money to the crooks.

    Another method was through optical character recognition or OCR. Most
    high-end smartphones these days have that feature, which allows the device to read the text on a photo or an image. Its useful when, for example, needing
    to translate a menu while dining in a foreign country. The crooks used OCR to have the malware scan the photo gallery for any relevant images and pull the data to the C2.

    While the crooks dont seem to target any specific region, the victims mostly reside in Malaysia, Vietnam, Indonesia, the Philippines, Uganda, and Mexico, the researchers concluded. Analysis: Why does it matter?

    Cryptocurrencies, especially Bitcoin and Ether, are still widely popular around the globe, and with the next Bitcoin halving coming up approximately
    in May next year, many people are already stacking up in anticipation of the possible next bull run which could see Bitcoin shoot past $100,000 per coin. This leaves many people, especially new entrants to the market, vulnerable to scams and hacks.

    The problem with cryptocurrencies is that once a transfer is initiated, its impossible to reverse (unless its being made from a third-party such as a crypto exchange, which might stop it on time, if alerted to a possible
    fraud). The second problem is in the way most cryptos are secured these days
    - the majority of crypto wallets come with so-called seed phrases (also
    called recovery phrases or mnemonic phrases) - a string of 12 or 24 words
    that can be used to restore a wallet, in case its lost or the password is forgotten.

    While the designers insist people write these words down on a piece of paper somewhere and store it safely (and not digitally), many people end up taking photos of their seed phrases and storing them on their smartphones or cloud services. If an OCR-enabled piece of malware finds these photos, the crooks can easily take over the wallet and empty it out in seconds. What have others said about this malware?

    In the comments section on ArsTechnica , some users discussed how malware
    like this would never pass on an Apple device. Reasons why I'll never leave Apple. I don't need an AV scanner on my phone. I don't need to side-load,
    says one of the comments. For one thing, lack of sideloading makes it effectively impossible to distribute malicious apps. You wont find crap like this in the AppStore, says another. iOS APIs do not even allow the developers to pull off anything like this - Android malware rarely uses vulnerabilities. They pull off this stuff just by using standard APIs. Apples approach to iPhone as (somewhat restricted) app platform has been an incredible success for us, the users. The same can be said for gaming consoles: zero malware.

    Others pointed out how its still the human factor that makes all the difference: For this to work, it required accessibility permissions. This is
    a more involved process than other permissions. I'm trying it with a legitimate app, and the app has to give you instructions about what to do in settings, and then launch the setting app to a screen that's reasonably
    close, they said. You cannot accidentally click through this.

    Finally, those who werent interested in the perpetual Apple vs. Android war shifted their attention to the impotence of mobile antivirus programs:

    It sounds like even Google's Play Protect wasn't able to detect the malware
    in these apps since Trend Micro is the one reporting it, says one user. First submitted on VirusTotal on 2023-06-20 at 16:09:16 UTC, which means over a month has passed and the bad app is still not detected by the vast majority
    of AVs, says another. Go deeper

    If you want to learn more about Android malware and how to stay safe, make sure to read our guide for the best Android antivirus apps , and best Android phones in general. Also, read our guide on best firewalls , and best ID theft protection around.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/this-dangerous-android-malware-could-steal-passw ords-and-other-data-just-by-using-images


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)