Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

North Korean Hackers Targeting Developers with Malicious npm Packages

The Hacker News - 1 hodina 24 min zpět
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Three Tips to Protect Your Secrets from AI Accidents

The Hacker News - 3 hodiny 22 min zpět
Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be attacked and defended. We're going to talk in this The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Banking Trojans Target Latin America and Europe Through Google Cloud Run

The Hacker News - 4 hodiny 14 sek zpět
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

The mobile malware threat landscape in 2023

Kaspersky Securelist - 5 hodin 50 min zpět

The figures above are based on detection statistics received from Kaspersky users who consented to sharing usage data with Kaspersky Security Network. The data for years preceding 2023 may differ from that published previously, as the calculation methodology was refined, and the data was retrospectively revised in 2023.

The year in figures

According to Kaspersky Security Network, in 2023:

  • Our solutions blocked almost 33.8 million malware, adware, and riskware attacks.
  • The most common threat to mobile devices was adware: 40.8% of all threats detected.
  • We detected more than 1.3 million malicious installation packages, 154,000 of these containing a mobile banking Trojan.
The year’s trends

Malware, adware, and riskware attacks on mobile devices dipped in February, only to rise steadily until the end of the year. In total, Kaspersky products blocked 33,790,599 attacks in 2023.

Number of attacks targeting users of Kaspersky mobile solutions, 2021–2023 (download)

Malware kept making its way into Google Play every now and then. For example, in 2023, we discovered that the marketplace contained a malicious application, Trojan.AndroidOS.Agent.wr, camouflaged as a file manager (see the image below).

The app decrypted and executed reverse proxy code, and displayed ads.

Both Google Play and third-party marketplaces were flooded with fake investment apps that relied on social engineering to coax personal data out of users: mostly phone numbers and full names, which were later added to databases used for phone fraud.

Also in 2023, we detected malicious WhatsApp and Telegram modifications that were stealing user data.

Mobile threat statistics

The number of new unique malware and riskware installation packages decreased slightly from 2022’s levels to 1,315,405.

Distribution of detected installation packages by type

Distribution of newly detected mobile malware by type in 2022 and 2023 (download)

Adware and RiskTool topped the rankings as usual. MobiDash (35.2%) was 2023’s most popular adware family, followed by Adlo (9.4%) and HiddenAd (9%).

Share of users attacked by the specific malware or riskware type in total Kaspersky users* attacked in 2022 and 2023 (download)

* These percentages may not add up to 100% if the same users encountered more than one type of attack.

The Trojan-SMS-type malware saw its activity decrease significantly, dropping six positions from 2022. By contrast, adware activity on user devices increased.

TOP 20 most frequently detected mobile malware programs

Note that the malware rankings below exclude riskware or PUAs, such as RiskTool or adware.

  Verdict %*, 2022 %*, 2023 Difference in pp Change in ranking 1 DangerousObject.Multi.Generic. 16.63 14.82 -1.81 0 2 Trojan.AndroidOS.Fakemoney.v 0.31 11.76 +11.45 +81 3 Trojan.AndroidOS.Boogr.gsh 5.70 6.81 +1.11 +2 4 Trojan.AndroidOS.GriftHorse.l 4.39 5.73 +1.34 +2 5 Trojan.AndroidOS.Triada.et 0.00 4.83 +4.83 6 Trojan.AndroidOS.Generic. 5.79 3.63 -2.16 -3 7 Trojan.AndroidOS.Triada.ex 0.00 3.31 +3.31 8 Trojan-Spy.AndroidOS.Agent.acq 1.18 3.22 +2.04 +16 9 Trojan-Spy.AndroidOS.Agent.afq 0.00 3.18 +3.18 10 Trojan-Dropper.AndroidOS.Badpack.g 0.00 2.75 +2.75 11 DangerousObject.AndroidOS.GenericML. 2.57 2.39 -0.18 -2 12 Trojan-Dropper.AndroidOS.Agent.uc 0.00 2.30 +2.30 13 Trojan.AndroidOS.Piom.baiu 0.00 2.09 +2.09 14 Trojan-Dropper.AndroidOS.Hqwar.bk 0.74 1.85 +1.12 +19 15 Trojan.AndroidOS.Fakeapp.ft 0.00 1.82 +1.82 16 Trojan-Spy.AndroidOS.CanesSpy.a 0.00 1.79 +1.79 17 Backdoor.AndroidOS.Mirai.b 0.00 1.78 +1.78 18 Trojan-Spy.AndroidOS.Agent.aas 5.74 1.66 -4.08 -14 19 Trojan.AndroidOS.Triada.ey 0.00 1.58 +1.58 20 Trojan-Dropper.AndroidOS.Hqwar.hd 1.59 1.46 -0.12 -6

* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky mobile solutions.

Many malware families that were not in 2022’s top 20 joined the list in 2023.

The generalized cloud verdict DangerousObject.Multi.Generic (14.82%), which covers malware from several different families, unsurprisingly retains the top spot. The umbrella ML verdict Trojan.AndroidOS.Boogr.gsh (6.81%) was also close to the top positions.

Trojan.AndroidOS.Fakemoney.v (11.76%), in second place, represents investment and payout scam apps. Another scam app variety, Trojan.AndroidOS.GriftHorse.l (5.73%), that tricked users into buying subscriptions disguised as weight loss plans, was fourth.

A number of malicious WhatsApp mods hit the top 20 list: Trojan.AndroidOS.Triada.et (4.83%), Trojan.AndroidOS.Triada.ex (3.31%), as well as Trojan-Spy.AndroidOS.CanesSpy.a (1.79%) and Trojan-Spy.AndroidOS.Agent.afq (3.18%).

The banking Trojan packer Trojan-Dropper.AndroidOS.Badpack.g (2.75%) was tenth.

Curiously, Trojan-Dropper.AndroidOS.Agent.uc (2.30%) joined the rankings as well. Detected mostly on smart TVs, this dropper is used for hidden deployments of the Mirai bot, which targets Android devices.

Region-specific malware

In this section, we describe malware that predominantly attacks users in specific countries.

Verdict Country* %** Trojan-Banker.AndroidOS.BrowBot.g Turkey 100.00 Trojan-Banker.AndroidOS.BrowBot.i Turkey 99.54 Trojan-Banker.AndroidOS.GodFather.i Turkey 99.53 Trojan.AndroidOS.Piom.bbfv Turkey 99.44 Trojan-Banker.AndroidOS.BrowBot.a Turkey 99.40 Trojan-Banker.AndroidOS.Banbra.aa Brazil 99.35 Trojan.AndroidOS.Piom.azgy Brazil 99.21 Trojan-Banker.AndroidOS.BRats.b Brazil 99.11 Trojan.AndroidOS.Piom.axdh Turkey 98.86 Trojan-Banker.AndroidOS.Sova.i Turkey 98.83 Trojan-Banker.AndroidOS.Banbra.ac Brazil 98.80 Trojan-Spy.AndroidOS.SmsThief.tp Turkey 98.79 Trojan.AndroidOS.Piom.azgh India 98.53 Trojan-Banker.AndroidOS.GodFather.h Turkey 98.51 Trojan-SMS.AndroidOS.Fakeapp.e Turkey 98.32 Trojan-SMS.AndroidOS.Fakeapp.g Thailand 98.27 Trojan-Banker.AndroidOS.Rewardsteal.c India 98.13 Trojan.AndroidOS.Piom.bbfw Azerbaijan 98.04 Trojan-Banker.AndroidOS.Bray.n Japan 97.94 Trojan-Banker.AndroidOS.GodFather.d Turkey 97.91 Trojan-Banker.AndroidOS.Agent.lc Indonesia 97.78 Trojan-Banker.AndroidOS.Agent.nd Turkey 97.68 Trojan-Spy.AndroidOS.SmsThief.vb Indonesia 97.58 Backdoor.AndroidOS.Tambir.b Turkey 97.57 Trojan.AndroidOS.Hiddapp.da Iran 97.39 Trojan-Banker.AndroidOS.GodFather.g Turkey 97.18 Trojan-Spy.AndroidOS.SmsThief.tw Indonesia 96.93 Trojan-Banker.AndroidOS.Agent.la Turkey 96.79 Trojan-Spy.AndroidOS.SmsEye.b Indonesia 96.75 Trojan-Banker.AndroidOS.GodFather.e Turkey 96.41

* Country where the malware was most active.
* Unique users who encountered the malware in the indicated country as a percentage of all Kaspersky mobile security solution users attacked by the same malware.

Users in Turkey experienced the greatest variety of threats concentrated within a single country in 2023. These included BrowBot, GodFather, and Sova banking Trojan modifications; SmsThief.tp spies; Fakeapp.e SMS Trojans; and the Tambir backdoor. Tambir opens VNC access for malicious actors, functions as a keylogger, steals SMS messages, contacts, and app lists, and sends SMS messages.

Also, several specialized threats were active in Brazil, including the Banbra and Brats banking Trojans, which we mentioned in several previous reports.

The SmsThief and SmsEye spies were mostly spread in Indonesia. Fakeapp.g, a program that opens the website of a third-party app store while sending SMS messages to short codes, specialized in attacking users in Thailand.

Mobile banking Trojans

The number of new banking Trojan installation packages dropped slightly from 2022’s level to 153,682.

The number of mobile banking Trojan installation packages detected by Kaspersky in 2020–2023 (download)

TOP 10 mobile bankers

Verdict %*, 2022 %*, 2023 Difference in pp Change in ranking Trojan-Banker.AndroidOS.Bian.h 23.78 22.22 -1.56 0 Trojan-Banker.AndroidOS.Agent.eq 3.46 20.95 +17.50 +6 Trojan-Banker.AndroidOS.Faketoken.pac 6.42 5.33 -1.09 +1 Trojan-Banker.AndroidOS.Agent.cf 1.16 4.84 +3.68 +13 Trojan-Banker.AndroidOS.Agent.ma 0.00 3.74 +3.74 Trojan-Banker.AndroidOS.Agent.la 0.04 3.20 +3.16 Trojan-Banker.AndroidOS.Anubis.ab 0.00 3.00 +3.00 Trojan-Banker.AndroidOS.Agent.lv 0.00 1.81 +1.81 Trojan-Banker.AndroidOS.Agent.ep 4.17 1.74 -2.44 -4 Trojan-Banker.AndroidOS.Mamont.c 0.00 1.67 +1.67

* Unique users who encountered this malware as a percentage of all Kaspersky mobile security solution users who encountered banking threats.

The total number of banking Trojan attacks remained at 2022’s level despite a slight decrease in the number of unique installation packages. This suggests that malicious actors were more likely to reuse the same malware for attacking new users than in the previous year.

Mobile ransomware Trojans

The number of new ransomware installation packages increased slightly year-on-year, reaching 11,202.

Number of installation packages for mobile ransomware detected by Kaspersky, 2020–2023 (download)

TOP 10 mobile ransomware Trojan apps

Verdict %*, 2022 %*, 2023 Difference in pp Change in ranking Trojan-Ransom.AndroidOS.Rasket.a 0.00 52.39 +52.39 Trojan-Ransom.AndroidOS.Pigetrl.a 74.28 22.30 -51.99 -1 Trojan-Ransom.AndroidOS.Rkor.eg 0.00 5.13 +5.13 -3 Trojan-Ransom.AndroidOS.Rkor.ef 0.00 2.65 +2.65 -4 Trojan-Ransom.AndroidOS.Congur.y 0.41 1.13 +0.72 +33 Trojan-Ransom.AndroidOS.Congur.cw 0.93 1.00 +0.07 +5 Trojan-Ransom.AndroidOS.Small.as 1.80 0.94 -0.86 -4 Trojan-Ransom.AndroidOS.Agent.bw 0.72 0.86 +0.14 +11 Trojan-Ransom.AndroidOS.Svpeng.ac 0.86 0.73 -0.12 +5 Trojan-Ransom.AndroidOS.Fusob.h 1.03 0.67 -0.35 -2

* Unique users who encountered this malware as a percentage of all Kaspersky mobile security solution users attacked by ransomware Trojans.

The Rasket Trojan (52.39%) topped the rankings of similar Trojans in terms of attacks by pushing out Pigertl (22.30%). The rest of the positions were, as usual, occupied by various modifications of Rkor, Congur, Small, and Svpeng Trojans, which had been active for a long time.

Conclusion

Android malware and riskware activity surged in 2023 after two years of relative calm, returning to early 2021 levels by the end of the year. That said, the number of unique installation packages dropped from 2022, suggesting that malicious actors were more frequently using the same packages to infect different victims. Adware accounted for the majority of threats detected in 2023.

Attackers continued to use official app marketplaces, such as Google Play, to spread malware. Also, we repeatedly detected malicious mods of popular instant messaging apps.

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

The Hacker News - 8 hodin 54 min zpět
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing. The administrator behind LockBit, in a&Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Unlock the Power of Cybersecurity Education for a Secure Future: A Comprehensive Guide for Linux Admins & Infosec Pros

LinuxSecurity.com - 25 Únor, 2024 - 23:27
Linux administrators and infosec professionals face rising cyber threats in today's interconnected digital world. As open-source platforms gain more importance, securing them becomes mission-critical for organizations worldwide.
Kategorie: Hacking & Security

Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement

The Hacker News - 25 Únor, 2024 - 09:53
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos. Over 14,000 rogue Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

The Hacker News - 24 Únor, 2024 - 12:49
Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days," Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

The Hacker News - 23 Únor, 2024 - 18:08
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21,
Kategorie: Hacking & Security

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

The Hacker News - 23 Únor, 2024 - 18:08
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI

The Hacker News - 23 Únor, 2024 - 12:31
Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to "enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances," Ram Shankar Siva Kumar, AI red team
Kategorie: Hacking & Security

Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI

The Hacker News - 23 Únor, 2024 - 12:31
Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to "enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances," Ram Shankar Siva Kumar, AI red teamNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How to Use Tines's SOC Automation Capability Matrix

The Hacker News - 23 Únor, 2024 - 12:29
Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's been shared
Kategorie: Hacking & Security

How to Use Tines's SOC Automation Capability Matrix

The Hacker News - 23 Únor, 2024 - 12:29
Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's been shared The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

The Hacker News - 23 Únor, 2024 - 06:05
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and 
Kategorie: Hacking & Security

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

The Hacker News - 23 Únor, 2024 - 06:05
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

The Hacker News - 23 Únor, 2024 - 04:30
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes. It will also have to notify users whose browsing data was
Kategorie: Hacking & Security

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

The Hacker News - 23 Únor, 2024 - 04:30
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes. It will also have to notify users whose browsing data was Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How Seccomp Profiles Can Improve Kubernetes Security

LinuxSecurity.com - 22 Únor, 2024 - 18:52
Seccomp , which comes from "secure computing mode," is a built-in security feature in the Linux kernel that limits the system calls a process can make. Seccomp profiles in Kubernetes help minimize attack surfaces and prevent malicious code execution.
Kategorie: Hacking & Security

Joomla XSS Bug Puts Millions of Websites at Risk of RCE

LinuxSecurity.com - 22 Únor, 2024 - 18:48
A critical security vulnerability has been found in the popular Joomla open-source content management system that has left millions of websites open to the risk of remote code execution (RCE) due to multiple cross-site scripting (XSS) bugs. The vulnerability is linked to a fundamental flaw in Joomla's core filter component and is tracked as CVE-2024-21726 .
Kategorie: Hacking & Security
Syndikovat obsah