Xafecopy Trojan Will Steal Money From Your Mobile, protect your phone now!

Xafecopy Torjan is a new malware reported by cyber security firm, Kaspersky. As per the report, a new Malware is hitting the technology world which is stealing money from your smartphone. Xafecopy Trojan malware is spreading slowly over the world starting from India. As per the report, over 40% of malware target was found in India. Since, India is becoming more advance with technology, people are more into digital payment services. For that reason, hackers are moving on to this country.

As per the official report by Kaspersky, “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge.”

This new malware runs secretly on your device and steal data from your device. The trojan puts and runs its secret codes to your phone without your knowledge and this way it fetches the information from your device. This trojan runs normally on the device and hence no one will understand what’s actually going on inside your mobile phone. You will not be able to see any such codes with bare eyes.

This code runs and activate through various applications which most of the Android and iOS users are using. Applications like BatteryMaster, ES File Explorer and all the other apps which contains advertises runs these malicious codes. Once the app is activated, the codes will itself starts working on your mobile phone.

This malware clicks different webpages on your mobile phone through Wireless Application Protocol billing. After filling up the form, the code silently subscribes you to various services. This process works super smoothly without any registration or sign up process. You don’t have to put the credit card or debit card details into the forms still it will subscribe for various services without your permission and knowledge.

As we all know, most of the services have captcha codes for the final confirmation of your action. But this malware replaces the captcha code with normal texts and this way it can easily get confirmation and bypass the entire procedure itself. Captcha codes are there to fill the forms and confirmation manually so no robots or autobots can harm your information. But this malware is something to hit the right bone of all the users.

Furthermore, the report says, “Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.”

Kaspersky Lab Senior Malware Analyst Roman Unuchek said, “Our research suggests WAP billing attacks are on the rise. Xafecopy’s attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money.”

In order to prevent yourself from such unwanted and harmful malware attacks to stop them stealing your money, make sure you have a proper security set in your Android device. Stop downloading and installing unwanted third party applications as hackers and attackers are trying to spread this virus or we can say malware with the help of such third party applications which are not permitted by Google. If you are using an Android smartphone, it is better for you to protect your smartphone with Google Play Protect which is a free security service available on all the Android smartphone. The security app has over 1 Billion active users as per the reports.

As a security advice, “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.”

via techbulletin

Read more »

Mobile malware grows nearly three-fold in Q2 2015

So you’ve got your PC locked down so tight you even battle to get in sometimes, but how much care are you taking when it comes to mobile security? If your answer to that question is something along the lines of “not much”, you might want to step it up a notch.

According to security provider Kaspersky, some 291 800 new mobile malware programmes emerged in Q2, which is 2.8 times greater than in Q1. There were 1-million mobile malware installation packages in Q2, which is seven times greater than in Q1.

The company notes that mobile banking remains a main target for mobile threats. A new version of apreviously existing Trojan for instance is capable of attacking 114 (four times more) banking and financial applications as its previous iteration. Its main goal is to steal the user’s login credentials with which to attack, among others, several popular email applications.

Financial threats still huge on the web

Banking remains the biggest target for malware on the web too. But according to Kaspersky, they are falling. There were 5 900 000 notifications about attempted malware infections to steal money via online access to bank accounts — this is 800 000 lower than in Q1.

In Q2 2015, Singapore became the leader in the number of Kaspersky Lab users who came under web-borne attacks by banking Trojans — 5.3% of all Kaspersky Lab users in Singapore faced this threat over this time period. Next came Switzerland with 4.2%, Brazil (4%), Australia (4%) and Hong Kong (3.7%).

As the security company notes, the countries that come under attack most frequently are technologically advanced and/or have a developed banking system, which attracts the cybercriminals’ attention.

It also says that financial threats are not limited to banking malware programmes which attack the clients of online banking systems. Apart from banking malware (83%), financial threats are posed by Bitcoin miners (9%) — these are malware programmes that use the victim’s computer’s computational resources to generate bitcoins, as well as bitcoin wallet stealers (6%) and keyloggers (2%).

Small businesses under threat

While we’ve grown used to attacks taking on big companies and government agencies, Kaspersky notes that small and medium-sized businesses are increasingly coming under attack. Businesses working in chemical industry, nanotechnologies, education, agriculture, mass media and construction are particularly vulnerable it says.

During the three month period covered by the Kaspersky report an average of 23.9% of internet users’ computers across the world came under a web-borne attack at least once. This is 2.4 percentage points lower than in Q1.

Read more »

Facts About Remote Access Trojans (RATs) vs AlienSpy

AlienSpy is the latest in a family of RATs which target both consumers and enterprises in a bid to steal valuable data and compromise systems.

Remote Access Trojans (RATs) never fully vanish; instead, they are often recycled and redeveloped in the changing cybersecurity landscape. These kinds of Trojans, often deployed through phishing campaigns which use spoof emails and malicious files to deliver malware payloads, can be tailored to target particular industries -- such as banking or manufacturing -- or be used indiscriminately against both consumers and businesses.

In a security advisory (.PDF) posted Thursday, security firm Fidelis said the newly-discovered AlienSpy Trojan is currently being used in international phishing campaigns against both consumers and the enterprise, although generally has been detected in campaigns based in the technology, finance, government and energy sectors.

Joining the likes of njRAT, njWorm and Houdini, the RAT's development focuses on delivery rather than core functions. However, AlienSpy does differ from its predecessors. While also similar to Frutas, Adwind and Unrecom, the security firm believes the new RAT has benefited from "unified," collaborative development. As a result, the Trojan is more sophisticated and has expanded functionality.

AlienSpy currently supports infections on Windows, Linux, Mac OSX and the Android mobile operating system. However, the Trojan also demonstrates new evasion techniques not present in past RATs.

Once deployed, the Java-based Trojan grants an attacker access and control over a compromised system. The malware is able to collect system information including OS version, RAM data and computer name, upload and deploy additional malware packages, capture webcam and microphone streams without consent, and remotely watch device activity. In addition, the Trojan includes a keylogger.

AlienSpy's additional features include a sandbox detection tool, the detection and disabling of antivirus software, and the use of Transport Layer Security (TLS) cryptographic protocols to secure its connection to the command and control (C&C) server.

"Applying this technique makes it very difficult for network defenders to detect the malicious activity from infected nodes in the enterprise. To prevent various security tools from running, this version of AlienSpy performs various registry key changes," the advisory notes. "Infected systems could end up with botnet malware downloaded through AlienSpy RAT (e.g. Citadel) as it was observed by our security researchers during one of the infections."

In the same manner as its predecessors, AlienSpy is available through various subscription models and receives continual updates from its developers. According to Fidelis, AlienSpy can be purchased for between $19.90 and $219.99.

"Enterprises should ensure that they are capable of detecting inbound malware as well as active infections involving this RAT," Fidelis says.

The security firm has also published a Yara rule to help developers identify and classify the AlienSpy malware strain.

via ZDNet

Read more »

5 Ways to Stay Away from Malware on a Smartphone

A malware is some software specially designed to harm your computer or smartphone, or to get your personal information for various anti-social purposes (let’s say spying on you). It may be a virus, a spyware, worm, or a Trojan, but their sole purpose is to harm you. Nowadays, since smartphones are more in use, these malwares are aimed mostly at them. So here are some precautions that you can adopt to stay away from them:

1. Download Stuff From Trusted Sources

While you download stuff (songs, pictures etc.) into your mobile, be sure that you don’t download anything but what you want to download. Sometimes, rather most of the times, a file that you want to download is accompanied with a malicious software, that drains out your personal information out of your phones and can be used for anything, and the worst part is that you’d never know. One such unwanted application is Mobogenie that automatically gets downloaded onto Android phones and can cause serious troubles. Don’t believe messages on your browsers that say anything about your phone slowing down or those that offer you “hot pics”.

2. Don’t Cache Passwords

Well, it must be very annoying to type your password again and again onto your device, but this is the key area where most of the spywares attack. They phish out the cache from browsers and hence, can gain access to your private accounts. So the only foolproof method to avoid this is to not save these passwords. Oh, and while you’re at it, turn on the 2-step verification to be extra safe. Click here to know more about two-step verification.

3. Don’t Fall Into Traps Of Spams

You might have come across emails claiming that you’ve won a billion dollars in some lottery you never signed up for, or something like this:

Never click on these links, unless you’ve subscribed or signed up for them as they may contain software that can get installed on your smartphones without your consent.

4. Be Extra Cautious If You’ve Got Root Access

This point is exclusive for Android devices.When you root your smartphone, you allow the apps to gain ‘root access,’ and once a malware gets this access, it has the rights to do almost anything on your device, without your knowledge. That doesn’t mean you shouldn’t root your phones. Just be careful while you grant Superuser privileges, and don’t grant these permissions to non-trusted software downloaded from non-trusted sources. Though we recommend not to download such softwares, but even if you do, don’t grant them Superuser permissions.

5. Install An Anti-Malware Program

Though these apps aren’t enough for keeping the malwares away, they do help to some extent. There are a plenty of such applications out there, most of them free. The best rated ones include Lookout, AVG, or Avast. Mostly, they check installed apps, and watch out for malicious codes.

Read more »