Ghassan Alsaffar’s Post

Malicious ads and bogus websites are targeting Apple macOS users with two types of stealer malware, including Atomic Stealer. These attacks aim to steal sensitive data, often from individuals in the cryptocurrency industry. Deceptive methods such as redirecting users to fake websites or offering free software are used to deliver the malware. Additionally, malicious DMG files and malvertising campaigns have been observed as methods of attack. This highlights the increasing threat to macOS environments, with attackers employing sophisticated techniques to evade detection. #soc #socanalyst #securityoperationscenter #cybersecurityanalyst #cybersecuritynews #malware #cyberattacks #micorsoft #vulnerability #securityawareness #Cisco #redteam #blueteam #applenews #googlecybersecurity #google #apple #ios #osint

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K. The campaign makes use of bogus Android apps that are disguised as seemingly legitimate banking, government facilities, streaming, and utility apps in an attempt to trick users into installing them. As many as 280 fake applications have been detected since the start of the year. Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity. #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops

In re malicious Android apps campaign that can swipe crypto seed phrases stored as images. Pretty ingenious since quite a few folks actually do that. "Recently, McAfee’s Mobile Research Team uncovered a new type of [Android] mobile malware that targets mnemonic keys by scanning for images on your device that might contain them." ---- No doubt this could work, not just for crypto seed phrases stored as images, but, with a little tweaking, probably for critical passwords/credentials stored as images as well. Looking at the icons in the timeline in the blog article, it appears that in August 2024 the attackers may have been using some bogus apps pretending to be legitimate UK government apps. https://lnkd.in/d5gacqAD #cybersecurity #cybersecurityawareness #socialengineering #scamprevention #scamawareness #fraudprevention #fraudawareness

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. The list of websites is below - * avast-securedownload[.]com, which is used to deliver the SpyNote trojan in the form of an Android package file ("Avast.apk") that, once installed, requests for intrusive permissions to read SMS messages and call logs, install and delete apps, take screenshot, track location, and even mine cryptocurrency * bitdefender-app[.]com, which is used to deliver a ZIP archive file ("setup-win-x86-x64.exe.zip") that deploys the Lummainformation stealer malware * malwarebytes[.]pro, which is used to deliver a RAR archive file ("MBSetup.rar") that deploys the StealC information stealer malware https://lnkd.in/et5-hNzZ Contact us now: info@simplysecuregroup.com #cybersecurity #simplysecure #simplysecuregroup #tech #cybersecurityteam #business

New And Dangerous Android Attack Warning Issued Security researchers have uncovered a new and dangerous Android hacking campaign, and this one is also highly inventive. Targeting a 12-word phrase, the SpyAgent malware disguises itself as one of 280 apps so far and uses optical character recognition technology during the devious attacks. Fall victim to a successful compromise, and it could be very costly as these hackers are after your money. https://lnkd.in/dyUufcTd #androidmalware #mauverick

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K. The campaign makes use of bogus Android apps that are disguised as seemingly legitimate banking, government facilities, streaming, and utility apps in an attempt to trick users into installing them. As many as 280 fake applications have been detected since the start of the year. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

A new malware called Atomic macOS Stealer (AMOS) has emerged, targeting macOS users. AMOS steals sensitive data, including information from cryptocurrency wallets and saved passwords. It disguises itself as various applications, often distributed through DMG disk images like fake versions of popular software such as "File Juicer" and "Debit & Credit" app installers. To protect against AMOS, it is crucial for macOS users to use reputable antivirus software. Regularly updating the antivirus software is essential to stay ahead of emerging malware variants. Users should exercise caution when downloading and installing applications, verifying their authenticity and source. Practicing good cybersecurity hygiene, such as updating the operating system and avoiding suspicious websites and email attachments, can further enhance protection against AMOS and other malware strains. By staying informed and taking preventive measures, macOS users can minimize the risk of falling victim to AMOS. #cybersecurity https://lnkd.in/gdcH9ijA

🔸 (Cyber News) The Atomic macOS Stealer (AMOS) is a prevalent malware targeting macOS users, primarily used to steal cryptocurrency, passwords, and session tokens. 🔸 Since its emergence in April 2023, AMOS has become a common choice among hackers, with its price tripling due to increased demand. 🔸 Sophos X-Ops research highlights a growing trend of mainstream malware targeting Macs, with infostealers like AMOS accounting for over half of macOS infections in recent months. 🔸 AMOS is distributed through malicious links, search result poisoning, and fake software installers, often bypassing Apple's official app store. 🔸 The malware has evolved, now obfuscating its code and incorporating Python scripts to evade detection, with future plans to target iOS devices as well. 🔸 Sophos X-OPS advises to only download trusted software and remain cautious of suspicious pop-ups. #fci #cybersecurity #sophos #macOS #amos #infostealers #infosec #apple #networksecurity #malware #popups #ios #detection #threatintelligence https://lnkd.in/gUJMSTKV

In the face of such information about the threat landscape our instinct is often to tell people to be careful. I’m not sure how helpful that is, though. Modern web browsers by default often don’t even show us the DNS domain of the link we’re about to click, and even if they did, much of the time we don’t have access to the information we would need to validate the authenticity of the link. Part of the beauty and magic of the Internet is that anybody can create a new website in seconds, but this open trusting system creates opportunities for exploitation of trusting humans. Passkeys can help us protect the users of our systems from phishing attacks. Contact me if your organization is interested in modernizing your mobile app and cloud services software systems for better security in the modern age. 📱

⚠️ 𝐀 𝐧𝐞𝐰 𝐀𝐧𝐝𝐫𝐨𝐢𝐝 𝐦𝐚𝐥𝐰𝐚𝐫𝐞 𝐢𝐬 𝐬𝐭𝐞𝐚𝐥𝐢𝐧𝐠 𝐩𝐫𝐢𝐯𝐚𝐭𝐞 𝐤𝐞𝐲𝐬 𝐛𝐲 𝐞𝐱𝐭𝐫𝐚𝐜𝐭𝐢𝐧𝐠 𝐭𝐡𝐞𝐦 𝐟𝐫𝐨𝐦 𝐬𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭𝐬 𝐚𝐧𝐝 𝐢𝐦𝐚𝐠𝐞𝐬. 🔑📱 ⚠️ The FBI has warned that North Korean hackers are aggressively targeting the crypto industry with well-hidden attacks. 🔐 McAfee has discovered a new Android malware called SpyAgent, which can steal private keys by scanning screenshots and images stored on your phone. 📱 🔍 SpyAgent uses Optical Character Recognition (OCR) to extract text from images on a phone's internal storage. This technology, commonly used in computers, helps the malware recognize and copy words from images. 🖼️ 🛑 McAfee explained that SpyAgent spreads through malicious links sent via text messages. When users click the link, they're redirected to a fake website that looks legitimate and is asked to download an app that appears trustworthy. However, this app is actually the SpyAgent malware, which compromises the phone once installed. 🕵️♂️ These fake apps are disguised as banking, government, or streaming services. Upon installation, users are asked to grant access to contacts, messages, and local storage. 🚨 Currently, the malware is mainly affecting South Korean users and has been found in over 280 fraudulent apps. 📊 Source of News - https://lnkd.in/dFdCBxYE #CyberSecurity #AndroidMalware #SpyAgent #CryptoHack #McAfee