Quixxi’s Post

#informationsecurity #itsecurity #cybersecurity #cybersecurityawareness 🚌 Finland's Transport and Communications Agency (Traficom) is warning about an ongoing Android #malware campaign attempting to breach online #bank accounts. 📱 The agency has highlighted multiple cases of SMS messages written in Finnish that instruct recipients to call a number. The scammer who answers the call instructs victims to install a McAfee app for protection. 📞 The messages are supposedly sent from #banks or #payment service providers like MobilePay, and they use spoofing technology to appear as if they come from a domestic telecom operator or local network. 🌍 Google has previously confirmed to BleepingComputer that Android's in-built anti-malware tool, Play Protect, automatically protects against known versions of Vultur, so keeping it active at all times is crucial 🌍 . https://lnkd.in/gqVNsV8k

Beware Medusa Android Trojan Targets Banking Users! Imagine waking up to find your banking information stolen. That's the reality for users across Canada, France, Italy, Spain, Turkey, the U.K., and the U.S., targeted by the updated Medusa Android Trojan. This sophisticated malware masquerades as a popular app to infiltrate devices and steal sensitive data. 🔍 What’s Happening? Medusa, also known as TangleBot, has been active since July 2023, with fraud campaigns spreading through five different botnets. The latest versions of Medusa come with new features like full-screen overlays and remote app uninstallation to evade detection. 📱 Capabilities: 1. Reads SMS messages 2. Logs keystrokes 3. Captures screenshots 4. Records calls 5. Steals banking credentials via overlay attacks 🔐 How It Spreads: Medusa is distributed via phishing campaigns and dropper apps posing as fake updates. It even uses legitimate services like Telegram and X to retrieve command-and-control servers for data exfiltration. 🌍 Global Impact:With its reach expanding into new regions like Italy and France, Medusa's threat continues to grow. Its ability to minimize required permissions makes it hard to detect, allowing it to operate undetected for extended periods. 📞 Stay Protected:Stay vigilant and only download apps from trusted sources. Ensure your device’s security settings are up-to-date. 🔗 For detailed insights and expert advice, contact us: www.procheckup.com/contact #CyberSecurity #MobileSecurity #MedusaTrojan #ThreatIntelligence #AndroidSecurity #ProCheckUp #StaySecure

New variants of the TrickMo Android banking trojan have been discovered with advanced features to steal device unlock patterns and PINs, putting users at risk of unauthorized access. #CyberSecurity #AndroidMalware #MobileSecurity #TrickMoTrojan #BankingMalware #DataProtection #DeviceSecurity #FinancialFraud #MobileThreats #CyberThreats #Malware

🚨 Beware of ToxicPanda: The New Malware Threatening Your Android and Bank Accounts! 🚨 A new malware called ToxicPanda is spreading around the world, putting Android users and their bank accounts in danger. This trojan malware pretends to be popular apps like Google Chrome and banking applications. Cleafy's Threat Intelligence team reports that more than 1,500 devices in Europe and Latin America have already been affected by ToxicPanda. Stay safe and share this with your network! 🚨📱💡 #CyberSecurity #DigitalSafety #StaySafe #ScamAlert #CyberCrime #OnlineProtection #FraudPrevention #DigitalScams #CyberAwareness #ProtectYourself #InternetSafety #SafeOnline #CyberThreats #OnlineSecurity #DigitalFraud #ScamPrevention #BeAware #StayVigilant #TechSafety #SecureOnline #SafetyFirst #OnlineScams #CyberProtection #SafetyTips #DigitalSecurity #CyberHygiene #ScamPreventionTips #ProtectYourData #CyberSafety #DigitalWellness

🚨 Alert: Discover how the updated Medusa #Android banking trojan targets users in 7 countries, featuring new stealth capabilities and expanded reach. Read: https://lnkd.in/gtpPKGVT #cybersecurity #malware

The Medusa Android Trojan, active since July 2023, is targeting banking users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. This malware, also known as TangleBot, infiltrates devices by masquerading as popular apps and steals sensitive data. It spreads through phishing campaigns and dropper apps posing as fake updates, using legitimate services like Telegram and X to retrieve command-and-control servers. Medusa's capabilities include reading SMS messages, logging keystrokes, capturing screenshots, recording calls, and stealing banking credentials via overlay attacks. The latest versions feature full-screen overlays and remote app uninstallation to evade detection. Its global impact is expanding, making it a significant threat.

FakeCall malware simulates incoming calls from bank employees and reroutes outgoing calls to bank customer support. Fraudsters continue to adapt and develop new impressive tools. Mitigating controls: 1) Only install trusted apps on your phone 2) Pay attention to permissions requested by apps 3) Uninstall old unused apps 4) Use phishing resistant MFA factors (ex. Authenticator app instead of SMS) 5) Setup alerts on your bank’s app (ex. new bill payment vendor added, new e-transfer recipient added, transaction >$X) 6) Use an iPhone #cybersecurity #informationsecurity #cybercrime #financialcrime #fraud #socialengineering #risk #riskmanagement

New Android Malware Mimic Google Chrome To Steal Banking Details https://lnkd.in/ednHnSRu #Infosec #Security #Cybersecurity #CeptBiro #Android #Malware #Mimic #GoogleChrome #BankingDetails

FINLAND AUTHORITIES WARN OF ANDROID MALWARE CAMPAIGN TARGETING BANK USERS Source: Security Affairs Date Published: May 6, 2024 Excerpt: Traficom, Finland’s Transport and Communications Agency, issued a warning regarding a current Android malware campaign aimed at bank accounts. Traficom reported that clients of multiple banks received text messages in the Finnish language that instruct recipients to call a service number, from which the bank user is directed to install malware on the Android device. Threat actors used a phone number that seems to be the number of a domestic telecom operator or a local network. The text messages purportedly from various companies, claiming debt collection or unusual account activity. The messages urge recipients to call a specified service number. Upon calling, recipients are warned of potential fraud and recommended to secure their device by downloading antivirus software. Then the victims receive a follow-up text message containing a link to a security software which is actually malware disguised as McAfee antivirus. Once installed, the malware grants access to the victim’s applications and messages, including online banking, allowing crooks to steal funds from the victim’s online bank." To read the complete article see: https://lnkd.in/du2gwEeE

The Vultur banking trojan has a new version that scares the world Cybercriminals have further refined the malware, adding more effective features to evade detection. There is alarm around the world due to the detection of a new, more updated and insidious version of the famous banking trojan for Android "Vultur". Identified for the first time three years ago, it is considered by experts to be one of the ten most widespread banking malware of 2023: with its nine certified variants, it was able to infect 112 banking apps in 15 countries. The updated version of Vultur has been strengthened with the addition of new advanced remote control and evasion analysis and detection capabilities. It all starts with the sending of an SMS regarding a fake transaction relating to a large sum of money, thus taking advantage of the so-called "smishing". The first message guides the victim towards a telephone call. At that point the recipient is encouraged to contact by telephone what appears to all intents and purposes to be an assistance service. When this occurs, the cybercriminal convinces the victim to install a version of the McAfee Security app via a link inserted in a second SMS: a version that is only apparently legitimate, but actually modified, given that it is the Brunhilda dropper. Once started, the malicious dropper downloads and then executes three Vultur payloads, namely two APK files and a DEX: these allow registration with the C2 server and, thanks to obtaining Android accessibility services permissions with remote access via the Installing AlphaVNC and ngrok allow you to execute commands received from the C2 server itself. #security #cybersecurity #hacker #malware #android #bank #cyberattack #cybercrime #cyber