Categories
Tech Lite Technology

New malware targeting Android users to steal sensitive data using OCR

The malicious apps are distributed through a variety of channels, including social media, phishing websites, and shopping apps on Google Play….reports Asian Lite News

Two new malware families targeting Android users have been discovered on Google Play, named CherryBlos and FakeTrade, which are designed to steal cryptocurrency credentials and funds or conduct scams using optical character recognition (OCR), a new report has said.

According to cybersecurity software company Trend Micro, both malware uses the same network infrastructure and certificates, indicating the same threat actors created them.

The malicious apps are distributed through a variety of channels, including social media, phishing websites, and shopping apps on Google Play.

CherryBlos malware was first seen spread in April 2023 in the form of an APK (Android package) file marketed on Telegram, Twitter, and YouTube as AI tools or cryptocurrency miners.

The names used for the malicious APKs are GPTalk, Happy Miner, Robot999, and SynthNet, according to the report.

The downloaded malware CherryBlos (AndroidOS_CherryBlos.GCL), named because of the unique string used in its hijacking framework, can steal cryptocurrency wallet-related credentials, and replace victims’ addresses while they make withdrawals.

In addition, a more interesting feature can be enabled, which uses OCR to remove text from photos and images.

“Once granted, CherryBlos will perform the following two tasks — Read pictures from the external storage and use OCR to extract text from these pictures, and upload the OCR results to the C&C server at regular intervals,” the researchers wrote.

Moreover, another campaign that employed several fraudulent money-earning apps — first uploaded to Google Play in 2021 — involved the FakeTrade malware.

Researchers discovered links to a Google Play campaign in which 31 scam apps known as “FakeTrade” used the same C2 network infrastructures and certifications as the CherryBlos apps, the report said.

These apps employ shopping themes or money-making entices to deceive users into watching commercials, committing to premium subscriptions, or topping up their in-app wallets while never allowing them to pay out the virtual prizes.

The applications have a similar interface and mostly target customers in Malaysia, Vietnam, Indonesia, the Philippines, Uganda, and Mexico, with the majority of them appearing on Google Play between 2021 and 2022.

ALSO READ: Kukis, Meitis urged to enter talks to end violence

Categories
-Top News India News

India experienced 7 lakh malware attacks in 2022

In 2021, the top three sectors affected by ransomware were banking, government, and manufacturing, but the trend shifted in 2022 when the Indian government sector became the most affected, followed by manufacturing and banking…reports Asian Lite News

India experienced approximately 7 lakh malware attacks in 2022, up from 6.5 lakh in 2021, with the banking sector being the most vulnerable to these attacks, totalling 44,949 incidents, a report showed on Wednesday.

The top six industries affected by malware in India in 2022 were banking, government, manufacturing, technology, healthcare, and finance.

However, there was a slight decline in the number of malware detections across the six critical sectors, indicating that appropriate measures are being taken, according to the report by global cyber-security firm Trend Micro.

In 2022, there were a total of 14,983,271 ransomware threats globally, with 38.06 per cent of the attacks targeting Asia, and 10.51 per cent of those attacks being detected in India.

“The report reveals a 16 per cent increase in malware attacks, underscoring the need for ongoing vigilance and collaboration to safeguard critical industries such as banking, government, and manufacturing in India,” said Vijendra Katiyar, Country manager for India & SAARC, Trend Micro.

In 2021, the top three sectors affected by ransomware were banking, government, and manufacturing, but the trend shifted in 2022 when the Indian government sector became the most affected, followed by manufacturing and banking.

Interestingly, while the number of attacks on the Indian banking sector decreased significantly from 15,928 to just 626 ransomware alerts, the number of attacks on the government sector remained relatively stable, and the manufacturing sector saw an increase from 994 to 1,178 incidents in 2022, the data showed.

Fraudsters get creative, come up with newer ways to dupe people. (Photo:Unsplash)

Globally, the cyber-threat detections hit a record 146 billion in 2022.

The report mentioned a massive 55 per cent increase in overall threat detections in 2022 and a 242 per cent surge in blocked malicious files, as threat actors indiscriminately targeted consumers and organisations across all sectors.

There was an 86 per cent increase in backdoor malware detections. These backdoors primarily targeted web server platform vulnerabilities.

“A surge in backdoor detections is particularly concerning in showing us their success in making landfall inside networks,” said Jon Clay, VP of threat intelligence at Trend Micro.

ALSO READ-2 Pak men nabbed for plotting terrorist attack in Greece

Categories
India News Tech Lite

India among top 3 countries originating IoT malware

It identified unpatched, high-severity vulnerabilities in 75 per cent of the most common industrial controllers in customer OT networks…reports Asian Lite News

India is among the top 3 countries originating Internet of Things (IoT) malware infection in 2022, a Microsoft report said on Wednesday.

IoT devices offer significant value to organisations in the country looking to modernise workspaces, become more data-driven and ease demands on staff through shifts like remote management and automation.

“Therefore, the cyber-threat landscape is real and security is the need of the hour. Microsoft aims to help incident responders and security specialists better understand their environments and prevent potential incidents,” said the tech giant.

The International Data Corporation (IDC) estimates there will be 41.6 billion connected IoT devices by 2025, a growth rate higher than traditional IT equipment.

With increasing connectivity across converging IT, Operational Technology (OT) and IoT, organisations and individuals need to rethink cyber risk impact and consequences, said the report.

Microsoft observed a spike in threats across traditional IT equipment, OT controllers and IoT devices like routers and cameras fueled by the interconnectivity many organisations have adopted over the past few years.

It identified unpatched, high-severity vulnerabilities in 75 per cent of the most common industrial controllers in customer OT networks.

“As OT systems underpinning energy, transportation, and other infrastructures become increasingly connected to IT systems, the risk of disruption and damage grows as boundaries blur between these formerly separated worlds,” said Vasu Jakkal, corporate vice president, security, compliance, identity, and management at Microsoft.

For businesses and infrastructure operators across industries, the defensive imperatives are gaining total visibility over connected systems and weighing evolving risks and dependencies, Jakkal added.

Modern threats like sophisticated malware, targeted attacks, and malicious insiders are difficult for traditional security measures to contain.

Microsoft also observed over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits (SDKs).

ALSO READ-Microsoft’s all-in-one ‘super app’ soon