Framework for Automated Detection of Malicious Software Aimed at Android Users in Southeast Asia

Since July 2022, a malicious campaign has been targeting Android users in Southeast Asia with the goal of stealing their assets from finance and banking applications. This banking trojan, named TgToxic, is embedded in multiple fake apps and has been observed targeting users in Taiwan, Thailand, and Indonesia. To protect themselves, users should be wary of opening links from unknown email and message senders, and should avoid downloading apps from third-party platforms. The malicious apps can be disguised as dating, messaging, lifestyle, or cryptocurrency-related apps in order to trick users into installing and granting permissions. As of late 2022 to early 2023, the cybercriminals behind the campaign began targeting Thai users with similar sextortion and phishing lures, and added malicious code to steal credentials from bank applications. The malware is based on a legitimate automation test framework called Easyclick, which allows it to hijack cryptocurrency wallets and bank apps by stealing users' credentials. It can also steal personal information via SMS and installed apps, and can transfer money to the threat actors without the user's knowledge. To protect against this type of malware, users should avoid downloading apps from unknown sources and should not click on apps, installers, or websites embedded in SMS or emails from unknown senders. Additionally, they should not enable sensitive permissions such as Accessibility services for unknown apps. If a device is experiencing battery drain despite not being used, this could be a sign of malware infection. Trend Micro Mobile Security Solutions can scan mobile devices in real time and on demand to detect malicious apps, sites, or malware and block or delete them.

This Cyber News was published on www.trendmicro.com. Publication date: Fri, 03 Feb 2023 11:22:02 +0000


Cyber News related to Framework for Automated Detection of Malicious Software Aimed at Android Users in Southeast Asia

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 days ago Aws.amazon.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
9 months ago Esecurityplanet.com
How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages - Delve into automated versus manual API testing for efficient software delivery. See how automation speeds validation while manual testing provides human insight, ensuring comprehensive coverage for robust development. In the domain of software ...
7 months ago Hackread.com
Framework for Automated Detection of Malicious Software Aimed at Android Users in Southeast Asia - Since July 2022, a malicious campaign has been targeting Android users in Southeast Asia with the goal of stealing their assets from finance and banking applications. This banking trojan, named TgToxic, is embedded in multiple fake apps and has been ...
1 year ago Trendmicro.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
8 months ago Securityzap.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
1 year ago Csoonline.com
A primer on storage anomaly detection - Anomaly detection plays an increasingly important role in data and storage management, as admins seek to improve security of systems. In response to these developments, more vendors incorporate storage anomaly detection capabilities into their ...
9 months ago Techtarget.com
Why It's More Important Than Ever to Align to The MITRE ATT&CK Framework - These missed attacks often stem from either hidden gaps in detection coverage - or due to alerts that got buried in a sea of noisy alerts and were never even pursued by the Security Operations Center team. In other words, we need to be able to report ...
9 months ago Cyberdefensemagazine.com
PRODUCT REVIEW: ENEA QOSMOS THREAT DETECTION SDK - The Qosmos Threat Detection Software Development Kit is Enea's innovative solution to the demand for more robust, adaptable, and high-performance network threat detection platforms. ADVANCED THREAT DETECTION WITH SUPERIOR TRAFFIC VISIBILITY. ...
8 months ago Cybersecurity-insiders.com
Southeast Asian casino industry supercharging cyber fraud, UN says - The expanding Southeast Asian casino industry has become the nexus of the region's criminal ecosystem, including its cyber fraud industry, and it is facilitating large-scale money laundering by organized crime networks, a new United Nations report ...
8 months ago Therecord.media
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
9 months ago Pandasecurity.com
Cyber scam call center slavery expands beyond southeast Asia The Register - Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated. Interpol revealed this week that an ongoing investigation has discovered evidence of abuse emanating ...
9 months ago Go.theregister.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
3 days ago Techtarget.com
Framework's software and firmware have been a mess, but it's working on them - Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops. Not that the company's hardware releases to date have been perfect-each Framework Laptop 13 model ...
5 months ago Arstechnica.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
4 months ago Securelist.com
Cybersecurity Frameworks: What Do the Experts Have to Say? - Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with ...
3 months ago Tripwire.com
Snowblind malware abuses Android security feature to bypass security - A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. Snowblind's goal is to repackage a target app to make them ...
3 months ago Bleepingcomputer.com
Southeast Asian scam syndicates stealing $64 billion annually, researchers find - Online fraud operations in Southeast Asia continue to grow, with organized scamming syndicates netting an estimated $64 billion each year worldwide, according to new research. In Cambodia, Laos and Myanmar, the criminal groups are stealing about ...
4 months ago Therecord.media
McCaffrey Joins 'ASTORS' Champion SIMS Software Board of Advisors - SIMS Software, the leading provider of security information management software to the government and defense industries - and the 2023 Platinum 'ASTORS' Award Champion for Best Security Workforce Management Solution, is delighted to announce that ...
8 months ago Americansecuritytoday.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
9 months ago Bleepingcomputer.com
The Power of Endpoint Telemetry in Cybersecurity - Cisco - By filtering out unwanted data, this telemetry reduces noise and offers clear visibility into endpoint activities, including processes, parent-child process relationships, triggered events, files and network activity, whether malicious or benign. ...
3 days ago Feedpress.me
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
9 months ago Silicon.co.uk
CVE-2018-8202 - An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft ...
2 years ago
CVE-2018-8284 - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework ...
2 years ago
CVE-2019-0545 - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)