InTheBox Threat Actor Selling Over 1,800 Web Injects on Cybercrime Forums

Over 1,800 web injects are for sale on Russian cybercrime forums by a threat actor called InTheBox. These phishing windows are meant to steal credentials from banking, cryptocurrency exchange, and e-commerce apps by imitating widely-used software, and they are compatible with various Android banking malware. Mobile Banking Trojans usually choose an app that already exists on the infected device and then request from the Command & Control server the web inject for that specific app. When the app is launched by the user, the malware shows automatically the phishing page that replicates the real one but is meant to steal credentials and other important info. This variety of fake pages is part of the Phishing-as-a-service concept and allows cybercriminals to focus their work on other things, like malware development and bigger campaigns. Cyble researchers have found that InTheBox sells web injects for hundreds of apps that can be bought as a package, or individually, for $30. Hackers can also require a certain inject for any malware. 814 web injects compatible with Alien, Ermac, Octopus, and MetaDroid for $6,512. 495 web injects compatible with Cerberus for $3,960. Those who buy the InTheBoxs web inject packages also get the apps icon as a PNG file, as well as an HTML file containing JavaScript code that captures the victims passwords and other sensitive information. Sometimes buyers can get also a second overlay meant to demand the credit card number, expiration date, and CVV from the victim. The stolen data is verified using the Luhn algorithm to sort out invalid credit card data. Only after that, the exfiltrated info is converted into string value to be sent to the cybercriminal launching the attack. InTheBox has been selling its Android malware web injections since February 2020, always coming up with new phishing pages.

This Cyber News was published on heimdalsecurity.com. Publication date: Thu, 02 Feb 2023 11:12:03 +0000


Cyber News related to InTheBox Threat Actor Selling Over 1,800 Web Injects on Cybercrime Forums

Android Phishing Forms for Sale on Cybercrime Market: Over 1,800 Web Injects Available - A threat actor named InTheBox is offering 1,894 web injects for sale on Russian cybercrime forums. These web injects are designed to steal credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps. The overlays are ...
1 year ago Bleepingcomputer.com
InTheBox Threat Actor Selling Over 1,800 Web Injects on Cybercrime Forums - Over 1,800 web injects are for sale on Russian cybercrime forums by a threat actor called InTheBox. These phishing windows are meant to steal credentials from banking, cryptocurrency exchange, and e-commerce apps by imitating widely-used software, ...
1 year ago Heimdalsecurity.com
The New Cybercrime Atlas: A Collaborative Approach to Fighting Digital Crime - The global transition to the digital economy means that the operations of governments, critical infrastructures, businesses, and individuals are now a tightly integrated system of interconnected resources. Cybercrime presents a significant risk to ...
8 months ago Feeds.fortinet.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
9 months ago Feeds.fortinet.com
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
9 months ago Thedfirreport.com
Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
9 months ago Windowsir.blogspot.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
8 months ago Thedfirreport.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
10 months ago Unit42.paloaltonetworks.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
7 months ago Microsoft.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
9 months ago Microsoft.com
CMMC v2.0 vs NIST 800-171: Understanding the Differences - The NIST SP 800-171 lays out the requirements for any non-federal agency that handles controlled unclassified information, or other sensitive federal information. DFARS does not address the CMMC at all but a new clause is currently being drafted for ...
9 months ago Securityboulevard.com
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing - As we reflect on 2022, we've seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere - and more frequently. The volume and ...
1 year ago Securityweek.com
APT trends report Q1 2024 - Careto is a highly sophisticated threat actor that has been seen targeting various high-profile organizations since at least 2007. The last operations conducted by this threat actor were observed in 2013. Our private report provided a detailed ...
5 months ago Securelist.com
Cybercriminals are Showing Hesitation to Utilize AI Cyber Attacks - Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears mount over their potential for creating mutating malware, fueling a craze in the cybercriminal underground. Concerns arise over the dual-use nature of ...
10 months ago Cybersecuritynews.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
4 months ago Microsoft.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
9 months ago Cyberdefensemagazine.com
Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware - Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a ...
10 months ago Techrepublic.com
UN Cybercrime Convention: Tight Timeframe to Create New Global Approach to Combat Cybercrime - Cybercrime is a growing problem that affects nearly all of the world's nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the ...
1 year ago Csoonline.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
8 months ago Feeds.dzone.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
8 months ago Techrepublic.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
8 months ago Techrepublic.com
Prioritizing cybercrime intelligence for effective decision-making in cybersecurity - In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will cover a range of essential aspects, from the importance of continuous ...
8 months ago Helpnetsecurity.com
Multiple Flaws in Google Kubernetes Engine - Google Kubernetes Engine has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with ...
9 months ago Gbhackers.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
4 months ago Cybersecuritynews.com
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)