CyberSecurityBoard
Sponsor Register Login

Undetected Android Trojan Expands Attack on Iranian Banks

Security researchers have uncovered the continuation and expansion of an Android mobile banking Trojan campaign targeting major Iranian banks. Initially discovered in July 2023, the campaign has not only persisted but has also evolved with enhanced capabilities, according to a new report by Zimperium malware analysts Aazim Bill SE Yaswant and Vishnu Pratapagiri. A prior investigation by the firm identified four clusters of credential-harvesting apps mimicking major Iranian banks, circulating between December 2022 and May 2023. These apps could steal banking login credentials and credit card information, hide app icons to prevent uninstallation and intercept SMS for one-time password codes. Zimperium's latest findings, published today, include the identification of 245 new app variants associated with the same threat actors. Notably, 28 of these variants remain undetected by industry-standard scanning tools. The new iterations extend the campaign's reach, targeting additional banks and revealing the threat actors' aspirations to expand further. The malware now also demonstrates an interest in collecting information about various cryptocurrency wallet applications, suggesting potential future targeting. The second iteration of the malware also introduced unseen capabilities, such as the abuse of accessibility services for overlay attacks, auto-granting of SMS permissions, prevention of uninstallation and data exfiltration methods using GitHub repositories. The research also underscores vendor-specific attacks on Xiaomi and Samsung devices and a potential interest in targeting iOS devices. Yaswant and Pratapagiri emphasized the importance of runtime visibility and protection for mobile applications. "It is evident that modern malware is becoming more sophisticated, and targets are expanding, so runtime visibility and protection are crucial for mobile applications," the researchers explained. The Zimperium research article concludes with an invitation to explore Indicators of Compromise on their GitHub repository, providing a comprehensive list for security practitioners to bolster defenses against this evolving threat.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Undetected Android Trojan Expands Attack on Iranian Banks

Undetected Android Trojan Expands Attack on Iranian Banks - Security researchers have uncovered the continuation and expansion of an Android mobile banking Trojan campaign targeting major Iranian banks. Initially discovered in July 2023, the campaign has not only persisted but has also evolved with enhanced ...
1 year ago Infosecurity-magazine.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
6 months ago Securelist.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
11 months ago Bleepingcomputer.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
Over 100 European Banks Face Cyber Resilience Test - Over 100 European banks will be tested on their cyber-attack response and recovery capabilities this year, the European Central Bank has announced. The EU's central bank will conduct its first ever cyber resilience stress test on 109 directly ...
11 months ago Infosecurity-magazine.com
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
10 months ago Securityweek.com
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
10 months ago Cysecurity.news
Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
1 year ago Heimdalsecurity.com
Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
11 months ago Securityweek.com
Cleafy improves banking security with real-time AI capabilities - In the ever-evolving landscape of banking and financial security, new malware variants poses a significant and imminent challenge. Traditionally, both the identification and classification of these threats only occurred post-attack, leaving banks and ...
1 year ago Helpnetsecurity.com
Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
10 months ago Cysecurity.news
Trojan-Proxy Threat Expands Across macOS, Android and Windows - Security researchers have identified a new threat involving cracked applications distributed by unauthorized websites, concealing a Trojan-Proxy designed to compromise victims' devices. Cybercriminals have been taking advantage of users seeking free ...
1 year ago Infosecurity-magazine.com
Microsoft Identifies Iranian GovernmentBacked Group as Responsible for Charlie Hebdo Cyber Attack - In January 2023, the U.S. government sanctioned an Iranian nation-state group for the hack of the French satirical magazine Charlie Hebdo. Microsoft, which revealed the details of the incident, is tracking the activity cluster under the name ...
1 year ago Thehackernews.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
2 months ago Techtarget.com
Web injections are back on the rise: 40+ banks affected by new malware campaign - These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware ...
1 year ago Securityintelligence.com
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors - A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been ...
1 year ago Thehackernews.com
Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges - Malware is being targeted at Mac users who receive pirated versions of popular apps from warez websites after they choose to download them from those websites. Various reports state that cybercriminals are infecting macOS devices with proxy trojans ...
1 year ago Cysecurity.news
Chinese Hackers Target Iranian Government Entities in Months-long Attack - A months-long attack by Chinese hackers has been targeting Iranian government entities, according to a report by CSO Online. The hackers, named IAMPrime, have been targeting government institutions in Iran since at least July of last year. The ...
1 year ago Csoonline.com
Microsoft Links Charlie Hebdo Attacks to Iranian StateSponsored Group - Microsoft's Digital Threat Analysis Center has linked a recent cyber attack on the French satirical magazine Charlie Hebdo to an Iranian nation-state actor. The group, which calls itself Holy Souls and has also been identified as Emennet Pasargad by ...
1 year ago Csoonline.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
1 year ago Thehackernews.com
First Ever iOS Trojan Steals Facial Recognition Data - A novel, very sophisticated mobile Trojan dubbed GoldPickaxe. iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents. The Asia-Pacific region includes the majority of ...
10 months ago Gbhackers.com
Deluge of Nearly 300 Fake Apps Floods Iranian Banking Sector - A mammoth campaign targeting Iran's banking sector has grown in magnitude in recent months, with nearly 300 malicious Android apps targeting users for their account credentials, credit cards, and crypto wallets. Four months ago, researchers from ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)