CyberSecurityBoard
Sponsor Register Login

Undetected Android Trojan Expands Attack on Iranian Banks

Security researchers have uncovered the continuation and expansion of an Android mobile banking Trojan campaign targeting major Iranian banks. Initially discovered in July 2023, the campaign has not only persisted but has also evolved with enhanced capabilities, according to a new report by Zimperium malware analysts Aazim Bill SE Yaswant and Vishnu Pratapagiri. A prior investigation by the firm identified four clusters of credential-harvesting apps mimicking major Iranian banks, circulating between December 2022 and May 2023. These apps could steal banking login credentials and credit card information, hide app icons to prevent uninstallation and intercept SMS for one-time password codes. Zimperium's latest findings, published today, include the identification of 245 new app variants associated with the same threat actors. Notably, 28 of these variants remain undetected by industry-standard scanning tools. The new iterations extend the campaign's reach, targeting additional banks and revealing the threat actors' aspirations to expand further. The malware now also demonstrates an interest in collecting information about various cryptocurrency wallet applications, suggesting potential future targeting. The second iteration of the malware also introduced unseen capabilities, such as the abuse of accessibility services for overlay attacks, auto-granting of SMS permissions, prevention of uninstallation and data exfiltration methods using GitHub repositories. The research also underscores vendor-specific attacks on Xiaomi and Samsung devices and a potential interest in targeting iOS devices. Yaswant and Pratapagiri emphasized the importance of runtime visibility and protection for mobile applications. "It is evident that modern malware is becoming more sophisticated, and targets are expanding, so runtime visibility and protection are crucial for mobile applications," the researchers explained. The Zimperium research article concludes with an invitation to explore Indicators of Compromise on their GitHub repository, providing a comprehensive list for security practitioners to bolster defenses against this evolving threat.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Undetected Android Trojan Expands Attack on Iranian Banks

Undetected Android Trojan Expands Attack on Iranian Banks - Security researchers have uncovered the continuation and expansion of an Android mobile banking Trojan campaign targeting major Iranian banks. Initially discovered in July 2023, the campaign has not only persisted but has also evolved with enhanced ...
2 years ago Infosecurity-magazine.com
How Banks Can Adapt to the Rising Threat of Financial Crime - To combat this, banks need to implement advanced AI-driven fraud monitoring and detection tools, enhance identity verification processes, and stay vigilant with continuous monitoring and staff training to recognize anomalies. While most banks ...
1 year ago Darkreading.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
2 years ago Therecord.media
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
2 years ago Blog.checkpoint.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
1 year ago Securelist.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
2 years ago Bleepingcomputer.com APT3 APT33
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
8 months ago Cybersecuritynews.com
Over 100 European Banks Face Cyber Resilience Test - Over 100 European banks will be tested on their cyber-attack response and recovery capabilities this year, the European Central Bank has announced. The EU's central bank will conduct its first ever cyber resilience stress test on 109 directly ...
2 years ago Infosecurity-magazine.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
3 years ago Trendmicro.com
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
2 years ago Securityweek.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
1 year ago Techtarget.com
Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
2 years ago Cysecurity.news
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
2 years ago Cysecurity.news
Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
2 years ago Securityweek.com
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
7 months ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33
Trojan-Proxy Threat Expands Across macOS, Android and Windows - Security researchers have identified a new threat involving cracked applications distributed by unauthorized websites, concealing a Trojan-Proxy designed to compromise victims' devices. Cybercriminals have been taking advantage of users seeking free ...
2 years ago Infosecurity-magazine.com
Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
3 years ago Heimdalsecurity.com Cozy Bear
Microsoft Identifies Iranian GovernmentBacked Group as Responsible for Charlie Hebdo Cyber Attack - In January 2023, the U.S. government sanctioned an Iranian nation-state group for the hack of the French satirical magazine Charlie Hebdo. Microsoft, which revealed the details of the incident, is tracking the activity cluster under the name ...
3 years ago Thehackernews.com
Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics - The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound), represents a marked evolution in Iranian cyber warfare tactics, moving beyond traditional surveillance operations to more sophisticated, high-trust social ...
7 months ago Cybersecuritynews.com Magic Hound APT3
Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges - Malware is being targeted at Mac users who receive pirated versions of popular apps from warez websites after they choose to download them from those websites. Various reports state that cybercriminals are infecting macOS devices with proxy trojans ...
2 years ago Cysecurity.news
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors - A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been ...
2 years ago Thehackernews.com
Cleafy improves banking security with real-time AI capabilities - In the ever-evolving landscape of banking and financial security, new malware variants poses a significant and imminent challenge. Traditionally, both the identification and classification of these threats only occurred post-attack, leaving banks and ...
2 years ago Helpnetsecurity.com
Web injections are back on the rise: 40+ banks affected by new malware campaign - These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware ...
2 years ago Securityintelligence.com
First Ever iOS Trojan Steals Facial Recognition Data - A novel, very sophisticated mobile Trojan dubbed GoldPickaxe. iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents. The Asia-Pacific region includes the majority of ...
2 years ago Gbhackers.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
3 years ago Thehackernews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)