There is a new version of malware that targets Android devices. MasterFred is a new malware that uses well created fake login overlays to steal login and credit card details for Netflix and Twitter users.
A example of the code was submitted by VirusTotal to the company in June this year, when the malware was first discovered floating around.
Alberto Segura, an independent analyst, shared another sample online last week with the observation that the malware was used against Android users in the middle east.
Avast Threat Labs inspected the sample and found that the APIs provided by Android Accessibility Service could be used to display the malicious information.
Avast Threat Lab has this to say about its research:
"By using the Application Accessibility Toolkit, which is installed by default on Android, the attacker can use the app to execute the Overlay attack to trick a user into entering credit card information to create fake accounts on Netflix and Twitter."
Although it's not revolutionary or new, MasterFred is an innovative piece of code that relies on elements found in the target device to accomplish its purpose. MasterFred does have other innovative ways, however. It uses Onion.ws, a dark-web gateway, to transmit the credit card and login information it has stolen to its command and control server.
It was briefly found embedded in an app on the Google Play Store by MasterFred. Although the app was removed, it is possible that hackers were still distributing their malware to third-party app vendor websites.
Be vigilant. MasterFred is not the only threat this year. Your company and employees are at risk daily to malware and ransomware. Contact Integrated Technology Systems to see how we can help.
Gmail accounts are the most common target of bait phishing attacks
Barracuda has published a new report. It was revealed that G-mail accounts were responsible for the majority of baiting emails this year.
The firm surveyed more than 10,000 organizations and found that 35% received at least one email with bait attacks in September 2021.
This is a troubling situation, but it might be useful to take a step back. A sub-class of phishing is called "Bait Attack", and hackers and scammers try to gather basic information about an individual or organization. The hackers then use this information to launch a targeted attack in the future.
It's a simple attack that if successful will lead to more complicated attacks in the future. This would make it more likely that the attack will succeed, given its earlier success.
Important is the fact that these emails do not contain links to the outside world. There are no attachments in these emails so they don't raise any red flags. Because they are not harmful, these messages can pass through all security systems. Sometimes they aren't even containing any text at all.
This is a way to get a response. If there is text, it will likely to be clear and concise. Perhaps it could be as simple as "Please confirm this is your email address."
The sender will learn important information if the recipient replies. This information includes the fact that the email address is active and correct, that the recipient is likely to open unsolicited email from unknown senders and that the spam filter at the company didn't block the email sent. This information is a treasure trove for hackers.
It all comes down to their legitimacy as to why they prefer Gmail to other email providers. Google is a well-known name. Hackers can take advantage of Google's respectability and use a Gmail account to fly under the radar.
This information is not specific and should be used to warn your employees against responding to unwelcomed emails.
