Monday, May 18, 2020

Researchers at the Romanian cybersecurity firm Bitdefender have revealed that they have found malware that has been spying on and stealing from Android users since 2016.

Researchers at the Romanian cybersecurity firm Bitdefender have revealed that they have found malware that has been spying on and stealing from Android users since 2016. Bitdefender, which describes itself as a global leader in cybersecurity, said that the malware, known as Mandrake, had remained undetected due to its precise targeting of users.
The hackers hid the malware in applications in the Google Play Store, such as OfficeScanner, Abfix, Currency XE Converter, SnapTune Vid, CoinCast, Horoskope, and Car News. The cybercriminals worked meticulously, as not only did they set up websites and accounts on social media for these apps, but they also responded to users’ feedback and fixed glitches in them.
The hackers used a three-stage process to infect devices.
After Core was downloaded to the device the hackers were given unlimited power, allowing them to extract SMS messages, send SMS messages to certain numbers, steal contact list information and financial credentials, install/uninstall apps, and conduct phishing attacks for shopping and financial applications, including cryptocurrency wallets, Amazon, and Paypal.
After stealing a target’s data, or if the victim didn’t have anything of value, the hackers would launch a command called “seppuku” (a Japanese form of suicide) that initiated a reset to factory settings, which would delete the malware itself.
The researchers at Bitdefender say there were two waves of infection: one between 2016 and 2017 and the other between 2018 and 2020. "We presume that the number of victims is in the count of tens of thousands, but we don’t know how many for sure", said Bogdan Botezatu, director of threat research and reporting at Bitdefender, told The Register.
For some reason, the hackers targeted people from developed countries – Australia, Canada, European Union members, and the United States, but ignored people from low-income countries like the former Soviet republics, countries in Africa, and some Arab-speaking nations. In all, the cybercriminals "spared" users from 90 countries. Bitdefender didn’t say where hackers come from.
The firm noted that the malware is still present and has the potential to expand its radius.

No comments:

Post a Comment

Atleast 9 people were killed, others kidnapped, and houses burned during a new ADF attack on Friday, November 15, in Mabisio, a village in the Bapere sector in the Lubero territory (North Kivu).

  According to military Intelligence sources, the attackers targeted this village, where the army is not deployed, before attacking civilian...