Ashokkumar Gnanasekar’s Post

"According to Resecurity, a cybercriminal group is selling a sophisticated phishing kit called “V3B” on Telegram. A group member, using the alias “Vssrtje,” launched operations in March 2023, and the kit is priced between $130-$450 per month. It has already attracted over 1,255 skilled cybercriminals specializing in fraud, including social engineering, SIM swapping schemes, and banking and credit card fraud. V3B supports targeted attacks on over 54 EU (European Union) financial institutions." Training employees how to spot phishing attacks like this should be an important part of your security strategy. Arming them with tools that clearly show them what is malicious, suspicious or safe, so that they can easily avoid phishing attacks, is CRITICAL. It's time for change! It's time for PhishCloud Inc. PhishCloud arms employees with the tools they need to clearly spot and avoid #phishingattacks, across all digital platforms – not just email – letting them Click With Confidence. PhishCloud gives your security team the real-time visibility and control they need to see and block #phishing attacks your employees see. And with real-time metrics, you no longer need to rely on simulations and reporting to understand your phishing risk. And PhishCloud delivers reality-based training that imparts real knowledge, not just awareness. Sound too good to be true? Give us 15 minutes to show you the power of PhishCloud Inc.. #technology #innovation #informationsecurity #phishingattackprevention https://lnkd.in/eRa5M3eN

"According to Resecurity, a cybercriminal group is selling a sophisticated phishing kit called “V3B” on Telegram. A group member, using the alias “Vssrtje,” launched operations in March 2023, and the kit is priced between $130-$450 per month. It has already attracted over 1,255 skilled cybercriminals specializing in fraud, including social engineering, SIM swapping schemes, and banking and credit card fraud. V3B supports targeted attacks on over 54 EU (European Union) financial institutions." Training employees how to spot phishing attacks like this should be an important part of your security strategy. Arming them with tools that clearly show them what is malicious, suspicious or safe, so that they can easily avoid phishing attacks, is CRITICAL. It's time for change! It's time for PhishCloud Inc. PhishCloud arms employees with the tools they need to clearly spot and avoid #phishingattacks, across all digital platforms – not just email – letting them Click With Confidence. PhishCloud gives your security team the real-time visibility and control they need to see and block #phishing attacks your employees see. And with real-time metrics, you no longer need to rely on simulations and reporting to understand your phishing risk. And PhishCloud delivers reality-based training that imparts real knowledge, not just awareness. Sound too good to be true? Give us 15 minutes to show you the power of PhishCloud Inc.. #technology #innovation #informationsecurity #phishingattackprevention https://lnkd.in/eRa5M3eN

"According to Resecurity, a cybercriminal group is selling a sophisticated phishing kit called “V3B” on Telegram. A group member, using the alias “Vssrtje,” launched operations in March 2023, and the kit is priced between $130-$450 per month. It has already attracted over 1,255 skilled cybercriminals specializing in fraud, including social engineering, SIM swapping schemes, and banking and credit card fraud. V3B supports targeted attacks on over 54 EU (European Union) financial institutions." Training employees how to spot phishing attacks like this should be an important part of your security strategy. Arming them with tools that clearly show them what is malicious, suspicious or safe, so that they can easily avoid phishing attacks, is CRITICAL. It's time for change! It's time for PhishCloud Inc. PhishCloud arms employees with the tools they need to clearly spot and avoid #phishingattacks, across all digital platforms – not just email – letting them Click With Confidence. PhishCloud gives your security team the real-time visibility and control they need to see and block #phishing attacks your employees see. And with real-time metrics, you no longer need to rely on simulations and reporting to understand your phishing risk. And PhishCloud delivers reality-based training that imparts real knowledge, not just awareness. Sound too good to be true? Give us 15 minutes to show you the power of PhishCloud Inc.. #technology #innovation #informationsecurity #phishingattackprevention https://lnkd.in/efHdT5kB

New Android Banking Trojan: Rocinante As the CEO and Founder of PAK Cyber Squad, I'm sharing critical insights into a newly discovered Android banking trojan known as Rocinante. This sophisticated malware is disguised as either a security tool or a banking application, making it particularly deceptive. Rocinante Overview: Once installed and granted Accessibility Services permissions, Rocinante displays a fake screen with several options. Selecting any of these options leads to a phishing page, which mimics various banks to steal personally identifiable information (PII). These phishing pages are designed to capture sensitive data such as usernames, phone numbers, passwords, and other login credentials. In addition to phishing, Rocinante employs keylogging to monitor and record user actions and data entries on the infected device. The malware also facilitates remote control of the device through Accessibility Service privileges, allowing attackers to simulate touches, gestures, and modify text fields. This enables them to navigate the device’s interface and execute fraudulent transactions. Current Exploit Targeting Brazilian Android Users: Brazilian mobile users are currently under attack by this malware campaign. Rocinante targets users by exploiting the Accessibility Service for keylogging and stealing PII through fake banking screens. With the information obtained, the malware can completely take over the device, leveraging its privileges to gain full remote access. Source code analysis reveals that Rocinante is internally referred to as Pegasus (or PegasusSpy), though it is not related to the commercial surveillance tool developed by NSO Group. This case represents a novel instance where an original malware family has integrated code from a leaked project into their own. Attack Mechanism: The attack begins with malicious URLs leading to an archive containing an obfuscated .hta file. This file triggers a JavaScript payload that performs extensive AntiVM and AntiAV checks before downloading a final AutoIT payload. This payload, loaded via process injection, aims to steal banking credentials and other sensitive information from the victim's system and exfiltrate it to a command-and-control (C2) server. Stay vigilant and ensure your devices are protected against such threats. If you require assistance with cybersecurity measures or have any concerns, feel free to reach out to PAK Cyber Squad.

𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗰𝗼𝗺𝗽𝗮𝗻𝘆 𝗘𝗦𝗘𝗧 𝘄𝗮𝗿𝗻𝘀 𝗼𝗳 𝗮 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗺𝗲𝘁𝗵𝗼𝗱 𝗮𝗶𝗺𝗲𝗱 𝗮𝘁 𝗶𝗢𝗦 𝗮𝗻𝗱 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝘂𝘀𝗲𝗿𝘀. 𝗧𝗵𝗶𝘀 𝘁𝗮𝗰𝘁𝗶𝗰 𝘂𝘀𝗲𝘀 𝘄𝗲𝗯 𝗮𝗽𝗽𝘀 𝘁𝗵𝗮𝘁 𝗺𝗶𝗺𝗶𝗰 𝗿𝗲𝗮𝗹 𝗯𝗮𝗻𝗸𝗶𝗻𝗴 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝘁𝗼 𝗯𝘆𝗽𝗮𝘀𝘀 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗺𝗲𝗮𝘀𝘂𝗿𝗲𝘀 𝗮𝗻𝗱 𝘀𝘁𝗲𝗮𝗹 𝗹𝗼𝗴𝗶𝗻 𝗱𝗲𝘁𝗮𝗶𝗹𝘀. On both iOS and Android platforms, ESET warns that cybercriminals used Progressive Web Applications (PWA), which are websites bundled to look like stand-alone applications, while on Android they also used WebAPKs, which appear to be installed from Google Play. Built using web application technologies, PWAs can run on various platforms and device types, and do not require the user to allow third-party app installation. As part of the observed attacks, iOS users were instructed to add the PWA to home screens, while Android users had to confirm certain custom pop-ups in the browser before the application was installed. WebAPKs, which can be considered upgraded PWAs, appear like regular native apps and their installation does not trigger any warnings on Android devices, even if the user has not allowed installation from third-party sources. Further, the apps’ information tabs would claim the apps were downloaded from Google Play. The threat actors behind the phishing campaigns combined automated voice calls, social media malvertising, and SMS messages to distribute links to the third-party websites hosting the fraudulent applications. Opening the phishing link a page imitating the official Google Play/Apple Store page or the official website of the targeted banking application. The user was then prompted to install a new version of the banking application, leading to the installation of the malicious program without any security warning being displayed on the device. Once the phishing PWA or WebAPK has been installed, its icon would be added to the user’s home screen and opening it would lead directly to a phishing login page. “After installation, victims are prompted to submit their internet banking credentials to access their account via the new mobile banking app. All submitted information is sent to the attackers’ C&C servers,” ESET said in a note documenting the discovery. According to ESET, the phishing attacks likely started around November 2023, with the command-and-control (C&C) servers collecting the information becoming operational in March 2024. In some cases, a Telegram bot was used to collect the users’ information. The attacks were mainly focused on mobile banking users in the Czech Republic, but attacks targeting users in Hungary and Georgia were also observed. Based on the discovered C&C infrastructure, ESET believes two different threat actors have used the new tactic in phishing attacks. Additionally, the cybersecurity firm warns that attackers may add more copycat applications, which are hard to distinguish from legitimate ones

Key findings Phishing: -Financial phishing accounted for 27.32% of all phishing attacks on corporate users and 30.68% of phishing attacks on home users. -Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts. -PayPal phishing accounted for 54.78% of pages targeting electronic payment system users. -Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million detections compared to 5.04 million in 2022. PC malware: -The number of users affected by financial malware for PCs dropped by 11% from 2022. -Ramnit and Zbot were the prevalent malware families, together targeting over 50% of affected users. -Consumers remained the primary target of financial cyberthreats, accounting for 61.2% of attacks. Mobile malware: -The number of Android users attacked by banking malware increased by 32% compared to the previous year. -Agent was the most active mobile malware family, making up 38% of all Android attacks. -Users in Turkey were the most targeted, with 2.98% encountering mobile banking malware. https://lnkd.in/drqv7eJN

I.T. SECURITY ALERT - QUISHING – What you need to know. Quishing, or QR phishing, is a type of cybersecurity threat in which attackers create QR codes to redirect victims into visiting or downloading malicious content. What is quishing? Quishing, or QR phishing, is a cybersecurity threat where attackers exploit QR codes to direct victims to malicious websites or prompt them to download harmful content. The objective of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), which can then be used for identity theft, financial fraud, or ransomware attacks. This form of phishing often evades traditional defenses like secure email gateways. QR codes in emails are often seen as harmless images by these security systems, leaving users vulnerable to phishing attacks. Additionally, QR codes can be delivered to targets through various other means. How does quishing work? In a quishing attack, attackers generate a QR code that links to a malicious website. They typically embed this QR code in phishing emails, social media posts, printed flyers, or on physical objects, using social engineering tactics to lure victims. For instance, an email might prompt recipients to scan a QR code to access an encrypted voice message for a chance to win a cash prize. When victims scan the QR code with their phones, they are redirected to the malicious site, which may ask them to enter private information such as login credentials, financial details, or personal data. In the example, the site might request the user’s name, email address, physical address, date of birth, or account login information. Once attackers obtain this sensitive information, they can use it for various malicious activities, including identity theft, financial fraud, or ransomware attacks. How can end-users prevent quishing? Ensure you verify the URL linked to the QR code and avoid submitting personal information, making payments, or downloading anything from a site accessed via a QR code. By following these precautions, individuals can lower the risk of becoming victims of quishing attacks. Train End Users | Backup Data | Be Cautious | Check the URL | Do not enter login credentials | Raise awareness within your team | Be Alert

Day 30/31 How is phishing harmful to individuals and organization? Phishing, a deceptive tactic used by cybercriminals, poses significant risks to both individuals and organizations. 🟩For Individuals: Financial Loss: Phishers trick victims into revealing sensitive financial information like bank account details, credit card numbers, and online banking passwords. This leads to unauthorized access and potential financial ruin. Identity Theft: Stolen personal information can be used to establish new accounts, take out loans, or commit other fraudulent activities in the victim's name, damaging their credit reputation. Emotional Distress: Falling victim to a phishing attack can cause significant emotional distress, including anxiety, frustration, and fear of further harm. 🟩For Organizations: Data Breaches: Phishing attacks can compromise sensitive company data, including customer information, intellectual property, and financial records, leading to severe reputational damage and potential legal liabilities. Financial Loss: Financial losses can arise from unauthorized transactions, recovery costs, and potential fines and penalties from regulatory bodies. Operational Disruption: Phishing attacks can disrupt business operations, leading to productivity loss, system downtime, and damage to critical infrastructure. Loss of Customer Trust: Data breaches caused by phishing attacks erode customer trust, leading to decreased customer loyalty and potential loss of business. 🟩Protection Measures: Awareness: Educate yourself and your employees about phishing tactics and how to identify suspicious emails and websites. Strong Passwords: Use unique, complex passwords for different accounts and enable multi-factor authentication. Software Updates: Keep your operating systems, antivirus software, and web browsers up-to-date with the latest security patches. Critical Thinking: Be cautious of unsolicited emails, unexpected requests, and urgent messages, especially those that trigger emotions or fear. Reporting: Report any suspected phishing attempts to your IT department or relevant authorities. Dr Iretioluwa Akerele Cybarik #cybersecurityawarenessmonth #october

Protect Yourself from SIM Cloning Fraud: A Guide to Cybersecurity Awareness (Reading Time 3 Mins) In the modern world of digital connectivity, mobile communication's convenience also brings certain risks. Among these is SIM cloning fraud, a complex type of cybercrime where criminals replicate your SIM card to unlawfully access your phone number and private information. It's vital to comprehend the workings of SIM cloning and to take preemptive steps to protect oneself in an era where cyber threats are on the rise. What is SIM Cloning Fraud? SIM cloning involves copying the unique identifier of a legitimate SIM card and programming it onto a blank SIM card. This allows fraudsters to impersonate the original user, gaining access to their phone number, call logs, messages, and even sensitive account information tied to that number. How Does SIM Cloning Happen? 1.Obtaining SIM Card Information- Fraudsters can acquire your SIM card information through various means, including social engineering, phishing attacks, or by exploiting vulnerabilities in the mobile network. 2.Cloning the SIM Card- Once they have the necessary information, they use specialized hardware or software to clone the SIM card onto a blank one, replicating your phone number and identity. 3.Unauthorized Access- With the cloned SIM card, fraudsters can intercept calls, texts, and even authenticate themselves for financial transactions, putting your personal and financial security at risk. How to Avoid SIM Cloning Fraud: 1.Enable SIM Card Lock - Most smartphones offer the option to set a PIN code for your SIM card. Enable this feature to prevent unauthorized access to your SIM card, as it will prompt for a PIN whenever the phone is restarted, or the SIM is removed. 2.Beware of Phishing Attacks- Be cautious of unsolicited calls, emails, or messages asking for personal or financial information. Fraudsters often use phishing tactics to trick you into divulging sensitive data that can be used for SIM cloning. 3.Regularly Monitor Your Accounts-Keep a close eye on your bank statements, mobile bills, and credit reports for any suspicious activity. Report any unauthorized transactions or discrepancies immediately to your service provider and financial institutions. 4.Use Two-Factor Authentication (2FA)-Whenever possible, enable 2FA for your online accounts, preferably using methods other than SMS, such as authenticator apps or hardware tokens. This adds an extra layer of security beyond just your phone number. 5.Secure Your Device- Keep your smartphone's operating system and apps up to date with the latest security patches. Install reputable antivirus software and avoid downloading apps from untrusted sources to minimize the risk of malware that could compromise your device's security. 6.Educating others about the risks and preventive measures can help create a safer digital environment for everyone. #Cybersecurity #mj #CISO #Infocomm #Infosec

TrickMo malware steals Android PINs using fake lock screen Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. This is being reported by Zimperium, following an earlier report by Cleafy that looked into some, but not all variants currently in circulation. TrickMo was first documented by IBM X-Force in 2020, but it is thought to have been used in attacks against Android users since at least September 2019. Fake lock screen steals Android PINs Key features of the new TrickMo version include one-time password (OTP) interception, screen recording, data exfiltration, remote control, and more. The malware attempts to abuse the powerful Accessibility Service permission to grant itself additional permissions and tap on prompts automatically as needed. As a banking trojan, it serves users overlays of phishing login screens to various banks and financial institutes to steal their account credentials and enable the attackers to perform unauthorized transactions. Banking overlays used in attacks Source: Zimperium Zimperium analysts dissecting these new variants also report a new deceptive unlock screen mimicking the real Android unlock prompt, designed to steal the user's unlock pattern or PIN. "The deceptive User Interface is an HTML page hosted on an external website and is displayed in full-screen mode on the device, making it look like a legitimate screen," explains Zimperium. "When the user enters their unlock pattern or PIN, the page transmits the captured PIN or pattern details, along with a unique device identifier (the Android ID) to a PHP script." Fake Android lock screen shown by TrickMo Source: Zimperium Stealing the PIN allows the attackers to unlock the device when it's not actively monitored, possibly in late hours, to perform on-device fraud. Exposed victims Due to improperly secured C2 infrastructure, Zimperium was also able to determine that at least 13,000 victims, most located in Canada and significant numbers also found in the United Arab Emirates, Turkey, and Germany, are impacted by this malware. However, TrickMo's targeting scope appears broad enough to encompass app types (and accounts) beyond banking, including VPN, streaming platforms, e-commerce platforms, trading, social media, recruitment, and enterprise platforms. TrickMo is currently spreading through phishing, so to minimize the likelihood of infection, avoid downloading APKs from URLs sent via SMS or direct messages by people you don't know. Google Play Protect identifies and blocks known variants of TrickMo, so ensuring it's active on the device is crucial in defending against the malware. https://lnkd.in/eDJcaMa3