Lmst

🚨 ALERT: Banking Apps Under Attack: Credentials Hijacked via Telegram
⚠️ A #malware dropper delivers a stealer disguised as the IndusInd Bank app. It embeds a phishing website inside the Android app to steal victims’ financial data, posing a threat to mobile banking users and financial institutions.

🔍 Analysis: https://app.any.run/tasks/fe800ccb-fccc-42a6-a11d-a3d2b6e89edf/?utm_source=mastodon&utm_medium=post&utm_campaign=android_banking_app&utm_term=200325&utm_content=linktoservice

The malware tricks users into entering their sensitive information (registered mobile number, Aadhaar number, PAN card, net banking user ID, etc.) through a fake banking interface embedded in the app.

📥 Once submitted, the stolen data is sent to both the #phishing site and a C2 server controlled via Telegram.

The AndroidManifest.xml shows that the dropper APK has permissions to install applications. The #dropper contains base.apk, the malicious #payload, and is responsible for dropping and executing it.

👨‍💻 Our new #Android sandbox allows #SOC teams reveal base.apk behavior: communication via Telegram, starting from another location, monitoring incoming messages, and more. Fast access to threat details enables deep analysis and proactive response, mitigating potential damage.

The APK is obfuscated, with all strings #XOR-encrypted with the ‘npmanager’ key. The CyberChef recipe below reveals the script that sends intercepted data to Telegram: https://gchq.github.io/CyberChef/#recipe=From_Hex%28%27Auto%27%29XOR%28%7B%27option%27%3A%27UTF8%27%2C%27string%27%3A%27npmanager%27%7D%2C%27Standard%27%2Cfalse%29%26oeol%3DNEL

#IOCs:
#Phish URL: hxxps://t15[.]muletipushpa[.]cloud/page/
C2 Server (Telegram Bot): hxxps://api[.]telegram[.]org/bot7931012454:AAGdsBp3w5fSE9PxdrwNUopr3SU86mFQieE

More IOCs and insights will be shared in our blog post. Let us know if you're interested! 💬

🚀 Expose Android threats in seconds with real-time APK analysis in #ANYRUN Sandbox: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=android_banking_app&utm_term=200325&utm_content=linktoregistration#register/

#Cybersecurity #infosec

💡 Malware: cosa sono, quali e come difendersi
Panoramica completa sul mondo oscuro dei malware, le diverse famiglie di questi software malevoli che rappresentano una costante minaccia per la sicurezza dei dispositivi e dei dati.

https://gomoot.com/malware-cosa-sono-quanti-sono-e-come-difendersi/

#Adware #Backdoor #Dropper #malware #ransomware #spyware #tech #tecnologia #Trojan #virus #hacker #dialer

The material impact [of #operationendgame] to attackers is that they’ve just had it laid out to them, very clearly, that there’s a capable, resourced, and persistent threat in play on the defender side.

https://www.cpomagazine.com/cyber-security/international-law-enforcement-operation-cracks-down-on-some-of-the-biggest-dropper-malware-and-botnets/

#dropper #malware #disruptops #takedown

Law enforcement operation takes aim at an often-overlooked cybercrime linchpin
https://arstechnica.com/security/2024/05/over-100-malware-dropper-servers-crushed-in-largest-ever-botnet-takedown/ #malware #dropper #ransomware #spyware

Largest ever operation against botnets hits dropper malware ecosystem

Congratulations to Europol and partners for concluding an
International operation that disrupted botnets responsible for distributing IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee botnets.

https://www.europol.europa.eu/media-press/newsroom/news/largest-ever-operation-against-botnets-hits-dropper-malware-ecosystem

Now it's up to the courts to impose serious sentences on the perpetrators.

#botnets #dropper #malware #cybercrime

“Le #dropper (#Brunhilda) déploie une version mise à jour du malware bancaire #Vultur via 3 charges utiles” : nouvelle variation du #trojan bancaire Vultur sous Android !

https://blog.sosordi.net/2024/04/le-dropper-brunhilda-deploie-une-version-mise-a-jour-du-malware-bancaire-vultur-via-3-charges-utiles-nouvelle-variation-du-trojan-bancaire-vultur-sous-android.html

#securite #data #vieprivee #Android

Word Search Puzzle 279

Word List : #leaching #viridite #relieved #weftage #flouting #roughish #hilsa #latona #operary #palolos #pitau #berend #jackie #rompy #villakin #grinner #plied #dropper

http://karafinance.com/2024/02/27/word-search-puzzle-279/

Qué es #Dropper… https://www.elgrupoinformatico.com/seguridad/dropper-informatica/

@Li You know, this reminds me of a certain post I read a little while ago about persistent adware.

https://web.archive.org/web/20100101101111/http://philosecurity.org/2009/01/12/interview-with-an-adware-author
#Scheme #Adware #Dropper #SelfModifyingCode

[Paper of the day][#7] How to bypass #Machine #Learning (ML)-based #malware detectors with adversarial ML. We show how we bypassed all malware detectors in the #MLSEC competition by embedding malware samples into a benign-looking #dropper. We show how this strategy also bypass real #AVs detection.

Academic paper: https://dl.acm.org/doi/10.1145/3375894.3375898
Archived version: https://secret.inf.ufpr.br/papers/roots_shallow.pdf
Dropper source code: https://github.com/marcusbotacin/Dropper

Researchers Sound Alarm on Dangerous #BatLoader #Malware #Dropper https://www.darkreading.com/attacks-breaches/researchers-alarm-batloader-malware-dropper

dropper - memoirs of working in a bowling alley
https://open.spotify.com/track/4vn8aU4NZaGMZzXZW2koA8

New track on our Spotify playlist:
https://open.spotify.com/playlist/2VcOkY7S1DsoTjPNm7yXEn?si=Cl0DDLywTfG-cErQSZ9fVg

#dropper #usa #spotify #np

dropper - don't worry
https://open.spotify.com/track/7xV0FHKm2O5fJPHrGrY2NP

New track on our Spotify playlist:
https://open.spotify.com/playlist/2VcOkY7S1DsoTjPNm7yXEn?si=Cl0DDLywTfG-cErQSZ9fVg

#dropper #usa #spotify #np

LED Hack Teaches DJI Mini 2 Drone New Tricks

Despite its diminutive proportions, the thrust to weight ratio of the DJI Mini 2 is high enough that it can carry a considerable amount of baggage. So it's no surprise that there's a cottage industry of remotely controlled payload releases that can be bolted onto the bottom of this popular quadcopter. But [tterev3] wanted something that would integrate better with DJI's software instead of relying on a separate transmitter.

As explained in the video below, his solution was to tap into the signals that control the RGB LED on the front of the drone. Since the user can change the color of the LED at any time with the official DJI smartphone application, decoding this signal to determine which color had been selected is like adding several new channels to the transmitter. In this case [tterev3] just needed to decode a single color to use as a "drop" signal, but it's not hard to imagine how this concept could be expanded to trigger several different actions with a few more lines of code.

Examining the LED control signal.

[tterev3] wrote some software to decode the 48 bits of data being sent to the LED with a PIC18F26K40 microcontroller, which in turn uses an L9110H H-Bridge to control a tiny gear motor. To get feedback, he's using a small magnet glued to the release arm and a Hall-effect sensor.

Concerned about how much power he could realistically pull from a connection that was intended for an LED, he gave the release its own battery that is slowly charged while the drone is running. You could argue that since the motor only needs to fire up once to drop the payload, [tterev3] probably could have gotten away with not recharging it at all during the flight. But as with the ability to decode additional color signals, the techniques being demonstrated here hold a lot of promise for future development.

Folks have been strapping additional hardware to commercial quadcopters for years, but modifications like this one that actually let the craft release its payload and fly away hold particular promise for environmental monitoring and building mesh communication networks.

#dronehacks #ledhacks #dji #drone #dropper #hbridge #payload #pic18f26k40 #quadcopter #release