Bringing cybersecurity globally to critical and complex key activities
A new banking malware, known as ToxicPanda, has infected more than 1,500 Android devices to make fraudulent money transfers without users noticing. This malware allows cybercriminals to take control of compromised bank accounts through a technique called on-device fraud (ODF), bypassing banks’ identity verification and authentication measures. Most of the infections have been reported in Italy, followed by Portugal, Hong Kong, Spain and Peru, which is considered an unusual case as a Chinese-speaking threat actor is targeting users in Europe and Latin America. ToxicPanda, a simplified version of the TgToxic malware, uses Android accessibility services to obtain advanced permissions, intercept one-time passwords (OTP) and bypass two-factor authentication. In addition, it masquerades as popular apps such as Google Chrome and Visa, distributing itself through fake pages that mimic official app stores.
Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific websites Command execution Manipulating windows Guiding the victim’s browser to a certain URL C2 Domain Generation via DGA (Domain Generation Algorithm) Imitating mouse and keyboard movements The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. The threat actors behind this campaign impersonate Mexican Government Officials, the malware uses multiple anti-analysis techniques along with implementation of Captcha for evading Sandboxes. Read more about it : here
Threat intelligence firm Recorded Future has identified several government entities in Latin America (LATAM) that have been affected by ransomware attacks, likely involving Russian or Russian-speaking hackers, beginning on or around April this year. “If unaddressed, ransomware attacks on local, provincial, or federal government entities in LATAM could constitute a credible national and geopolitical security risk,” Recorded Future said in a post this week. The firm observed at least four high-credibility ransomware gangs targeting LATAM government entities, including Conti, ALPHV, LockBit 2.0, and BlackByte. These incidents constitute a significant escalation in ransomware targeting. ]ec), Recorded Future said. Read more about it: here
The Fast Shop chain would have been the victim of a cybercriminal attack on Wednesday night (22). The blow would have hit internal infrastructure and technology systems, as well as the company's user data and corporate information; even sales platforms would have been impacted, with the company announcing the closure of stores and the suspension of e-commerce orders until early next week. Read more about it: here