Connect with us

Published

on

Tambir is a spyware app first discovered in October 2023 and uses social engineering tactics to target Android users. Disguised as an ad-free version of an IPTV app, Tambir is able to collect sensitive information from the victim’s device, including SMS messages, contacts, and a list of installed applications.

Moreover, Tambir is equipped with capabilities such as keystroke logger, initiating Virtual Network Computing (VNC) sessions and sending random SMS messages, giving cybercriminals remote access to the infected device.

tambir

tambir Although it is distributed under the guise of an IPTV application, it does not contain any legal functionality related to the platform it imitates. The application gains remote access to the infected device by convincing its owner to grant accessibility permissions. If the application’s accessibility service is enabled, all necessary permissions are obtained automatically. After obtaining all the necessary permissions and enabling the accessibility service, the malware changes the app icon to the YouTube icon so that it does not look suspicious.

The software receives encrypted Command and Control (C2) server addresses from legitimate platforms such as Telegram, ICQ chat invites, and Twitter profile bios by communicating over the WebSocket protocol. Tambir supports more than 30 commands received from the command and control server. Similarities in its target location and use of Telegram for C2 communication are similar to the GodFather malware, which is among the top three mobile malware in the region.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

RedLine Catches Stealer Infamous 1 With Magnus

Following the seizure of RedLine Stealer by international authorities, security researchers published their research into the stealer’s undocumented backend modules, which aided law enforcement in the takeover effort.

Published

on

RedLine Catches Stealer Infamous 1 With Magnus

Following the seizure of RedLine Stealer by international authorities, security researchers published their research into the stealer’s undocumented backend modules, which aided law enforcement in the takeover effort.

Security researchers, in collaboration with law enforcement, collected numerous modules used to run the infrastructure behind RedLine Stealer in 2023. The Dutch National police, together with the FBI, Eurojust and several other law enforcement agencies, dismantled the infamous RedLine Stealer operation and its clone called META Stealer on October 24, 2024.

This global effort, called Operation Magnus, resulted in the removal of three servers in the Netherlands, the seizure of two domain names, the detention of two people in Belgium, and the unsealing of charges against one of the alleged perpetrators in the United States.

 RedLine Stealer

Security researchers participated in a partial takedown of the RedLine malware in April 2023, enabling the removal of several GitHub repositories used as dead-drop analyzers for the malware’s control panel. At that time, previously undocumented backend modules of this malware family were investigated in collaboration with other researchers at Flare. These modules do not directly interact with the malware, but instead handle authentication and provide functionality for the control panel.

More than 1,000 unique IP addresses used to host RedLine control panels were identified. While there is some overlap, this puts the number of subscribers to RedLine MaaS at around 1,000. The 2023 versions of RedLine Stealer, reviewed in detail, use the Windows Communications Framework for communication between components, while the latest version in 2024 uses a REST API.

 RedLine Stealer

“Based on our analysis of source code and backend samples, we determined that RedLine Stealer and META Stealer share the same creator.” he said.

These unique IP addresses were used to host RedLine panels. Of these hosted panels, Russia, Germany, and the Netherlands each represent about 20 percent of the total, while Finland and the United States each represent about 10 percent. It was also able to detect multiple different backend servers. In terms of their geographical distribution, the servers are mostly located in Russia (about a third), while the UK, the Netherlands, and the Czech Republic each represent about 15 percent of the servers we detected.

First discovery in 2020

RedLine Stealer is an information-stealing malware first discovered in 2020, and rather than being operated centrally, it operates on a MaaS model where anyone can purchase a turnkey information-stealing solution from various online forums and Telegram channels.

Customers, whom we call affiliates, can receive monthly subscriptions or lifetime licenses; For their money, they get a control panel that generates malware samples and acts as a C&C server for them.

The examples created are local cryptocurrency wallets; cookies, saved ID information and saved credit card information from browsers; It can collect a wide variety of information, including saved data from Steam, Discord, Telegram, and various desktop VPN applications. Using an off-the-shelf solution makes it easier for affiliates to integrate RedLine Stealer into larger campaigns. Some notable examples include ChatGPT free download in 2023 and what appear to be video game cheats in the first half of 2024.

Magnus Before Operation RedLine was among the most common data-stealing malware, with a large number of affiliates using its control panel. But the malware-as-a-service initiative appears to be led by a small number of individuals, some of whom have now been identified by law enforcement.

Continue Reading

Security

Introduced Scam Copilot 1 Powered by Al Technology

Bitdefender Announces AI-Powered Fraud Defense Platform Scam Copilot!

Published

on

Bitdefender Announces AI-Powered Fraud Defense Platform Scam Copilot!

Bitdefender, a global cybersecurity leader, announced Scam Copilot, an advanced technology platform powered by artificial intelligence (AI).

Scam Copilot, which detects and combats fraud attempts, stands out as an advanced platform designed for devices such as computers, tablets and mobile phones. Providing protection against malware, identity theft and data theft with a strong defense layer, Scam Copilot provides an integrated service in all Bitdefender’s cyber security products.

Scam Copilot

According to the report prepared by the Global Anti-Scam Alliance (GASA), it is stated that global losses due to fraud will exceed one trillion US dollars in 2023. Additionally, the report found that 78% of the nearly 50,000 people surveyed had experienced at least one scam within a 12-month period.

bitdefender The 2024 Consumer Cybersecurity Assessment Report revealed that scams delivered via text message were the most common security incident, affecting almost half of the seven thousand respondents.

Introduced to users by Bitdefender in response to the sharp increase in fraud-related cybercrimes, Scam Copilot was developed powered by Large Language Models (LLMs) and artificial intelligence.

These technologies prevent cybercriminals from creating and distributing highly persuasive phishing messages in any language, making it extremely easy for consumers to detect scams and fraud attempts on their own.

Scam Copilot

“A True Game Changer”

Scam Copilot combines fraud detection and prevention technologies under one roof. The application proactively monitors users during activities such as web browsing, sending e-mail, and chatting via messaging applications, and warns users of the threats it detects.

Leveraging Bitdefender’s real-time global threat intelligence and artificial intelligence, ScamCopilot constantly evolves and adapts seamlessly as new fraud methods emerge.

Main Features and Benefits

  1. Complete Fraud and Fraud Protection: Scam Copilot provides comprehensive protection in digital environments, including web browsing, email, messaging, chat applications, push notifications and calendar invitations.
  1. Intuitive AI-Powered Chatbot Assistance: Scam Copilot provides best practice guidance for users to stay informed about alerts and stay safe. It also includes an advanced chatbot that allows users to engage in natural conversations to get a trusted second opinion on potential scams.
  1. Geographically Specific Fraud Wave Alerts: Scam Copilot warns users about emerging or trending scam campaigns. Alerts provide detailed information about campaign type, distribution methods, key tactics and potential risks, providing users with timely information to prevent evolving threats.
  1. Protection for High Risk Groups: Scam Copilot provides strong protection for groups frequently targeted by scammers, including the elderly, children and teenagers. The platform adapts to user behavior and offers simple and personalized suggestions to take action.
  1. Strengthening Fraud Awareness: Scam Copilot not only protects against scams, it also offers contextual recommendations tailored to specific interactions. It aims to help consumers achieve fraud awareness and feel confident in navigating the digital world safely.
Continue Reading

Security

Lazarus Exploited Chrome Zero-Day Vulnerability

GReAT has uncovered a sophisticated malware campaign by the Lazarus Advanced Persistent Threat (APT) group targeting cryptocurrency investors worldwide.

Published

on

GReAT has uncovered a sophisticated malware campaign by the Lazarus Advanced Persistent Threat (APT) group targeting cryptocurrency investors worldwide.

An attack using the Manuscrypt malware, used by the Lazarus group and documented by GReAT in over 50 unique campaigns targeting various industries, has been detected.

Detailed analysis revealed a sophisticated malicious campaign that relied heavily on social engineering techniques and generative artificial intelligence to target cryptocurrency investors.

The Lazarus group is known for its highly sophisticated attacks on cryptocurrency platforms and has a bad track record of exploiting zero-day exploits. This newly revealed campaign followed the same pattern.

Lazarus

Security researchers found that the threat actor exploited two vulnerabilities, including a previously unknown bug, in V8, Google’s open-source JavaScript and WebAssembly engine.

The zero-day vulnerability in question was fixed with the code CVE-2024-4947 after it was reported to Google. This vulnerability allowed attackers to run arbitrary code, bypass security features, and perform various malicious activities. Another vulnerability was used to bypass Google Chrome’s V8 sandbox protection.

Attackers exploited this vulnerability by luring users to a carefully designed fake gaming website that invited users to compete globally with NFT tanks.

To maximize the effectiveness of the campaign, they focused on building trust and designed details that would make promotional activities appear as real as possible.

In this context, social media accounts were created on X (formerly Twitter) and LinkedIn to promote the game over several months, and artificial intelligence-generated images were used to increase credibility.

Lazarus has successfully integrated generative AI into its operations. Kaspersky experts predict that attackers will design even more sophisticated attacks using this technology.

The attackers also tried to engage cryptocurrency influencers for further promotion. They used their presence on social media to not only spread the threat but also directly target crypto accounts.

Security experts have discovered another legitimate game that appears to be a pioneering prototype of the attackers’ game. Shortly after the attackers launched a campaign to promote their game, real game developers claimed $20,000 worth of cryptocurrency was transferred from their wallets. claimed.

The fake game’s logo and design differed only in logo placement and visual quality, but otherwise mirrored the original. Given these similarities and overlaps in code, security experts emphasize that Lazarus members have gone to great lengths to lend credibility to their attacks.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V