Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. […]
Related Posts
Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Cyfirma security researchers uncover the real identity of the CypherRAT and CraxsRAT malware developer and MaaS operator.
The post Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer appeared first on SecurityWeek.
SecurityWeek RSS Feed
Malicious QR Reader App in Google Play Delivers Anatsa Banking Malware
Malicious QR Reader App in Google Play Delivers Anatsa Banking Malware
Cybersecurity experts have identified a malicious QR code reader app on Google Play that is delivering the notorious Anatsa banking malware.
This discovery underscores the persistent threat posed by malicious apps in official app stores, emphasizing the need for heightened vigilance among users.
The Discovery and Impact
The malicious app, posing as a legitimate QR code reader, was found to be distributing the Anatsa banking malware, a sophisticated piece of malware designed to steal sensitive banking information.
According to a tweet from Zscaler ThreatLabz, the app has already been downloaded thousands of times, potentially compromising a significant number of users’ financial data.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
ThreatLabz has detected another malicious Android app that is currently live in the @GooglePlay store with over 1K downloads located at: https://t.co/gwEfdHMlL4[.]com/store/apps/details?id=com.appsdevelopmentmegastudio.filecontrolandqrreader.
The app is disguised as a QR… pic.twitter.com/vEcDecYWPv
— Zscaler ThreatLabz (@Threatlabz) July 3, 2024
The Anatsa malware is known for its advanced capabilities, including keylogging, overlay attacks, and remote access, making it a formidable threat to users’ banking security.
How Anatsa Operates
Once installed, the malicious app requests a series of permissions that allow it to operate covertly.
It then monitors the user’s activities, capturing keystrokes and overlaying fake login screens to steal credentials.
Malware can also remotely control infected devices, enabling attackers to perform unauthorized transactions.
This level of sophistication makes Anatsa particularly dangerous, as it can bypass many traditional security measures and remain undetected for extended periods.
In response to the discovery, Google has removed the malicious app from the Play Store and is working to enhance its app vetting processes to prevent similar incidents in the future.
However, the incident highlights the ongoing challenges in securing app stores and the importance of user awareness.
Users are advised to be cautious when downloading apps, even from official sources.
It is crucial to check app reviews, scrutinize permissions, and use reputable security software to detect and block malicious activities.
Are you from SOC/DFIR Teams? – Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The post Malicious QR Reader App in Google Play Delivers Anatsa Banking Malware appeared first on Cyber Security News.
![CERT-UA Uncovers Gamaredon’s Rapid Data Exfiltration Tactics Following Initial Compromise](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZAMhWN_0VegOrky7Iy60QwohUQfDoKIosgsH1TGlLwR8cP9UMphEqtzmjNSMvWJCjd2g2iyD1SNtukK0NDbBRfqYNl_6beVu1fceBlZhdwS3sPSK-ojYSM4Gy44Ati6Lytj9mheJFF0pBhVTI6vrEA9HV9dUJHxnRAh1m943HbMdhPm14x3VylCWuYChH/s72-c/ms.jpg)
CERT-UA Uncovers Gamaredon’s Rapid Data Exfiltration Tactics Following Initial Compromise
CERT-UA Uncovers Gamaredon’s Rapid Data Exfiltration Tactics Following Initial Compromise
The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise.
"As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts," the Computer Emergency Response Team of Ukraine (CERT-UA) said in Read More
The Hacker News | #1 Trusted Cybersecurity News Site