Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware
An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that’s commonly associated with Chinese hacking crews.
Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and Read More
The Hacker News | #1 Trusted Cybersecurity News Site
8.5 Million Windows Systems Hit by CrowdStrike Faulty Update – Microsoft Says!
Microsoft has revealed that a faulty software update released by cybersecurity firm CrowdStrike on July 18 has impacted approximately 8.5 million Windows devices globally, causing widespread disruptions to businesses and individuals.
The tech giant has worked closely with CrowdStrike, customers, and industry partners to resolve the issue and restore affected systems.
In a blog post, Microsoft stated that while the incident originated from CrowdStrike and not Microsoft itself, the company has taken proactive steps to support its customers and the broader ecosystem.
8.5 Million Windows Devices Crashed
Microsoft has deployed hundreds of engineers to work directly with affected businesses, collaborated with cloud providers like Google Cloud Platform (GCP) and Amazon Web Services (AWS), and provided technical guidance and manual remediation scripts to help customers safely bring their systems back online.
Microsoft said in a blog post, “We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines.”
CrowdStrike has issued a public statement and recommended a workaround to address the problem. The cybersecurity firm has also assisted Microsoft in developing a scalable solution to accelerate the fix for the faulty update across Microsoft’s Azure infrastructure.
“This effort will be ongoing. We are committed to identifying any foundational or workflow improvements that we can make to strengthen our process. We will update our findings in the root cause analysis as the investigation progresses,” CrowdStrike said in a blog post“
Although the affected devices represent less than one percent of all Windows machines, the incident has had significant economic and societal impacts due to CrowdStrike’s prominence among enterprises running critical services. Microsoft emphasized the importance of safe deployment practices and disaster recovery mechanisms within the interconnected tech ecosystem.
“As we’ve seen over the last two days, we learn, recover and move forward most effectively when we collaborate and work together,” the blog post read. “We appreciate the cooperation and collaboration of our entire sector, and we will continue to update with learnings and next steps.”
Microsoft continues to work around the clock to support customers and provide updates through the Azure Status Dashboard. The company expects to share further insights and lessons learned from this incident to strengthen the resilience of the global technology ecosystem.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
Copybara Uses On-Device Fraud to Steal Funds Directly from the Victim’s Device
[[{“value”:”
Cybersecurity experts at Cleafy Labs have exposed a sophisticated fraud campaign orchestrated by a group known as Copybara.
This campaign, leveraging on-device fraud techniques, has been meticulously designed to siphon funds directly from victims’ devices, marking a significant escalation in the severity and sophistication of cyber threats facing individuals and institutions alike.
Cleafy Labs detailed the Copybara campaign, which employs a multifaceted approach to infiltrate and exploit victims’ devices.
Unlike traditional fraud methods that rely on intercepting or redirecting communications between a user and their financial institution, on-device fraud occurs directly within the compromised device.
This method allows attackers to bypass many of the security measures that banks and other financial services have put in place, making it a particularly insidious form of cybercrime.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
Copybara Uses On-Device Fraud to Steal Funds
At the heart of the Capybara campaign is malicious software, or malware, that is cleverly disguised within seemingly innocuous applications.
Once installed on a victim’s device, this malware grants the attackers unprecedented access to the device’s functions and data, reads Cleafy Labs report.
This includes intercepting and manipulating SMS messages and push notifications, often used as part of two-factor authentication processes.
Copybara fraud operation Source (Cleafy)
The sophistication of the Copybara malware lies in its ability to remain undetected while actively monitoring the device for specific activities, such as accessing banking applications or websites.
The malware springs into action upon detecting such activities, surreptitiously redirecting the user’s inputs to the attackers’ servers.
This allows the perpetrators to capture sensitive information, such as login credentials and financial information, without the victim’s knowledge.
Perhaps most alarmingly, the Copybara campaign demonstrates high customization and adaptability.
The attackers have shown the ability to tailor their malware to target specific financial institutions and apps, increasing the likelihood of successful fraud.
This level of specificity, combined with the malware’s stealthy operation, poses a significant challenge to existing cybersecurity measures.
In response to the rising threat posed by on-device fraud, cybersecurity experts, including those at Cleafy Labs, are calling for increased vigilance and the adoption of more advanced security measures.
This includes the use of behavior-based detection systems that can identify and neutralize malicious activities on a device before any harm can be done
As the Copybara campaign continues to evolve, it serves as a stark reminder of the ever-present and ever-changing nature of cyber threats.
Individuals and institutions alike must remain proactive in their cybersecurity efforts, constantly updating and refining their defenses to protect against these sophisticated and highly targeted attacks.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.