Unfortunately, a new form of Android malware is capable of stealing 2FA codes from Google’s app, according to a report by security firm Threatfabric (via ZDNet). According to the report, a variant of the Cerberus banking trojan emerged with this ability in January 2020.
“Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application. When the app is running, the Trojan can get the content of the interface and can send it to the C2 [command and control – ed] server. Once again, we can deduce that this functionality will be used to bypass authentication services that rely on OTP codes,” reads an excerpt of the report.EDITOR’S PICK
10 best security apps for Android that aren’t antivirus apps!
Threatfabric notes that the new malware feature isn’t being advertised on underground forums just yet, suggesting that this capability is still in testing. The firm says it still presents a major threat to online banking services though. But this could also be a massive threat to other accounts and services that use 2FA, such as email, Google accounts, and more.
Two-factor authentication apps like Google Authenticator are generally considered to be more secure than SMS-based 2FA. Two factor codes via text message can be intercepted, and there have indeed been numerous cases of SIM swap fraud that allows criminal actors to gain these codes.
Nevertheless, we hope to see Google shore up Android’s defenses against this malware, as it likely affects other 2FA apps as well. But hopefully it doesn’t mean similarly drastic measures like it took with SMS and calling permissions.
Hackers have released a new jailbreak that can reportedly crack any iPhone
A new jailbreak has just been released that works across all iPhones, according to reports from Motherboard and TechCrunch.
- The jailbreak was reportedly made possible by a new vulnerability in Apple’s software that the company has not discovered yet.
- A jailbreak is a hack that makes it possible to overcome the iPhone’s security restrictions so that users can load apps and features that aren’t approved by Apple.
- Installing jailbreaks can pose security risks since doing so lifts Apple’s safeguards.
A vulnerability in Apple’s mobile software has made it possible for hackers to release a new iPhone jailbreak that supposedly works across all iPhones, according to Motherboard.
It’s the first time such a jailbreak that works so broadly at launch has surfaced since Apple launched its iOS 10 operating system in 2016, the report says. The jailbreak, known as unc0ver, should work on all iPhones that support iOS 11 and above, according to TechCrunch .
Apple did not immediately respond to Business Insider’s request for comment.
A jailbreak is a hack that makes it possible to overcome Apple’s security protocols so users can load onto their iPhones apps and software that the company hasn’t authorized. Jailbreaks were once very popular among iPhone owners that wanted to customize their devices, but they also pose serious security risks since they discard Apple’s built-in safety measures.
Apple has cracked down on jailbreaking in more recent iOS software updates, making them far less common.
The new jailbreak is the result of a zero-day vulnerability found in Apple’s iOS software, Motherboard reported. The term “zero-day” refers to a security flaw that has not yet been discovered.
Although jailbreaks are usually considered a security risk, the researcher who discovered the iOS vulnerability that makes the new jailbreak possible told Motherboard that Apple’s security mechanisms remained intact.
While the new jailbreak is said to be the first in years to work across all models right away, it’s not the first time jailbreaking has returned to the iPhone. Last August, Apple re-introduced a security vulnerability that would make jailbreaking possible , as Motherboard reported at the time. But that jailbreak worked on current and up-to-date iPhones, according to the report, while the new one is said to work across all models.
The news also comes as Apple has been investing more heavily in sourcing help from external cybersecurity experts and researchers through its bug-bounty program, which the company introduced in 2016.
For example, Apple updated its bug-bounty program in August to include a new million-dollar reward for researchers who can pull off a specific type of iPhone hack. The type of attack, known as a “zero-click full chain kernel execution attack with persistence,” gets to the core of Apple’s operating system and enables control of an iPhone without requiring any user interaction.
After Zoom, Hackers Turn to Microsoft Teams as Reports Show Spike in Cyberattacks
With working from home becoming the new norm, Microsoft Teams and other video conferencing platforms have seen an extraordinary spike in usage. However, the increase in popularity has also attracted the attention of hackers.
Recent, reports by security researchers have shown spikes in cyberattacks targeting Microsoft Teams users. According to the reports, researchers have observed thousands of cloned Microsoft Teams login pages being used in an attempt to harvest account passwords.
Hackers turn their sights to Video-conferencing Platforms
With the daily usage of Microsoft service at about 75 million after leaping from 44 million in the last two weeks of March, it’s no surprise that hackers have turned their sights to the platform.
However, Microsoft Teams is not the first video chat platform to receive increased attention from hackers. Last month, Zoom had about 530,000 account information stolen by hackers auctioned on the dark web.
This, together with Zoom’s several other security and privacy shortcomings, caused a backlash which resulted in few top organisations porting to rivals like Teams. However, the increase in cyberattacks directed at Teams shows that users porting from Zoom doesn’t necessarily mean they are off the radar of cybercriminals.
Impersonation attack threat to over 75 million users
Researchers have discovered that hackers are using a multi-prong Microsoft Teams impersonation attack. According to the team from Abnormal Security, convincingly-crafted emails impersonating the automated notification emails from Microsoft Teams are sent out to users, with the aim of stealing their Microsoft Office 365 login credentials when they try to use the fake website.
The Cybersecurity and Infrastructure Security Agency (CISA) on April 29 issued a warning that attacks using such methodology was going to increase given the speed of deployment as organizations migrate to Microsoft Office 365 during the COVID-19 lockdown.
However, Abnormal Security has said it discovered that no security configurations or vulnerabilities in Microsoft Teams were at fault. The hacker exploits human vulnerabilities by sending emails that are designed to look legit and professional to trick as many users as possible.
“The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider,” the researchers say.
This new phishing campaign is disguised as normal everyday mail you receive for business or work. However when you click on the link, it employs multiple URL redirects, concealing the real hosting URLs, and so aiming to bypass email protection systems, the hacker will eventually drive the user to the cloned Microsoft Office 365 login page.
Also, hackers use newly-registered domains that are designed to fool users into thinking the notifications are from an official source.
Over 50,000 users have been victims to this attack
Once the user enters his login details, it is already stolen without them even knowing it. This is usually the case when users enter their details in unsecured webpages and it bounces.
According to Abnormal security, the current situation of things, where people have become accustomed to receiving video invitations and notifications from collaboration software providers makes it easier for the phishing attack to work.
“Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials, given the current situation, people have become accustomed to notifications and invitations from collaboration software providers.”
Similar to Zoom, Microsoft Teams’ booming popularity has caught the attention of both security experts and hackers. Although everything looks fine pertaining to Microsoft Teams security and privacy, users have to play their part in being extra vigilant so that preying hackers won’t be able to steal their information.
Be vigilant about performing ‘security hygiene’ during coronavirus threat
Consumers should seek out information based on science and not just personal testimonies.
Many of the news stories discussing the global outbreak of the COVID-19 virus rightly stress the importance of practicing protective measures such as vigorous hand washing and avoiding crowded events. Authorities roundly agree that proper hygiene and adherence to your national health authorities such as the CDC is critical to containing the spread of the deadly virus.
Meanwhile, the coronavirus scare is posing other risks – some directly, others indirectly related to COVID-19. Consumers hell-bent on gathering the latest information about virus-protection techniques are being warned about phishing scams that prey on their fears. Workers holed up in home offices face ongoing threats from hackers looking to poke holes in the patchwork of home and workplace security defenses.
“It’s always important to keep our guards up, to protect ourselves against security threats,” said Martin Hron, senior researcher at Avast. “Just like we need to pay attention to our own hygiene during times like these, we should maintain a high level of security hygiene to ensure we’re keeping our risk levels low.”
Virus-related scams are on the rise. State attorneys general have put out notices to watch for illegitimate investment schemes and websites advertising coronavirus “miracle products” or vaccines. Consumers should seek out information based on science and not just personal testimonies.
Earlier this month, the World Health Organization (WHO) issued a warning about phishing emails being sent by hackers posing as WHO representatives. The agency is getting regular reports of coronavirus-related phishing attempts.
The Secret Service recently issued a warning about phishing scam from people purporting to be from a medical organization offering information regarding the virus. Clicking on a link could infect your computer. The agency called the coronavirus outbreak “a prime opportunity for enterprising criminals because it plays on the basic human conditions … fear.”
As more regions declare states of emergency in response to the coronavirus, workers that haven’t spent time working remotely suddenly have to reacquaint themselves with VPNs and document-sharing tools. Corporate remote-work rules can – and should – be stringent. Workers should review key practices with IT before embarking on long, and perhaps open-ended, remote periods.
Other corporate security measures could include the following:
- Arm employees with a list of phone numbers, so they can reach out to a human from their IT team or other responsible person in case they have any IT issues.
- Inform employees of the hardware, software, and services they can utilize that are not company issued, but could help to connect and share files with colleagues during the special circumstances.
- Lay ground rules for employees when it comes to using personal hardware while working from home, such as printers.
- Enforce two-factor authentication wherever possible to add an extra layer of protection to accounts.
- Make sure employees have limited access rights and can only connect to the services they need for their specific tasks, rather than giving employees access to the entire corporate network.
Other potential risks tie back to actual hygiene itself. Workers operating remotely in regions affected by the coronavirus have been trained to scrub their hands and cover their mouths to stop the spread of disease. But are they paying the same attention to their technology devices themselves? Phones, laptops, tablets and IT remotes can transmit viruses if they’re not properly wiped down.
“We have to be vigilant, to be sure we’re protecting ourselves in every facet of our lives,” Hron said.