CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 49: March 13 2023


Batloader uses Google Ads

  • What is Batloader?
    • Loader file
    • Utilized to distribute malware
      • information stealers
      • banking malware
      • Cobalt Strike
      • ransomware
    • eSentire
      • Google Ads
      • Spoof legitimate software/services
        • Adobe
        • OpenAPI’s ChatGPT
        • Spotify
        • Tableau
        • Zoom
      • lookalike websites
        • host Windows installer
          • masquerading as legitimate apps
        • execute Python scripts
          • contain the BATLOADER payload
        • Upgrades
          • allow the malware to establish persitant access to enterprise networks.

Crypto: Pay to Earn Scam

  • “play-to-earn”
    • mobile and online games
    • custom-created gaming apps
      • promise huge financial rewards directly proportional to investments
    • established trust with beforehand in lengthy online conversations.
    • Tell then players earn cryptocurrency rewards in exchange for some activity, such as growing ‘crops’
      • buy cryptocurrency and create a crypto wallet.
      • the purported rewards are higher the more funds the victim stores in this wallet
    • tempt victims with fake rewards to entice them to deposit more and more funds
      • drain their wallets once the victim stops making deposits
      • May tell them fees/taxes can get them their money back
        • It wont
      • Defense
        • Gamers are advised to stay vigilant
          • be cautious of unsolicited messages or invitations to games promising unrealistic financial rewards.
        • if something seems too good to be true, it probably is.
        • If you wish to participate in cryptocurrency-based gaming
          • create a unique wallet
            • isolates your primary cryptocurrency holdings should you unknowingly grant illicit actors access to your gaming wallet.
          • Use a third-party blockchain explorer to independently check the balances of the addresses in your gaming wallet.
          • Periodically use a third-party token allowance checker to help you see which sites or apps you have inadvertently permitted to access funds in your wallet and revoke those permissions.
          • FBI urges all victims to report incidents via the Internet Crime Complaint Center to help put a stop to these scams.

Akamai has mitigated the largest DDoS…So Far

  • Akamai
    • February 23, 2023, at 10:22 UTC
    • attack traffic peaked at 900.1 gigabits per second
    • 2 million packets per second.
    • launched against a Prolexic customer in Asia-Pacific (APAC).
    • The overall attack lasted only a few minutes.
      • intense and short-lived
        • attack traffic bursting during the peak minute of the attack.
      • redirecting the malicious traffic through its scrubbing network
    • Mitigation
      • 48% scrubbing centers in the APAC region
      • 6% one center in Hong Kong
      • all its 26 centers were loaded
    • Previous Record
      • 8 Mpps (Million Packets Per Second)
      • Europe in September 2022
      • appeared to originate from the same threat actor
        • behind another record-breaking attack that Akamai blocked in July and that hit the same customer.
      • Microsoft
        • January Azure DDoS protection
        • 47 Tbps attack that targeted one of its customers
        • 340 million packets per second (pps).

Xenomorph Android Banking Trojan Returns

  • Xenomorph
    • February 2022
    • 56 European banks through dropper apps
  • Xenomorph 3rd generation
    • Hadoken Security Group
      • Threat actor behind it.
    • updated version comes with new features that allow it to perform financial fraud in a seamless manner.
    • designed to target more than 400 banking and financial institutions
      • including several cryptocurrency wallets.
    • perform fraud through overlay attacks.
    • capabilities to automatically complete fraudulent transactions on infected devices
      • a technique called Automated Transfer System (ATS).
      • banks moving away from SMS for two-factor authentication (2FA)
        • ATS module that allows it to launch the app and extract the authenticator codes.
      • cookie-stealing functions, enabling the threat actors to perform account takeover attacks.
    • Play Protect
      • Play Protect (com.great.calm)
      • Play Protect (meritoriousness.mollah.presser)
    • Advertising
      • Zombinder
        • an APK binding service advertised on the dark web since March 2022
        • wherein the malware is delivered via trojanized versions of legitimate apps.
        • The offering has since been shut down.

Leave a Reply

Your email address will not be published. Required fields are marked *