CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 49: March 13 2023

March 13, 2023 Jim Guckin CyberSecurity News Byte Weekly 25:1035.91M Comments Off on Episode 49: March 13 2023

Links

https://thehackernews.com/2023/03/batloader-malware-uses-google-ads-to.html

https://www.bleepingcomputer.com/news/security/fbi-warns-of-cryptocurrency-theft-via-play-to-earn-games/

https://securityaffairs.com/143282/hacking/akamai-mitigates-900gbps-ddos.html

https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html?&web_view=true

Batloader uses Google Ads

  • What is Batloader?
    • Loader file
    • Utilized to distribute malware
      • information stealers
      • banking malware
      • Cobalt Strike
      • ransomware
    • eSentire
      • Google Ads
      • Spoof legitimate software/services
        • Adobe
        • OpenAPI’s ChatGPT
        • Spotify
        • Tableau
        • Zoom
      • lookalike websites
        • host Windows installer
          • masquerading as legitimate apps
        • execute Python scripts
          • contain the BATLOADER payload
        • Upgrades
          • allow the malware to establish persitant access to enterprise networks.

Crypto: Pay to Earn Scam

  • “play-to-earn”
    • mobile and online games
    • custom-created gaming apps
      • promise huge financial rewards directly proportional to investments
    • established trust with beforehand in lengthy online conversations.
    • Tell then players earn cryptocurrency rewards in exchange for some activity, such as growing ‘crops’
      • buy cryptocurrency and create a crypto wallet.
      • the purported rewards are higher the more funds the victim stores in this wallet
    • tempt victims with fake rewards to entice them to deposit more and more funds
      • drain their wallets once the victim stops making deposits
      • May tell them fees/taxes can get them their money back
        • It wont
      • Defense
        • Gamers are advised to stay vigilant
          • be cautious of unsolicited messages or invitations to games promising unrealistic financial rewards.
        • if something seems too good to be true, it probably is.
        • If you wish to participate in cryptocurrency-based gaming
          • create a unique wallet
            • isolates your primary cryptocurrency holdings should you unknowingly grant illicit actors access to your gaming wallet.
          • Use a third-party blockchain explorer to independently check the balances of the addresses in your gaming wallet.
          • Periodically use a third-party token allowance checker to help you see which sites or apps you have inadvertently permitted to access funds in your wallet and revoke those permissions.
          • FBI urges all victims to report incidents via the Internet Crime Complaint Center to help put a stop to these scams.

Akamai has mitigated the largest DDoS…So Far

  • Akamai
    • February 23, 2023, at 10:22 UTC
    • attack traffic peaked at 900.1 gigabits per second
    • 2 million packets per second.
    • launched against a Prolexic customer in Asia-Pacific (APAC).
    • The overall attack lasted only a few minutes.
      • intense and short-lived
        • attack traffic bursting during the peak minute of the attack.
      • redirecting the malicious traffic through its scrubbing network
    • Mitigation
      • 48% scrubbing centers in the APAC region
      • 6% one center in Hong Kong
      • all its 26 centers were loaded
    • Previous Record
      • 8 Mpps (Million Packets Per Second)
      • Europe in September 2022
      • appeared to originate from the same threat actor
        • behind another record-breaking attack that Akamai blocked in July and that hit the same customer.
      • Microsoft
        • January Azure DDoS protection
        • 47 Tbps attack that targeted one of its customers
        • 340 million packets per second (pps).

Xenomorph Android Banking Trojan Returns

  • Xenomorph
    • February 2022
    • 56 European banks through dropper apps
  • Xenomorph 3rd generation
    • Hadoken Security Group
      • Threat actor behind it.
    • updated version comes with new features that allow it to perform financial fraud in a seamless manner.
    • designed to target more than 400 banking and financial institutions
      • including several cryptocurrency wallets.
    • perform fraud through overlay attacks.
    • capabilities to automatically complete fraudulent transactions on infected devices
      • a technique called Automated Transfer System (ATS).
      • banks moving away from SMS for two-factor authentication (2FA)
        • ATS module that allows it to launch the app and extract the authenticator codes.
      • cookie-stealing functions, enabling the threat actors to perform account takeover attacks.
    • Play Protect
      • Play Protect (com.great.calm)
      • Play Protect (meritoriousness.mollah.presser)
    • Advertising
      • Zombinder
        • an APK binding service advertised on the dark web since March 2022
        • wherein the malware is delivered via trojanized versions of legitimate apps.
        • The offering has since been shut down.

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease