The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.
As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.
Read more…
Source: Kaspersky
Related:
- Toyota finance business confirms ransomware attack, data breach
November 18, 2023
Toyota Financial Services (TFS), a subsidiary of the popular automaker, has confirmed suffering a ransomware attack. In a statement company stated that Toyota Financial Services Europe & Africa “recently identified unauthorized activity on systems in a limited number of its locations.” The company only mentioned unauthorized activity on its endpoints and didn’t discuss if any data ...
- Gang says ICBC paid ransom over hack that disrupted US Treasury market
November 14, 2023
China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify. ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on ...
- YouTube shows ads for ad blocker, financial scams
November 10, 2023
After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental issues that have some people concerned. In this blog post, ...
- U.S. arm of China mega-lender ICBC hit by ransomware attack
November 10, 2023
The U.S. arm of China’s largest bank said Thursday that it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the U.S. Treasury market. Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing ...
- Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage
November 2, 2023
Mortgage and loan giant Mr. Cooper says a “cybersecurity incident” earlier this week was the cause of an ongoing outage, adding that the company is “working to resolve the issue.” The Texas-based company said in a statement on its website that on October 31, Mr. Cooper “became the target of a cyber security incident and took ...
- SolarWinds and its CISO accused of misleading investors before major cyberattack
November 1, 2023
The Securities and Exchange Commission (SEC) has announced charges against software company SolarWinds Corporation and its chief information security officer (CISO), Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 2020, SolarWinds announced it had been hacked and that its compromised software channel was used to push ...