HackDig : Dig high-quality web security articles for hackers

New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

IBM X-Force research recently analyzed a new Android banking Trojan that appears to be targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America. This Trojan, which was created atop an existing, simpler SMSstealer.BR, was supplemented with more elaborate overlay capabilities. That portion o
Publish At:2020-04-21 06:45 | Read:446 | Comments:0 | Tags:Malware Mobile Security Android Android Malware Banking Malw

Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations

IBM X-Force Incident Response and Intelligence Services (IRIS) researchers recently went down the rabbit hole of a physical iPhone theft that was followed by a SMiShing campaign designed to unlock the phone for resale on the black market. As we looked into what was behind the phish, we found a thriving and large-scale operation of over 600 phishing domains d
Publish At:2020-04-09 06:33 | Read:509 | Comments:0 | Tags:Mobile Security Threat Intelligence Apple Cloud Cloud Securi

“Instant bank fraud” warning spread on WhatsApp is a hoax

byPaul DucklinLast week we wrote about a WhatsApp hoax that was spreading widely, warning people to look out for a cybersecurity catastrophe that simply wasn’t going to happen.That was known as the Martinelli/Dance of the Pope hoax, and it claimed that two dangerous videos are about to come out that will hack or wipe out your phone so it can’t b
Publish At:2020-03-31 05:28 | Read:348 | Comments:0 | Tags:Fake news phishing smishing SMS WhatsApp

TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany

IBM X-Force researchers recently analyzed an Android malware app that’s likely being pushed to infected users by the TrickBot Trojan. This app, dubbed “TrickMo” by our team, is designed to bypass strong authentication methods that bank customers use when they need to authorize a transaction. Though it’s not the first of its kind, this
Publish At:2020-03-24 07:55 | Read:353 | Comments:0 | Tags:Advanced Threats Risk Management Threat Intelligence Android

Emotet SMiShing Uses Fake Bank Domains in Targeted Attacks, Payloads Hint at TrickBot Connection

Before a short lull in mid-February, Emotet was in the midst of a rise in activity that has been apparent since late 2019 — in terms of both spam and infecting potential victims via SMiShing attacks. In cases observed by IBM X-Force researchers, SMS messages sent from what would appear to be local U.S. numbers are being delivered to mobile phones impersonati
Publish At:2020-02-19 08:17 | Read:420 | Comments:0 | Tags:Malware Threat Intelligence Antivirus Banking Security Phish

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider (MSP). Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary tale highlighting that absolutely nobody is safe when bad thi
Publish At:2020-02-03 16:50 | Read:496 | Comments:0 | Tags:A week in security a week in security cybersecurity news inf

Phishy text message tries to steal your cellphone account

byPaul DucklinLots of people still think of phishing as a type of scam that arrives by email.That’s because most phishing attacks do, indeed, arrive in your inbox – sadly, spamming out emails is cheap and easy for crooks, and it delivers results simply because of the volume they can achieve.But phishing isn’t only about email – itR
Publish At:2019-10-18 12:00 | Read:1169 | Comments:0 | Tags:Phishing cellphones Cybercrime passwords phishing SMS

SMS Scams and Smartphone Malware

Smartphones have become a crucial part of our everyday lives; we shop, bank and network using our phones. But with so much valuable personal data being stored on these devices, they have become a top target for cyber criminals. If they can crack our phones, they can steal our identities, blackmail us for cash, or empty our bank accounts using scams. As a res
Publish At:2017-07-25 22:40 | Read:3372 | Comments:0 | Tags:Mobile Security Malware scams smartphones sms

InterContinental Hotel Chain Breach Expands

In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showin
Publish At:2017-04-19 00:10 | Read:4590 | Comments:0 | Tags:Other Crowne Plaza breach Holiday Inn breach Holiday Inn Exp

Hacking Facebook Accounts with just a phone number through the SS7 protocol

Hacking Facebook Accounts with just a phone number is possible, experts from Positive Technologies demonstrated it exploiting flaws in the SS7 protocol. Hacking Facebook accounts by knowing phone numbers it is possible, a group of researchers from Positive Technologies demonstrated it. “Researchers have proven just that by taking control of a Facebook
Publish At:2016-06-15 21:00 | Read:3244 | Comments:0 | Tags:Breaking News Hacking Mobile Social Networks Hacking Faceboo

Some Notes on Utilizing Telco Networks for Penetration Tests

After a couple of years in pentesting Telco Networks, I’d like to give you some insight into our pentesting methodology and setup we are using for testing “Mobile and Telecommunication Devices”. I am not talking about pentesting professional providers’ equipment (as in previous blogposts), it is about pentesting of devices that have a
Publish At:2016-05-25 14:40 | Read:4218 | Comments:0 | Tags:Security Tools 2G gsm IoT pentest sms Telco

Virus hoaxes still thrive while ‘Sonia disowns Rahul’

Virus hoaxes still thrive while ‘Sonia disowns Rahul’ Posted by David Harley on March 21, 2016.This is something of a twist on an old favourite – a virus hoax that I saw posted by an acquaintance recently on a social media site. Bizarrely, virus hoaxes seem to be surviving
Publish At:2016-03-21 23:00 | Read:6991 | Comments:0 | Tags:David Harley anti-hoax heuristics Facebook hoax SMS Sonia di

Using Two-Factor Authentication for the Administration of Critical Infrastructure Devices

Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user based on something they have and something they know.The most popular 2FA method currently in use is the token code, which generates an authentication code at fixed intervals. Generally, the user will enter in their username, and their password will be a secret PIN
Publish At:2015-10-20 14:30 | Read:3927 | Comments:0 | Tags:Featured Articles Vulnerability Management 2FA Heartbleed pa

Android Dolphin, Mercury Browsers Vulnerable to Remote Attacks

A number of Android vulnerabilities have made headlines in recent weeks. Back in July, news first broke about “Stagefright,” a bug that allows an attacker to remotely execute code using a specially crafted MMS. At around the same time that Google announced patches for this vulnerability, at least one of which has been shown to be ineffective, res
Publish At:2015-08-26 14:00 | Read:3825 | Comments:0 | Tags:Cyber Security Featured Articles Android Dolphin Google Merc

Instagram Follower Booster Leads to SMS Browser Extension PUP

We’ve seen some Instagram spam claiming to offer up a significant bump in follower numbers, using a site which claims it can top you up with anything from 17 to 9,998 people desperate to see your sandwich photographs. There’s also a “Max” setting, which one hopes and assumes is either 9,999 or infinity. Tough call. Here’s the In
Publish At:2015-08-25 14:45 | Read:3894 | Comments:0 | Tags:Online Security extension followers Instagram PUP sms spam


Share high-quality web security related articles with you:)


Tag Cloud