Scitke

Tag: Malware

  • Georgia Court Takes Down International Malware Network

    Georgia Court Takes Down International Malware Network

    Image Credits: Pixabay

    The messages appeared harmless, even routine. One, from someone claiming to be a potential guest, asked a hotel about an alleged comment on Booking.com. Another, seemingly from the booking site itself, requested a review of negative guest feedback.

    The emails were fraudulent—phishing scams designed to trick recipients into downloading malware that would steal financial data and login credentials.

    Now, a major tech company and global law enforcement agencies are targeting a malware network known as Lumma Stealer, which authorities link to the cyberattack. Microsoft, the U.S. Justice Department, Europol, and Japan’s Cybercrime Control Center have launched a joint operation to dismantle Lumma’s digital infrastructure, according to Microsoft and court documents unsealed Wednesday in  federal court in Atlanta.

    A Dangerous Malware Threat Targeting Sensitive Information and Critical Sectors

    Steven Masada, assistant general counsel and director of Microsoft’s Digital Crimes Unit, called Lumma “one of the most renowned info-stealer malwares in existence” in an interview with The Atlanta Journal-Constitution. In 2024 alone, Lumma infected 1.8 million devices, according to cybersecurity firm Flashpoint.

    Lumma is a form of malware that individuals sell on the dark web to steal passwords, credit card details, bank information, and cryptocurrency wallets. According to Microsoft, it has allowed cybercriminals to breach sectors such as transportation, finance, and healthcare, extort schools through ransomware attacks, and drain victims’ bank accounts.

    Lumma has been active since 2022 and exemplifies the growing trend of cybercrime-as-a-service, according to Masada.

    Much like legitimate software companies, Lumma offers tiered monthly or annual subscriptions, with pricing based on the level of customization and control users want. Masada noted that hundreds of cybercriminal and state-affiliated groups around the world have utilized it.

    Unlike traditional software that provides tools like word processing or PDF editing, Lumma is designed for malicious use—demonstrated by the cyberattack that impersonated Booking.com, which showcased the malware’s reach and impact.

    A Key Player in the Cybercrime Supply Chain, Spreading Across Global Devices

    “Cybercriminals are essentially marketing and selling their services to other bad actors to expand their operations,” Masada said, describing Lumma as a key component in the cybercrime supply chain.

    Between March and May, Microsoft detected Lumma infections on over 394,000 Windows devices globally. Court records reveal that hackers compromised at least 532 computers in Georgia alone, with Atlanta ranking among the most heavily impacted U.S. cities.

    Microsoft filed a federal civil lawsuit against Lumma on May 13 in Atlanta, citing the large number of victims in the area, including Booking.com, which has a significant presence there. Booking.com did not immediately comment on the situation.

    In collaboration with other cybersecurity firms and law enforcement agencies, Microsoft gathered intelligence and coordinated efforts to dismantle various components of Lumma’s extensive infrastructure.

    Global Action Against Lumma

    Last week, Microsoft obtained a sealed  court order authorizing it to begin disabling, suspending, and blocking roughly 2,300 domains linked to Lumma’s operations.

    The Justice Department also disrupted Lumma’s online marketplace and seized its core command systems, while Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center took down Lumma infrastructure within their respective regions.

    According to Masada, Microsoft will reroute the seized domains to a cloud environment it monitors, using the data to gather intelligence and potentially identify more infected devices.

    Despite this global crackdown, those behind Lumma remain unidentified. Microsoft traces the main developer, known by the alias ‘Shamel,’ to Russia and believes that other individuals are also involved in maintaining the malware.

    Microsoft obtained a temporary restraining order against 10 unidentified individuals, including “Shamel,” others believed to be maintaining Lumma’s infrastructure, and users of the malware.

    Masada noted that whoever is behind Lumma will likely attempt to adapt and reconstruct their network. Microsoft aims to have a court-appointed monitor in place to grant swift authorization to seize any new domains that cybercriminals may create in the future.

    Read the original article on: Tech Xplore

    Read more: From robots to humans, good decisions require diverse perspectives.

  • New Technology Detects Hidden Malware on Android Phones

    New Technology Detects Hidden Malware on Android Phones

    Accessibility tools like screen readers and voice-to-text have improved smartphone usability for people with disabilities, but they can also be misused by hackers.
    Credit: Pixabay

    Accessibility Tools: A Double-Edged Sword for Smartphone Security

    Accessibility tools like screen readers and voice-to-text have improved smartphone usability for people with disabilities, but they can also be misused by hackers.

    Malware can exploit these services to access screen content and carry out unauthorized actions, such as clicking buttons, approving payments, or preventing removal of the malware. This can result in serious issues, including unauthorized bank transfers or stubborn infections that resist uninstallation.

    Phishing links or downloading harmful apps, even from trusted sources like the Google Play Store, often install such malware.” Once active, it can target sensitive apps like crypto wallets and ride-hailing platforms that hold payment data.

    Researchers at Georgia Tech have created a cloud-based tool called Detector of Victim-specific Accessibility (DVa) to detect malware on smartphones. DVa scans the device remotely and provides users with a detailed report identifying malicious apps and offering guidance on how to remove them.”It also shows which legitimate apps attackers targeted and advises users on how to contact those companies to assess potential harm.” Additionally, DVa reports its findings to Google to help the company eliminate the malware from affected apps.

    As we build increasingly accessible systems, it’s crucial to involve security experts in the process,” said Brendan Saltaformaggio, associate professor in the School of Cybersecurity and Privacy and the School of Electrical and Computer Engineering. “Otherwise, hackers will exploit these tools.”

    Georgia Tech and Netskope Test Malware Resistance

    To assess smartphone vulnerability to this kind of attack, the team conducted a malware analysis using five Google Pixel phones. Partnering with cybersecurity firm Netskope, the Georgia Tech researchers aimed to enhance mobile protection against advanced malware threats. They installed sample malware on each device to observe its impact and used DVa to document and analyze the malicious behavior.

    Although DVa is effective at detecting ongoing attacks, the researchers acknowledge a key challenge: removing malware without disrupting legitimate accessibility features.

    In the future, we need to better understand how accessibility services operate to distinguish between normal and malicious use,” said Haichuan (Ken) Xu, a Ph.D. student in the School of Cybersecurity and Privacy.

    Read the original article on: Scitech Daily

    Read more: EU’s Highest Court Ruling on Android Auto Antitrust Case Could Accelerate Interoperability Demands

  • Hackers Install Malware Instead of Promised AI

    Hackers Install Malware Instead of Promised AI

    Tech titan Meta says it expects hackers and other malicous actors online to begin using generative artificial intelligence to scale up attacks. Credit: W&V.

    On Wednesday, the social media giant Meta, which is the parent company of popular platforms such as Facebook, Instagram, and WhatsApp, warned that hackers exploit the popularity and potential of generative artificial intelligence tools like ChatGPT to lure people into installing malware on their devices. Guy Rosen, Meta’s chief information security officer, revealed that the company’s security analysts recently detected a wave of malicious software posing as ChatGPT or similar AI tools.

    Analysis on AI by Rosen

    Rosen noted that generative AI technology has been capturing people’s imagination and everyone’s excitement, and it has not gone unnoticed by cybercriminals. The company has seen “threat actors” promoting internet browser extensions that offer generative AI capabilities but contain malicious code designed to infect users’ devices.

    Rosen cautioned that hackers frequently use enticing advancements as bait to deceive people into clicking on malicious links or downloading software that steals personal data, a tactic that has also been employed in crypto scams due to the high demand for digital currency.

    Meta’s security team has identified and blocked over a thousand web addresses that claim to offer ChatGPT-like tools but are traps set by hackers. Although Meta has not yet seen generative AI used as more than bait by hackers, Rosen warned that the inevitability of it being used as a weapon is coming, and the company is preparing for it.

    “Generative AI holds great promise and bad actors know it, so we should all be vigilant to stay safe,” Rosen said.

    Meta’s security approach on AI

    Meta is taking a proactive approach to online security by exploring the use of generative AI as a defense against hackers and online influence campaigns. Nathaniel Gleicher, the head of security policy at Meta, shared that they have teams dedicated to anticipating potential AI abuse and developing defenses to counter them. By leveraging AI as both a weapon and a shield, Meta aims to stay ahead of evolving cyber threats.

    Generative AI is a form of machine learning that uses algorithms to create original content, such as images, videos, and text, by learning from a large amount of data. This technology has numerous potential applications, from creating virtual assistants and chatbots to generating realistic images and videos that could be used in various fields like entertainment, advertising, and medicine. However, as with any new and exciting technology, it has also attracted the attention of hackers looking to exploit its potential for malicious purposes.

    One possible scenario is that hackers could use generative AI to create convincing phishing emails that appear to be from legitimate sources, making it difficult for people to spot them as fake. They could also use generative AI to create deep fake videos or audio recordings that could be used to spread disinformation and manipulate public opinion.

    Ways explored by Meta to combat threats

    To counter such threats, Meta is exploring ways to use generative AI to detect and counteract fake content and attacks. One approach is to develop algorithms that can identify and flag questionable content generated by AI. Meta could also use generative AI to create more realistic and convincing simulated attacks that could help train security teams to recognize and respond to real threats.

    Overall, Meta’s warning about the potential misuse of generative AI is a reminder that as exciting as new technologies can be, they can also be exploited for nefarious purposes. Individuals and companies need to be aware of these risks and take steps to protect themselves. In this case, it means being cautious when installing new software or browser extensions and watching for any suspicious behavior or activity.

    Read the original article on Tech Explore.

    Read more: The Green Hydrogen Time, as a Renewable Energy Sources.