Zaraza Malware Exploits Web Browsers To Steal Stored Passwords

andreasc
-
0
Zaraza Malware Exploits Web Browsers To Steal Stored Passwords
[ad_1]

Researchers have found new malware targeting web browsers in active campaigns. Identified as the Zaraza bot, the malware steals login credentials and other information from web browsers, including Google Chrome, Microsoft Edge, Brave, and others.

Zaraza Malware Steal Data Via Web Browsers

According to the details shared in a blog post, the research team at Uptycs discovered a new malware in the wild actively targeting dozens of web browsers.

Briefly, the malware bot, identified as “Zaraza” (which means “infection” in Russian), works as a potent data stealer. It targets 38 different web browsers, including popular ones like Google Chrome, Brave, Opera, Yandex, and Microsoft Edge, to steal stored passwords and other information.

Harvesting this data enables the malware to pilfer a wide range of sensitive details, such as passwords for bank accounts, cryptocurrency wallets, social media sites, and more. In worst cases, such stolen data may even lead to huge financial losses, and identity theft, affecting both individual users and organizations alike.

The malware caught the researchers’ attention while malware hunting when they encountered the malicious binary and analyzed it in a sandboxed environment. The researchers observed the malware targeting the folders containing web browser credentials. For now, the malware typically exhibits data-stealing capabilities and specifically aims for login credentials.

After stealing the desired information, the malware transmits it to its C&C over Telegram channels. Tracing the link unveiled the malware to have Russian origin.

Until the time of disclosure, the malware’s Telegram channels remained active, indicating the potential for this campaign to continue for long. Although, the fate of stolen login data presently remains unclear. However, the researchers suspect that the attackers may intend to sell the stolen credentials later on the dark web.

At present, the Zaraza bot campaign doesn’t seem to have one link only, as the bot is commercially available. Hence, any interested threat actors may purchase the bot for their own malicious campaigns.

Let us know your thoughts in the comments.


[ad_2]
Source link

WhatsApp introduces new security features

andreasc
-
0
WhatsApp introduces new security features
[ad_1]

WhatsApp has announced several new security features, including one that makes it a lot easier for you to verify the contact you are communicating with.

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijack their account.

This Account Protect feature may have been triggered by an increase in account take-overs, like the one we reported about a few months ago, where cybercriminals take over your account while you are away from your device.

new device prompt

Another new security feature is Device Verification, which is mainly meant to stop malware on a device from sending spam and phishing messages. This specifically targets fake versions of WhatsApp that contain malware. WhatsApp uses cryptographic keys to ensure that communications across the app are end-to-end encrypted. One of these encryption keys is the authentication key. The authentication key allows a WhatsApp client to connect to the WhatsApp server to establish a connection based on previously established trust, so the users don’t have to enter a password, PIN, SMS code, or other credential each and every time they turn on the app.

This mechanism is secure because the authentication key cannot be intercepted by any third party, including WhatsApp. But, if a device is infected with malware the authentication key can be stolen and abused for nefarious purposes. These purposes include impersonating the victim to send spam, scams, and phishing attempts to other potential victims.

WhatsApp uses three different methods that benefit from how people typically read and react to messages sent to their device to distinguish between a connection request of the actual user or one started by malware.

The Device Verification feature is only available for Android users at the moment, iOS users can expect it to be rolled out shortly.

The third new feature we want to highlight is Key Transparency, which allows users to automatically check they are using a secured connection. End-to-end encryption is the foundation of private messaging on WhatsApp, helping to ensure that only you and the person you’re communicating with can read what’s sent, and nobody in between, not even WhatsApp.

In fact, the option to verify the keys on the other end of the conversation already existed, but the method was rather complicated—comparing a a 60-digit number—and this feature can now be replaced with a new Auditable Key Directory (AKD). This AKD means that WhatsApp has a Security Page for each contact that has a QR code and a 60-digit number that can be verified outside of WhatsApp to make sure it matches what your contact sees on their device. In short, it’s a unique hash of both your public keys and their public keys, so if either of you have the wrong value, the hashes won’t match.

The old methods required QR code scanning for in person contact, or the number matching feature. But either way required communicating with your contacts outside of WhatsApp and was near impossible to do in larger groups.

Making WhatsApp more secure

These security features will be made available for all devices in the coming months. Until then there are a few things you can do yourself to make WhatsApp more secure.

  • Only install WhatsApp from the Apple App Store or Google Play, to avoid getting an infected version of the app.
  • Enable two-step verification:
  1. Open Settings in WhatsApp under More (three vertical dots) > Settings
  2. Tap Account > Two-step verification > Enable.
  3. Enter a six-digit PIN.
  4. Enter an email address, or tap Skip if you don’t want to. WhatsApp says it recommends adding an email address so you can reset two-step verification if you need to.
  5. Tap Next.
  6. Confirm the details and tap Save or Done.
  • Use of end-to-end encrypted backups:
    1. Open Settings in WhatsApp under More (three vertical dots) > Settings
    2. Tap Chats > Chat Backup > End-to-end Encrypted Backup.
    3. Tap Turn On, then follow the prompts to create a password or key.
    4. Tap Create, and wait for WhatsApp to prepare your end-to-end encrypted backup. You might need to connect to a power source.

    Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

    TRY NOW


    [ad_2]
    Source link

    Snapchat’s My AI is now available to everyone

    andreasc
    -
    0
    Snapchat’s My AI is now available to everyone
    [ad_1]

    AI is showing its face more places in the tech industry, and it made a stop by Snapchat. A while back, the company released its own AI-powered chatbot named My AI as a perk for Snapchat+ users. Now, the company is bringing My AI to everyone.

    Snapchat released the chatbot back in March, and we were able to test it out. If you want to know more about this chatbot, you can check out our rundown of everything you need to know. It goes into what this bot can and can’t do and discusses its best uses.

    My AI is now available to everyone

    As stated before, this feature was only accessible to people who had Snapchat+. It was only a matter of time before it would make its way to the general public. If you have the Snapchat app, then you’ll want to make sure that it’s fully updated.

    Find Snapchat on the Google Play Store or the Apple App Store and see if there is an option to update the app. If you update the app and you still don’t see it, then you might want to wait a few days. It’s probably still rolling out.

    What is this chatbot?

    If you have My AI, you should get a chat message from it. When you get the message, you’ll enter a regular chat conversation as though you’re talking to your contacts.

    So, what is My AI? Well, it’s ChatGPT built into Snapchat. Snap partnered with OpenAI to integrate its powerful chatbot into Snapchat. So, when you’re in chatting with My AI, all of the responses you get will be generated with AI.

    This means that you’ll be able to ask it all sorts of questions, get tips, generate all sorts of content, and have a conversation using My AI. While that’s true, it’s not a mirror image of ChatGPT. There are differences. If you want to know the differences, be sure to check out the abovementioned article.


    [ad_2]
    Source link

    MacBook Air 15-inch is unsurprisingly set to launch with M2 chipset

    andreasc
    -
    0
    MacBook Air 15-inch is unsurprisingly set to launch with M2 chipset
    [ad_1]

    There’s been a lot of rumors about a larger MacBook Air. Specifically, a 15-inch model. Which would be the first time that the MacBook Air has gone larger – it has gone smaller before, but that didn’t last long. Many are expecting that Apple will release the MacBook Air 15 at WWDC in June. But it looks like it won’t be getting a new chipset.

    Apparently, Apple was planning to launch this MacBook Air with the new M3 chipset. But that is no longer the plan. It’ll come with the M2 chipset that the smaller MacBook Air already has.

    While some are saddened to see this, it’s not really a surprise. Since we haven’t gotten all of the M2 chips yet – like the M2 Max and M2 Ultra. But then again, the M2 was supposedly a stop-gap for Apple, before it could move to a new process for the M3.

    Apple’s M3 chipsets are expected to be announced at a later date

    Right now, Apple is expected to announce the M3 a bit later on. Which is also going to represent a transition for Apple from the current 5-nanometer standard on M1 and M2 chips, to a new 3-nanometer process. This is going to make the chip smaller, more power efficient and also more powerful. This is the same process that is set to be used in the iPhone 15 series.

    The M3 is likely when we’ll see the new Mac Pro. Which is really the last Mac that is still sitting on Intel processors. It wouldn’t make a whole lot of sense for Apple to move the Mac Pro over to the M2 now, since it skipped the M1 for Mac Pro. Might as well wait for the new M3 on that 3nm process. The Mac Pro is also for a much smaller niche of people, and those people don’t upgrade their machines that often. So this does make a lot of sense.


    [ad_2]
    Source link

    Netflix is upgrading its ad-supported plan with 1080p streaming quality and simultaneous streams

    andreasc
    -
    0
    Netflix is upgrading its ad-supported plan with 1080p streaming quality and simultaneous streams
    [ad_1]

    Netflix has announced upgrades to its basic ad-supported subscription plan, which was launched last year as a lower-cost option for those who wished to use the service without breaking the bank. Improvements include better streaming quality and simultaneous streams.

    Netflix’s is enhancing its Basic with Ads plan by increasing the video quality from 720p to 1080p without any additional charges. The plan, which costs $6.99 per month, will now also permit up to two simultaneous streams per account.

    Though first met with a significant amount of concern among subscribers, according to a letter sent to shareholders revealing the first-quarter earnings for 2023 (via Apple Insider), the ad-supported program has proven to be more successful than the $15.49 monthly Standard plan without advertisements. The upgraded Basic with Ads plan will be introduced first in Canada and Spain, with a gradual rollout to other advertising markets, including Australia, Brazil, France, Germany, Italy, Japan, South Korea, the UK, and the US.
    Netflix’s Q1 revenue reached $8.1 billion, in line with its forecast, and it expects revenue of $8.2 billion for Q2, a 3% year-over-year increase. The ad-supported tier occasionally plays ads in the middle of programming, with each streaming hour containing four to five minutes of commercial time. This move by Netflix was seen as a way to increase revenue and keep subscription costs low.


    The upgraded plan is definitely an improvement from the old one and should incentivize more users to sign up. Netflix has been fighting an uphill battle lately, trying to stop the bleed on its subscription numbers, a feat that seems to have been successful with the launch of the ad-supported tier – at least partially.

    Additionally, Netflix has been trying to find ways to stop its users from sharing account information with their loved ones, and thus not paying for additional subscriptions. Even going as far as restricting password sharing to only users with a Standard ($15.49/month) and Premium ($19.99/month) subscription, adding to the cost with every additional person the account information is shared with.

    [ad_2]
    Source link

    Members of congress affected by data breach

    andreasc
    -
    0
    Members of congress affected by data breach
    [ad_1]

    DC Health Link, the provider of health insurance for those in the United States (US) Government, has suffered a data breach that affects over 50,000 people. 

    The breach, which took place on March 6, saw an unauthorized party gain access to the data of 56,415 current and past customers of DC Health Link, including 585 staff members and 17 members of the US Congress. 

    In a message sent to employees on March 8, the US House of Representatives explained that the data breach has “potentially expos[ed] the Personal Identifiable Information (PII) of thousands of enrollees”.  
    After the breach was discovered, DC Health Link reported it to the FBI and Google-owned cyber security firm Madinat. Following this, the health insurance company notified six other federal agencies whose employees use DC Health Link for their health insurance. 

    Mila Kofman, executive director of DC Health Link, submitted documents ahead of her testimony before the House Oversight Committee on April 19, revealing that the data breach was caused by a misconfigured cloud server.

    This misconfiguration was, according to Kofman, caused by human error rather than malicious intentions, and once discovered was shut down immediately by the security manager at DC Health Link. 

    When surveyed by Cyber Security Hub, one in four (25 percent) of cyber security professionals said that their companies were investing in cloud security capabilities. As more companies invest in and migrate to the cloud, they should be aware of the risks and ensure that protections are put in place to prevent attacks and breaches.

    Matt Kerr, CEO and founder of appliance repair site Appliance Geeked, notes that while the cloud-based data storage can be equipped with cyber security measures to prevent data breaches, if a company hosts a large amount of valuable customer data, even a partial breach can have far-reaching negative effects.

    This is because a company’s cloud storage contains “enormous hoards of extraordinarily valuable data”, even if an attacker only gains access to a fraction of this data, they can do real damage with it. 


    [ad_2]
    Source link

    Ex-Conti and FIN7 Hackers Team Up To Develop Domino Malware

    andreasc
    -
    0
    Ex-Conti and FIN7 Hackers Team Up To Develop Domino Malware
    [ad_1]
    Domino

    The X-Force team at IBM has recently found a new malware family known as “Domino,” made by ITG14, aka FIN7, a notorious group of cyber criminals.

    ITG23, a Trickbot/Conti gang monitored by X-Force, has been deploying the newly discovered malware, “Domino,” since February 2023.

    The former members of this group have been using it to distribute information-stealing software:-

    • Project Nemesis
    • Cobalt Strike

    The recent cyberattacks utilizing the Dave Loader to inject the Domino Backdoor are possibly linked to former members of ITG23.

    EHA

    The new malware family was likely obtained and used by these individuals in collaboration with current or former ITG14 developers.

    Here Dave is a loader developed by the Trickbot/Conti members. While it’s believed to be composed of ex-members of the Trickbot/Conti syndicate, namely:- 

    Cybersecurity experts also discovered that Dave samples are being used to load the new malware called “Domino Backdoor.”

    Domino Backdoor

    With this new backdoor, gathering information about the system at the primary level is possible.

    It then transmits the data gathered to the C2 and receives a payload encrypted with AES.  

    This backdoor is completely capable of gathering information about the system.

    It then transmits the data gathered to the C2 and receives a payload encrypted with AES.

    Cybersecurity researchers recently detected Cobalt Strike beacons deployed by this loader with the ‘206546002’ watermark.

    This watermark was previously observed in ransomware attacks by ex-Conti members during the Royal and Play operations.

    Domino Backdoor is mainly a 64-bit DLL, and the system data that it gathers are like:-

    • Running processes
    • Usernames
    • Computer names

    Upon installation of the backdoor, Domino Loader downloads an embedded info-stealer built on .NET, ‘Nemesis Project,’ which is then executed.

    Project Nemesis can easily gather credentials from the following sources where they are stored in:

    • Browsers 
    • Applications
    • Cryptocurrency wallets
    • Browser history

    Collab of ex-Conti members and FIN7

    Cybercriminals are always looking for new opportunities, and it’s no surprise that ransomware threat actors often collaborate with other groups to disseminate the malware.

    Things are getting shady in the world of cybersecurity! As time goes on, it’s becoming harder to distinguish between malware developers and ransomware gangs.

    IBM’s latest findings have shed light on an exciting discovery. Apparently, the ‘NewWorldOrder’ loader, usually associated with FIN7’s Carbanak attacks, has been used to spread the Domino malware.

    Dave Loader was discovered to be spreading the Domino malware, which then installs either Project Nemesis or Cobalt Strike beacons that are believed to be linked to the ransomware actions of a former member of the Conti group.

    It’s challenging to track threat actors when they use malware linked to multiple groups in one campaign. As it clearly shows how complicated it could be.

    Building Your Malware Defense Strategy – DownloFree E-Book

    Also Read

    Chinese APT Hackers Using Custom Versions of Cobalt Strike to Deploy Backdoor Malware

    Hackers Abusing Open RDP ports For Remote Access using Windows Backdoor Malware

    Chinese APT Hacker Group Using Old Windows Logo to Hide a Backdoor Malware

    TA505 APT Hackers Launching ServHelper Backdoor Malware via Weaponized Excel Documents


    [ad_2]
    Source link

    A week in security (April 10

    andreasc
    -
    0
    A week in security (April 10
    [ad_1]

    The most interesting security related news from the week of April 10 – 16.

    Last week on Malwarebytes Labs:

    Exclusive ransomware reports:

    Stay safe!

    Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

    TRY NOW


    [ad_2]
    Source link

    Xiaomi 13 Ultra is already getting its very first update

    andreasc
    -
    0
    Xiaomi 13 Ultra is already getting its very first update
    [ad_1]

    The Xiaomi 13 Ultra launched a couple of days ago in China, and it’s already getting its first update. Our review unit received this update which is marked as ‘MIUI 14.0.8.0 TMACNXM’. It’s based on Android 13, as was the build before it.

    Now, it’s worth noting that the phone launched in China, and even though it’s coming to global markets, that launch event did not occur just yet. It will happen at a later date. Still, even though the phone launched in China, it’s not yet available to purchase. Pre-orders are active, but the phone is not yet shipping to consumers, that will happen tomorrow, on April 21. That’s also when the device goes on sale in the country.

    The Xiaomi 13 Ultra gets its very first update, and it’s not even available yet

    Having said all that, we did get a review unit from Xiaomi, hence this info. All consumers that purchase the phone will likely have this update waiting for them once they establish a network connection.

    So, what’s this update bringing to the table? Well, the changelog says that the update will “improve the overall device experience, boost system stability, and increase image quality”.

    Xiaomi did detail some changes in the ‘Camera’ section. The company says that it optimized image quality for “specific scenes”, though without details. It did also say that the default zoom rate for Quick snap mode got changed to 1.5x.

    The last camera entry claims that the focal length options for Quick snap mode changed to 0.6m/1.2m/5m. The ‘Mi Wallet’ has also been improved. The company says that the transit card functionality for various locations has been optimized. That doesn’t really concern you, however, as this change is exclusive to China and won’t affect you if you’re using the device.

    This is a smaller update meant to fine-tune the experience

    That’s basically it. This is not a huge update, Xiaomi obviously just wanted to tweak some things before the phone becomes available. Xiaomi is expected to announce a global launch for this phone soon. It was confirmed earlier that the phone is coming to global markets, so… we’re waiting.

    The Xiaomi 13 Ultra is actually a truly powerful smartphone. It’s the most powerful device Xiaomi ever released. It comes with the Snapdragon 8 Gen 2, a 5,000mAh battery, 90W wired charging, 50W wireless charging, and more.

    The phone features four 50-megapixel cameras on the back, led by a 1-inch sensor that has variable aperture too. Leica lenses can be found on all four cameras here, in case you were wondering. If you’d like to get more spec info, click here.

    Xiaomi 13 Ultra first update


    [ad_2]
    Source link

    Adobe is bringing Firefly Generative AI Tools to video creation

    andreasc
    -
    0
    Adobe is bringing Firefly Generative AI Tools to video creation
    [ad_1]

    It’s no secret that creating professional videos and movies can be a daunting task, often requiring significant manpower and financial investment. Now, in an effort to address these challenges, Adobe has introduced its new suite of generative AI editing tools, Firefly. Built on the company’s Sensei AI program, Firefly can help enhance, manipulate, and edit videos with just a few typed commands, thus eliminating the need for an extensive workforce.

    Enhancing video editing with AI

    While filters are a great way to quickly colour-correct a video, they can be limiting for users who want more artistic control. Firefly allows users to describe the exact look they want to achieve, and the AI will do the rest. Additionally, the AI also enables users to make specific edits to their videos, such as brightening up a subject’s face without affecting the rest of the shot. Similarly, users can use the AI tool to create professional-looking motion graphics by just describing them to the AI.

    Moreover, Firefly can generate custom sounds and music, create subtitles, logos, and title cards, and recommend b-rolls. This helps editors and storyboarders save time and company resources.

    However, it is also important to note that the results demonstrated by Adobe may differ from Firefly’s real-world performance. But, if successful, these tools could be a massive time saver for video creators and could lead to higher production of short-form content on platforms like TikTok.

    Copyright Considerations and the Future

    Ever since their release, AI companies have come under scrutiny for using copyrighted images to train their image generators. However, Adobe claims that Firefly was trained on a limited number of images that are either in the public domain or part of Adobe Stock, thus solving the copyright issues. Additionally, Adobe has also announced upgrades to the suite that will be available later this year, further enhancing Firefly’s capabilities with Creative Cloud video and other audio applications.


    [ad_2]
    Source link
    1...1,2981,2991,300...1,470Page 1,299 of 1,470