Welcome back to this week's security bulletin!

New Android Malware Steals Banking Password, Private Data, and Keystrokes

Malware is widely used against the government or corporate websites to collect surveillance information or disrupt their activity in general. Malware can be used against individuals to obtain personal identification numbers or details, such as bank or credit card numbers and passwords.

A blanket term for malware, viruses, worms, trojans, and other harmful computer programs that are used for malicious software to be used by hackers to gain access to sensitive information. As Microsoft puts it, "Malware is a term used to refer to a single computer, server, or any software designed to infect a computer network."In other words, it identifies malware based on its intended use, rather than a specific technique or technology used to build the software.

A new malware named "Eventbot" has been discovered abusing Android's accessibility features to exfiltrate the facility for accessing sensitive data from financial apps, read user SMS messages and hijack SMS-based two-factor authentication codes. It is targeting over 200 different financial applications, including banking, money transfer services, PayPal business, Revolut, Barclays, Capital One, HSBC, Santander, TransferWise, and cryptocurrency wallets. Coinbase.

The campaign, first identified in March 2020, hides its malicious intent by presenting legitimate applications (example: Adobe Flash and Microsoft Word) on bad APK stores and other shadow websites and requesting extensive permissions on the device when it gets installed. Accessibility settings include access to reads from external storage, permissions to send and receive SMS messages, run in the background, and automatically launch after system boot.

<users-permission android:name=*android.permission.SYSTEM_ALERT_WINDOW"/>
<users-permission android:name=*android.permission.READ_EXTERNAL_STORAGE"/>
<users-permission android:name=*android.permission.REQUEST_INSTALL_PACKAGES"/>
<users-permission android:name=*android.permission.INTERNET""/>
<users-permission android:name=*android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"/>
<users-permission android:name=*android.permission.WAKE_LOCK"/>
<users-permission android:name=*android.permission.ACCESS_NETWORK_STATE"/>
<users-permission android:name=*android.permission.REQUEST_COMPANION_RUN_IN_BACKGROUND"/>
<users-permission android:name=*android.permission.REQUEST_COMPANION_USE_DATA_IN_BACKGROUND"/>
<users-permission android:name=*android.permission.RECEIVE_BOOT_COMPLETED"/>
<users-permission android:name=*android.permission.RECEIVE_SMS"/>
<users-permission android:name=*android.permission.READ_SMS"/>

On user access, EventBot can operate as a keylogger and retrieves notifications about the content of open windows or other installed applications. In addition to exploiting the Android's accessibility services to grab lock screen PIN and transmit all the collected data in an encrypted format to the server controlled by the attacker. The ability to parse SMS messages makes the Banking Trojan a useful tool to bypass SMS-based two-factor authentication, allowing opponents to easily access victim cryptocurrency currencies and steal funds from bank accounts.

According to researchers accessing an attacker's access to a mobile device can have serious business consequences, mainly if the end-user uses their mobile device to discuss sensitive business issues or access enterprise financial information". By the way, we can say that this will lead to brand destruction, loss of personal reputation, or loss of customer confidence.

This is not the first time that mobile malware is targeting financial services. Last month, IBM X-Force researchers described Tricomo, a new trick boat campaign targeted at German users using malware that exploits login features to block single-time passwords (OTP), mobile tan (mtn) and push-tan authentication codes.

The best way to get protected is to disable the installation of apps from unknown sources. We can conclude that: It is best to double-check whether the setting is still active.


Chinese hackers using new iPhone hack to spy Uyghur Muslims

According to the researchers, this is said that a government-linked hacker group that has been deemed inactive for the past two years has silently targeted companies and government agencies, collecting data after password theft and bypassing two-factor authentication. These Hacking companies have been resuming global attacks quietly for years.

A Chinese hacking group has set up a new exploitative network on iOS devices to install a spyware implant targeting the Uyghur Muslim minority in Xinjiang, China's autonomous region

The attack was accomplished by a state-sponsored hacking group called Evil Eye, the same threat that was behind several attacks on the Uyghurs last September after Google's Project Zero team revealed the bomb.

When insomnia gets loaded onto iOS users' devices, they use the same strategy that allows attackers to gain root access and steal contact and location information and target various instant messaging and email clients, including signal, WeChat, and proton mail.

After last year's exposure, the company said it had removed the malicious code from uncompromising websites and removed its command and control (C2) server infrastructure. Websites" launches in January 2020.  It should be noted that due to Apple's restrictions, the open-source browser engine WebKit is based on Safari and other third-party web browsers on iOS, such as Google Chrome and Firefox.

Researchers said that it has been able to confirm the successful exploitation of a 12.3.1-running phone via Apple Safari, Google Chrome, and Microsoft Edge Mobile Browsers.