#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Banking Fraud | Breaking Cybersecurity News | The Hacker News

Category — Banking Fraud
Czech Mobile Users Targeted in New Banking Credential Theft Scheme

Czech Mobile Users Targeted in New Banking Credential Theft Scheme

Aug 20, 2024 Mobile Security / Banking Fraud
Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to sidestep security protections and steal their banking account credentials. The attacks have targeted the Czech-based Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and a Georgian Bank, according to Slovak cybersecurity company ESET. "The phishing websites targeting iOS instruct victims to add a Progressive Web Application ( PWA ) to their home-screens, while on Android the PWA is installed after confirming custom pop-ups in the browser," security researcher Jakub Osmani said . "At this point, on both operating systems, these phishing apps are largely indistinguishable from the real banking apps that they mimic." What's notable about this tactic is that users are deceived into installing a PWA, or even WebAPKs in some cases on Android, from a third-party site without having to specificall...
Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials

May 10, 2024 Cybercrime / Banking Fraud
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team  said  in a recent report. The distribution vector for the campaign is currently unclear. However, once the app is installed on the users' phones, it requests them to grant it permissions to the accessibility services and the  device administrator API , a now-deprecated feature that provides device administration features at the system level. Obtaining these permissions allows the rogue app to gain control over the device, making it possible to carry out arbitrary actions ranging from data theft to malware deployment without the victims' knowledge. The malware is designed to establish connections with a comman...
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

Mar 11, 2024 Phishing Attack / Mobile Security
Users in Brazil are the target of a new banking trojan known as  CHAVECLOAK  that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin  said . The attack chain involves the use of contract-themed DocuSign lures to trick users into opening PDF files containing a button to read and sign the documents. In reality, clicking the button leads to the retrieval of an installer file from a remote link that's shortened using the Goo.su URL shortening service. Present within the installer is an executable named "Lightshot.exe" that leverages DLL side-loading to load "Lightshot.dll," which is the CHAVECLOAK malware that facilitates the theft of sensitive information. This includes gathering system metadata and running checks to determine whether the compromis...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
This Android File Manager App Infected Thousands of Devices with SharkBot Malware

This Android File Manager App Infected Thousands of Devices with SharkBot Malware

Nov 24, 2022
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender  said  in an analysis published this week. SharkBot, first  discovered  towards the end of 2021 by Cleafy, is a  recurring   mobile   threat  distributed both on the Google Play Store and other third-party app stores. One of the trojan's primary goals is to initiate money transfers from compromised devices via a technique called "Automatic Transfer System" ( ATS ), in which a transaction triggered via a banking app is intercepted to swap the payee account with an actor-controlled account in the background. It's also capable of serving a fake login overlay when users attempt to open legitimate banking apps, stealing the credent...
Expert Insights / Articles Videos
Cybersecurity Resources