#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

McAfee | Breaking Cybersecurity News | The Hacker News

MoqHao Android Malware Evolves with Auto-Execution Capability

MoqHao Android Malware Evolves with Auto-Execution Capability
Feb 09, 2024 Mobile Security / Cyber Threat
Threat hunters have identified a new variant of Android malware called  MoqHao  that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs  said  in a report published this week. "While the app is installed, their malicious activity starts automatically." The campaign's targets include Android users located in France, Germany, India, Japan, and South Korea. MoqHao, also called Wroba and XLoader (not to be confused with the  Windows and macOS malware  of the same name), is an Android-based mobile threat that's associated with a Chinese financially motivated cluster dubbed  Roaming Mantis  (aka Shaoye). Typical  attack chains  commence with package delivery-themed SMS messages bearing fraudulent links that, when clicked from Android devices, lead to the deployment of the malware b

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices
Dec 27, 2023 Privacy / App Security
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed  Xamalicious  by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives. It's also capable of gathering metadata about the compromised device and contacting a command-and-control (C2) server to fetch a second-stage payload, but only after determining if it fits the bill. The second stage is "dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps, among other actions financially motivated without user consent," security researcher Fernando Ruiz  said . The cybersecurity firm said it identified 25 apps that come with this active thr

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Aug 31, 2022
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole  said . "The latter borrows several phrases from another popular extension called GoFullPage." The browser add-ons in question – available via the Chrome Web Store and downloaded 1.4 million times – are as follows - Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) - 800,000 downloads Netflix Party (flijfnhifgdcbhglkneplegafminjnhn) - 300,000 downloads Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) - 200,000 downloads AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) - 20,000 downloads The extensions are designed to load a pi

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries
Oct 04, 2021
A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang — referring to their chameleellonic capabilities, including disguising "its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google."  "To achieve their goal, the attackers used a trending penetration method—supply chain," the researchers  said  of one of the incidents investigated by the firm. "The group compromised a subsidiary and penetrated the target company's network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method […], the ChamelGang group was able to achieve its goal a

Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened

Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened
Apr 29, 2013
McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place. The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2. " We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks ," wrote McAfee's Haifei Li. McAfee declined to reveal the details of the vulnerability as Adobe i

What does the Poetry with Citadel trojan ?

What does the Poetry with Citadel trojan ?
Feb 23, 2013
Recently we published an article on the attacks against Japanese banks using a new variant of the popular Zeus , one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms . Due its flexibility the malware has been re-engineered several times by cyber criminals that adapted its structure to specific purposes and context, leaving unchanged its core capabilities of stealing banking credentials of victims. Zeus has been a huge success in the criminal circles especially for the sales model, as malware as service, implemented by its authors on many underground sites, let's remind for example the Citadel Trojan one of the most popular on the crimeware market. Fortunately its author, known as Aquabox , has been banned from a large online forum that sells malware and other services to cyber criminals, but many security firms consider Citadel Trojan still very

John McAfee accused of murder, wanted by Belize police

John McAfee accused of murder, wanted by Belize police
Nov 12, 2012
John McAfee, who started the antivirus software giant named after him, has been accused of murder in Belize and wanted.  Gizmodo reports that McAfee has been living in Belize for a while now, spending most of his time there experimenting with drugs. McAfee's marketing slogan: " Safe is not a privilege. It is a right. " This news comes just a few days after Gizmodo ran a long story about McAfee's increasingly erratic and borderline criminal behavior. In it, he sounds paranoid as he talks about people wanting to take his money and kill him and he admits to having associated with gangsters in Belize. McAfee had taken to " posting on a drug-focused Russian message board...about his attempts to purify the psychoactive compounds colloquially known as 'bath salts, '" Gizmodo wrote. The scariest aspect of this story may be the fact that an entire lab was constructed for John McAfee's research purposes. Because of his efforts to extract chemicals
Cybersecurity Resources