extortion Archives

AppWizard

February 24, 2025

Android App on Google Play Targets Indian Users to Steal Login Credentials

A recently uncovered Android application, Finance Simplified (package: com.someca.count), is a malware platform disguised as a financial management tool for Indian users. It has rapidly gained downloads, increasing from 50,000 to 100,000 in one week. The app uses location-based targeting to present unauthorized loan applications and redirects users to external websites that bypass Google Play’s security. It requests extensive permissions, including access to location data, contacts, call logs, SMS messages, clipboard content, and external storage, and stealthily collects sensitive information like passwords and credit card numbers, which are sent to a command-and-control server on Amazon EC2. The app employs tactics such as dynamic WebView manipulation to present fake loan applications, persistent data harvesting, and blackmail through altered user photos. Finance Simplified is part of a network of fraudulent apps that falsely claim registration with Indian financial regulators and have been removed from the Play Store for fraudulent activities. Users are advised to scrutinize app permissions and avoid downloading unverified applications.

Winsage

February 19, 2025

A new and dangerous keylogger is on the loose – here’s how to stay safe

Cybersecurity experts at Fortinet have identified a new threat called the Snake Keylogger, which has been involved in over 280 million blocked infection attempts. This malware uses advanced obfuscation techniques, making it difficult to detect and neutralize, and poses risks to individuals and organizations by allowing attackers access to sensitive data. Cybersecurity professionals recommend proactive defense strategies, including keeping antivirus software updated and educating users about cybersecurity issues. Fortinet has not revealed the creators of the Snake Keylogger or specific industries it targets.

Winsage

December 15, 2024

Dangerous New Windows Drive-By Security Alert—What You Need To Know

Cloak ransomware, emerging in 2022, has quickly become a significant threat in the cyber landscape, with a new variant raising concerns due to its advanced capabilities. The group uses initial access brokers and social engineering techniques, including phishing and malicious advertising, to gain network access. The ransomware employs a drive-by download method, disguising itself as legitimate system updates. Cloak may have connections to the Good Day ransomware group and utilizes a variant derived from leaked Babuk ransomware source code. Once delivered, it employs sophisticated mechanisms for extraction and privilege escalation, terminating security processes and modifying system settings to hinder recovery. The encryption process uses Curve25519 and SHA512 algorithms, and it exhibits advanced evasion techniques. Cloak ensures payload persistence by altering Windows registry entries and restricting user actions, disrupting essential system utilities and leading to operational downtime. Its extortion tactics include disguising ransom notes as desktop wallpapers and employing intermittent encryption to maximize damage. The ransomware deletes shadow copies and backups, complicating recovery efforts. Cloak also utilizes a data leak site to publish or sell stolen data if ransom demands are not met, claiming a ransom payment success rate of 91% to 96%. Windows users are advised to implement comprehensive security measures to reduce the risk of attacks.