Dec 09 2022

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

Category: Hacking,MalwareDISC @ 1:44 pm

ThreatFabric’s security researchers have reported a new dark web platform through which cybercriminals can easily add malware to legitimate Android applications.

Dubbed Zombinder, this platform was detected while investigating a campaign in which scammers were distributing multiple kinds of Windows and Android malware, including Android banking malware like Ermac, Laplas “clipper,” Erbium, and the Aurora stealer, etc.

This comes just days after a new dark web marketplace called InTheBox surfaced online, serving smartphone malware developers and operators.

Further probe helped researchers trace the adversary to a third-party dark web service provider called Zombinder. It was identified as an app programming interface binding service launched in March 2022.

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

According to ThreatFabric’s blog post, numerous different threat actors are using this service and advertising it on hacker forums. On one such forum, the service was promoted as a universal binder that binds malware with almost any legitimate app.

The campaign is designed to appear as it helps users access internet points by imitating the WiFi authorization portal. In reality, it pushes several different malware strains.

What does Zombinder Do?

In the campaign detected by ThreatFabric’s researchers, the service is distributing the Xenomorph banking malware disguised as the VidMate app. It is distributed via modified apps advertised/downloaded from a malicious website mimicking the application’s original website. The victim is lured to visit this site via malicious ads.

The Zombinder-infected app works just as it is marketed while the malicious activity carries on in the background and the victim stays unaware of the malware infection.

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

At the moment, Zombinder is focusing entirely on Android apps but the service operators are offering Windows apps binding services. Those who downloaded the infected Windows app were delivered the Erbium stealer as well. It is an infamous Windows malware distributed to steal stored passwords, cookies, credit card details, and cryptocurrency wallet data.

It is worth noting that two downloaded buttons on the malicious website’s landing page, one for Windows and the other for Android. when a user clicks on the Download for Windows button, they are delivered malware designed for Microsoft operating system, including Aurora, Erbium, and Laplas clipper. Conversely, the Download for Android button distributes the Ermac malware.

How to Stay Protected?

If you want to stay safe, do not sideload apps even if you are desperate to make a specific product work. Also, avoid installing apps from unauthentic or unknown sources onto your Android mobile phone and rely on legitimate sources such as Google Play Store, Amazon Appstore, or Samsung Galaxy Store. Always check the app’s rating, and reviews, and check out the app developers’ website before installing a new app.

Cyber Deep Web

Tags: Cyber Deep Web, dark net, dark web, Zombinder


Nov 03 2021

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Category: Access Control,Cyber Threats,CybercrimeDISC @ 9:02 am

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains.

Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. 

These organizations provide essential services to the global supply chain in multiple industries, they operate air, ground and maritime cargo transport on several continents.

Experts believe threat actors selling initial access to the organizations have obtained these credentials by expliting well-known vulnerabilities in remote access solutions, including Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall.

Intel 471 experts monitored the activities on the Dark Web over the past few months and observed a prevalence in the listing of offers for initial access to organizations operating in the global supply chain are.

The experts provided multiple examples of the offers they have found:

Disrupting Logistics: Startups, Technologies, and Investors Building Future Supply Chains – “This book presents readers with a straightforward and comprehensive assessment of supply chain innovation and trends and their impact on the industry. With contributions from several industry leaders, it provides critical knowledge and insight that supply chain and logistics managers need to implement disruptive technologies strategically.” 

Tags: dark net, dark web, shipping and logistics


Apr 08 2021

Italian charged with hiring “dark web hitman” to murder his ex-girlfriend

Category: Cyber Espionage,Web SecurityDISC @ 8:35 am

In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of “hiring a hitman on the dark web”.

According to Europol:

The hitman, hired through an internet assassination website hosted on the Tor network, was paid about €10,000 worth in Bitcoins to kill the ex-girlfriend of the suspect.

Heavy stuff, though Europol isn’t saying much more about how it traced the suspect other than that it “carried out an urgent, complex crypto-analysis.”

In this case, the word crypto is apparently being used to refer to cryptocurrency, not to cryptography or cryptanalysis.

In other words, the investigation seems to have focused on unravelling the process that the suspect followed in purchasing the bitcoins used to pay for the “hit”, rather than on decrypting the Tor connections used to locate the “hitman” in the first place, or in tracing the bitcoins to the alleged assassin.

Fortunately (if that is the right word), and as we have reported in the past, so-called dark web hitmen often turn out to be scammers – after all, if you’ve just done a secret online deal to have someone killed, you’re unlikely to complain to the authorities if the unknown person at the other end runs off with your cryptocoins:

Tags: dark net, dark web


Jul 14 2020

A hacker is selling details of 142 million MGM hotel guests on the dark web

Category: Data Breach,Hacking,Security BreachDISC @ 11:06 am

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

Source: A hacker is selling details of 142 million MGM hotel guests on the dark web | ZDNet

According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.

mgm-empire.png

MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020
httpv://www.youtube.com/watch?v=vlPE-4Tjnrc



Protect Your Organization Against Massive Data Breaches and Their Consequences

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: dark net, dark web


Jun 26 2020

Police arrested 32 people while investigating underground economy forum

Category: CybercrimeDISC @ 12:20 pm

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum.

Source: Police arrested 32 people while investigating underground economy forum

Exploring the Dark Web
httpv://www.youtube.com/watch?v=BN1NU0ivzj8



Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge




Tags: black market, dark net, dark web