Cyber Security News of the week — 25.09.2021|01.10.2021

The Good

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that’s known to have an exploit in the wild.

Tracked as CVE-2021–37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and «perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document».

Clément Lecigne of Google Threat Analysis Group has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it’s “aware that an exploit for CVE-2021–37973 exists in the wild”.

Chrome users are advised to update to the latest version for Windows, Mac, and Linux by heading to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaw.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Source —

The Bad

New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

“The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays,” ThreatFabric’s CEO Cengiz Han Sahin said in an emailed statement. First campaigns involving ERMAC are believed to have begun in late August under the guise of the Google Chrome app. Since then, the attacks have expanded to include a range of apps such as banking, media players, delivery services, government applications, and antivirus solutions like McAfee. Almost fully based on the notorious banking trojan Cerberus, the Dutch cyber security firm’s findings come from forum posts made by an actor named DukeEugene last month on August 17, inviting prospective customers to «rent a new android botnet with wide functionality to a narrow circle of people” for $3,000 a month.

DukeEugene is also known as the actor behind the BlackRock campaign that came to light in July 2020. Cerberus, in September 2020, had its own source code released as a free remote access trojan on underground hacking forums following a failed auction that sought $100,000 for the developer. ThreatFabric also highlighted the cessation of fresh BlackRock samples since the emergence of ERMAC, raising the possibility that “DukeEugene switched from using BlackRock in its operations to ERMAC.” Besides sharing similarities with Cerberus, the freshly discovered strain is notable for its use of obfuscation techniques and Blowfish encryption scheme to communicate with the command-and-control server.

Source —

The Ugly

Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users.

Zimperium zLabs dubbed the malicious trojan “GriftHorse.” The money-making scheme is believed to have been under active development starting from November 2020, with victims reported across Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain, the U. One of the apps, Handy Translator Pro, amassed as much as 500,000 downloads. «While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as Trojans, allowing it to take advantage of user interactions for increased spread and infection,” Zimperium researchers Aazim Yaswant and Nipun Gupta said in a report shared with The Hacker News. Like other banking trojans, GriftHorse does not exploit flaws in the Android operating system, but rather socially engineers users into subscribing their phone numbers to premium SMS services upon downloading the apps. In building a stable cash flow of illicit funds, the GriftHorse campaign not only managed to fly under the radar and avoid antivirus detection, but also has generated millions in recurring revenue each month, potentially surpassing hundreds of millions in the total amount plundered from these victims, the researchers noted.

Following responsible disclosure to Google, the apps have been purged from the Play Store.

Source —

First they begin with Us..