Detected a Trojan that emulates the WhatsApp account and fraudulently manages subscriptions to payment sites
17/10/2022Kaspersky researchers has reported that YoWhatsApp advertised on Snaptube and Vidmate, two of the most popular download platforms at the moment, is actually a Trojan capable to issuing paid subscriptions and stealing WhatsApp accounts. YoWhatsApp would act as a mod of the original messaging program, offering new functions that the official service does not allow, such as wallpapers, personalized fonts for chats and password-protected access to conversations, .... As Kaspersky researchers have explained, when a user installs YoWhatsApp on a device, it’s forced to log in to they real application account, and in this moment, Triada Trojan is activated, downloaded and executed on the terminal. Once this is done, the Trojan is capable of accessing the user's real WhatsApp account credentials, steal all the data, having already detected unauthorized subscriptions to paid subscriptions. Kaspersky recommends to install, only, Apps from official stores and reliable sources and they have insisted on the need to check always the permissions granted to each application. Installing an antivirus is another recommended measure.
[ ... ]
A fraudulent email simulates a WhatsApp Backup and installs a Trojan
29/09/2021WhatsApp users, Internet users' associations and also some police officers have alerted through social networks about a new virus that arrives by email with the subject "Backup of WhatsApp messages. This email offers a link to download the history of conversations in this application, which should not be clicked if you don’t want to install a Trojan on your device. The message arrives with the same appearance and usual colors of WhatsApp and provides supposed information about the number of messages deleted, restored and read through the application, looking like a real information and causing confusion in the victims If we receive the message but we don`t use the link, the Trojan will not run and we only need to delete the message to get rid of the virus. But if we have opened the link, or downloaded and opened the zip file that arrives in some emails, then the device will be infected, and we will need to use an antivirus to detect the malicious software and destroy it.
[ ... ]
A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]