![]() ESET Research has already seen similar protection being used in another campaign by the Bahamut group.Īll exfiltrated data is stored in a local database and then sent to the Command and Control (C&C) server. ![]() ![]() This layer aims to protect the malicious payload from being triggered right after launch on a non-targeted user device or when being analyzed. Both the activation key and website link are likely sent to targeted users,” adds Štefanko. “Additionally, the app requests an activation key before the VPN and spyware functionality can be enabled. The campaign appears to be highly targeted, as we see no instances in our telemetry data,” explains ESET researcher Lukáš Štefanko, who discovered and analyzed the dangerous Android malware. “The data exfiltration is done via the keylogging functionality of the malware, which misuses accessibility services. The malicious apps were never available for download from Google Play. ESET researchers discovered at least eight versions of the Bahamut spyware, which could mean the campaign is well-maintained. Malicious apps used in this campaign are able to exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as WhatsApp, Facebook Messenger, Signal, Viber, and Telegram. This website has no association whatsoever with the legitimate, multiplatform SecureVPN software and service. Malicious spyware apps are distributed through a fake SecureVPN website that provides only trojanized Android apps to download. ![]() This campaign has been ongoing since the start of this year. To mitigate the risks associated with password leaks, individuals and organizations are advised to adopt various security measures, including using unique passwords for each service, implementing two-factor authentication where possible and utilizing reliable security solutions.BRATISLAVA, KOŠICE - NovemESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. “While users must exercise caution, platform owners can bolster protection by tracking and promptly blocking compromised accounts through specialized services.” “Roblox accounts can be exploited to steal in-game currency Robux, or to pilfer in-game items, or to gain access to premium accounts that allow items to be transferred to other accounts,” Novikova said. However, Roblox accounts remain susceptible to exploitation for in-game currency and valuable items. Read more on these attacks: ChromeLoader Malware Poses as Steam, Nintendo Game Mods Steam accounts seem to be more appealing to cybercriminals due to the potential to find and steal real money on them,” Novikova added. “Criminals target game accounts to steal valuable items, such as real money, in-game currency, and various in-game items, such as expensive skins. The Kaspersky report suggests that accounts from platforms like Steam, offering the potential for real-money theft, are often more appealing. While Roblox account compromises are prevalent, they are not always the primary target for cybercriminals on the dark web. Source: Kaspersky Digital Footprint Intelligence. The dynamics of Roblox account compromises in 2021-2023. As a result, a significant number of compromised accounts have emerged from a game targeted at children,” explained Yuliya Novikova, a security expert at Kaspersky. “In some cases, this deception may appear genuine, as malicious download links can be posted on legitimate and popular social media platforms like YouTube. ![]() The figures come from the latest Kaspersky Digital Footprint Intelligence report, which also suggested the average count of compromised accounts across 11 diverse gaming platforms – including Twitch, Electronic Arts, Sony PlayStation and Steam – has surged by 112% since 2021.Īccording to the security experts, cybercriminals often employ deceptive methods, such as hiding infostealers within cheat code files or sharing malicious download links on popular platforms like YouTube, exploiting the trusting nature of young gamers. Notably, the number of compromised accounts has steadily risen, surging by 231% over the past three years, from approximately 4.7 million in 2021 to 15.5 million in 2023. Between 20, 34 million credentials from the Roblox gaming platform have been exposed on the dark web, marking a significant increase in cybercriminal activity targeting the platform. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |