October 5, 2019 – Making the rounds lately is a new Android malware that disguises either as a mobile messenger or cryptocurrency app that targets traders, organizations while at the same time continually infiltrating cybersecurity vendors.
The new findings from Kaspersky reveal that Crypto App-disguising malware has a relationship to KONNI, a Windows malware strain that has targeted organizations and persons who have an interest in Korean political affairs. The malware can also take control of an infected Android device to steal personal cryptocurrency. Note that it does not steal crypto from specific trading apps or switch wallet addresses. Kaspersky said:
“They implement full-featured functionalities to control an infected Android device and steal personal cryptocurrency using these features. We worked closely with a local CERT in order to take down the attacker’s server, giving us a chance to investigate it.”
Kaspersky’s investigation leads it to the Lazarus group, a cybercrime group to which many cyberattacks have been attributed in the last decade. The group has been found making targeted attacks on financial institutions. Kaspersky said it has seen not just attempt to breach banks but also investment companies and cryptocurrency exchanges in Southeast Asia. The security firm is advising companies in the Asia Pacific Region to “be vigilant and take precautions to guard against such attack,” says Kaspersky Director of Global Research and Analysis Costin Raiu.
Lastly, Kaspersky confirms the threat actors are refreshing their toolsets to avoid detection. Upon discovery of threats however, it is not always immediately clear whether the tools are already revamped or not.
When it comes to mobile exploits, it is confirmed to continue “fetch very high prices”.
While threats will likely continue, it is important for any individual to do their part to keep their online identities and data safe. Paypal, which last September revealed that the cybercriminals’ focus has shifted to Asia Pacific, it is important to keep the user’s online payment transactions safe. Among the ideas shared include setting up two-factor authentications and not sharing of personal information to untrusted online websites.
Malware is one of the 4 cyberthreats that must be continually watched in 2019. In a separate report, malware joins crypto-jacking, ransomware, and drive-by-downloads as the too threats to users online. Crypto-jacking, in particular, is an attack by which the criminal will use the users’ gadgets to mine cryptocurrency, leading to a fast battery drain and of course, the stealing of cryptocurrency.
This article is published on BitPinas: New Android Malware Disguises as Crypto App