A Trojan on Google Play. A popular QR code scanner was stealing passwords

The Google Play Store is out of luck with Trojans hidden in applications. This time, the popular banking Trojan known as TeaBot was available again. The program under which he hid was downloaded by over 10,000. Android users.

Tom’s Guide was first informed about the fake application . The program called QR Code & Barcode , in addition to the QR code scanner, was supposed to contain the TeaBot banking Trojan. The latter is able to intercept not only login details for online banking, e-mail or social networking sites . It is especially dangerous because it can catch authentication codes that serve as protection against logging in using stolen passwords .

In order to hide the true purpose of the application, its creators have devoted their time to making it a real QR code scanner that will not arouse any suspicions among users. Hundreds of positive reviews prove this, most likely not fabricated, but actually coming from real Android users.

Although the application is no longer available in the Google Play Store, we still need to be careful and check that the program has not been installed on our smartphone. In the latter case, we should get rid of it as soon as possible. What’s more, if we have been users of this popular application so far, after uninstalling it, it is necessary to change all passwords.

Blackmail Trojans by mail: Notorious hacker group attacks in bizarre ways

In order to crack companies and authorities, hackers use sophisticated tools and complex vulnerabilities. A particularly feared group tried to get through the front door, so to speak, and sent the malicious code by post.

While for years it was random victims who were supposed to pay a ransom of several hundred euros, blackmail Trojans have long since developed into a billion-dollar business. And the hacker groups are increasingly targeting profitable business and government targets. The US Federal Police  FBI is now warning of a particularly brazen attack scam.

It sounds a bit as if it came from the last millennium: Instead of via the Internet and an e-mail, the attack came from the physical world this time – and landed in a package on the desks of the attacked companies. But the USB sticks it contained had a lot to offer: they contained the “BadUSB” and “Bad Beetle USB” programs, with which computers can be taken over simply by connecting the stick.

Danger from the mail department

According to the investigators, the packages arrived at various companies between August and November, including companies in the transport , insurance and defense sectors. The attackers used various disguises to make it tempting for the victims to insert the sticks. The packages allegedly came from Amazon, sometimes from the health authorities. Depending on the destination, the recipients should find voucher cards on the sticks or important data on new Covid guidelines.

The actual effect was of course different. Once plugged in, the sticks began sending commands to the computer and installing more malware, investigators said. To do this, they disguised themselves as a supposed keyboard that entered console commands. Even a lock on external data carriers should be unlocked in this way. However, the FBI report did not reveal whether this was actually successful in the current attacks and what the specific consequences were for the companies affected.

Notorious cyber gangsters

If you consider who is held responsible for the attack, the victims are likely to have been threatened. The FBI names the hacker group Fin7 as the main suspect. The group, which appears to be from Eastern Europe, is notorious. She is credited with hundreds of attacks on businesses. The attacks are always creative and sometimes highly complex. And not just technically: Fin7 is said to have founded and built up its own camouflage companies for some attacks. The attacks are specially tailored to the target in question. They are referred to as “spear phishing” because the high-precision methods do not correspond to the old e-mail trawl, but to the targeted launching of a harpoon. As early as 2018, a company had examined and described the group’s sometimes frighteningly clever approach,learn more here ).

That Fin7 still exists is quite remarkable. The group, which has been active since at least 2015, was considered disbanded after its alleged leaders were arrested in 2018. One of them had been sentenced to ten years in prison last year. At the same time, however, the number of attacks attributed to it increased again rapidly

%d bloggers like this: