New ATMJackpot Malware To Steal Your Money From ATMs Machine

New Malware called ATM Jackpot that is capable of dispensing large amounts of cash from the ATM Machine using ATM Jack potting method.Previously discovered ATM Jack potting compromise the ATM by installing the malicious software and sophisticated hardware to pull out the cash.

Based on the Binary, researchers discovered this ATM malware originated from Hong Kong as 28th March 2018.A few Months before sophisticated ATM skimming called “Shimmers” targeted chip-based credit and Debit cards to steal your entire card information form POS(Point-of-sale) terminal. Also, Attackers inject an another ATM Malware called Ploutus.D inject into the ATM machine and performing various Task.

This newly Spreading ATM  has a smaller footprint with a kind of small simple graphical user interface.This interface contains host name along with the service provider information such as cash dispenser, PIN pad, and card reader information.

How ATMJackpot Malware Works?

1. The ATMJackpot  first registers the windows class name ‘WIN’ with a window procedure that is responsible for all of the activity.
2. After registering a window class, it creates the window, populates the options on the window, and initiates the connection with the XFS manager.
3. After initiating a connection with the XFS manager, the malware opens the session with the service providers and registers to monitor the events. opens a session with CDM (cash dispenser), IDC (card reader) and PIN (pin pad) service providers.

After successful registration, It can monitor the events from different service providers and execute the commands.

Commands:

• It reads the data from PIN pad asynchronously using WFSAsyncExecute API call.
• It has the functionality to dispense cash.
• It also has the functionality to eject the card.

The ATMJackpotting technique are on rise in cyber crime activities. All banks should be concerned about ATM’s security. There are many ATM machine runs on Windows XP Operating system which is responsible to hack by cyber criminals easily. Microsoft had end the support for Windows XP in 2014.

courtesy: https://bit.ly/2H4QxVB

Facebook: https://www.facebook.com/aywenzit/
WordPress: https://aywenz.wordpress.com
Blogger: https://aywenz.blogspot.in/

 

New Android Malware Stealing Data from Popular Messenger Apps

New Android Trojan could be stealing your data through mobile instant messaging apps such as Facebook Messenger, Twitter, Skype and other IM clients.This malware was detected by security researchers from Trustlook, a cyber-security firm. A report published on Monday describes the new malware is not as sophisticated as those discovered previously and has limited capabilities.

The malware can effectively hide its configuration file and some of its modules to evade detection. researchers noted that this After infecting the app, the malware tries to modify the “/system/etc/install-recovery.sh” file to enable its execution, each time the app is opened.

It seems that the primary purpose of this malware is to steal data from messaging apps, which is later uploaded to a remote server. The trojan retrieves the IP of this server from a local configuration file.

Here’s the list of apps that could be affected by this malware:

• Facebook Messenger
• Twitter
• Skype
• Telegram Messenger
• Tencent WeChat
• Viber
• Weibo
• Voxer Walkie Talkie Messenger
• Gruveo Magic Call
• Line
• Coco
• BeeTalk
• TalkBox Voice Messenger
• Momo

Although it has a simple design and singular focus on extracting IM data, this malware uses some advanced evasion techniques.

According to Trustlook Labs, this Trojan obfuscates its configuration file and part of its modules to avoid detection which makes it difficult for anti-virus software to spot its presence.It uses anti-emulator and debugger detection techniques to evade dynamic analysis and is capable of hiding strings inside its source code to prevent any code reversing attempts.

Since the Android Trojan has a single objective (to steal data), it is quite possible that its authors are trying to collect sensitive data through private conversations, images, and videos that could be used later for extortion.Though it is not clear on how this malware gets distributed, Trustlab researchers spotted this malware inside a Chinese app named Cloud Module with the package name com.android.boxa.

Given that the malware has a Chinese name and unavailability of Play Store in China, the malware coders are probably spreading this infectious app through links on Android app forums or third-party app stores.

How to Secure?

If you are running any third party Apps, you should be uninstalled it soon. Always use anti-malware security app in your mobile devices.

courtesy: https://fossbytes.com/android-trojan-steals-data-from-messenger-apps/

Facebook: https://www.facebook.com/aywenzit/
Blogger: https://aywenz.blogspot.in/

What Is Malware?

Malware, a shortened combination of the words malicious and software, is a catch-all term for any sort of software designed with malicious intent.That malicious intent is often theft of your private information or the creation of a backdoor to your computer so someone can gain access to it without your permission.

What are Common Types of Malware?

• Virus
• Spyware
• Worm
• Trojan horse
• Browser hijacker
• Rootkit
• Malvertising

How Does a Malware Infection Happen?

Malware can infect a computer or other device in a number of ways. It usually happens completely by accident, often times by way of downloading software that is bundled with a malicious application.

How Do You Remove Malware?

The most common types of malware are actual programs like the legitimate software you use every day. Those programs can be uninstalled, just like anything else, from Control Panel, at least in Windows operating systems.

How to secure from malware?

The most important way to prevent malware from reaching your computer is by making sure you have an antivirus/anti malware program installed and that you have it configured to constantly look for signs of malicious activity in downloads and active files.

courtesy: https://www.lifewire.com/what-is-malware-2625933

Blogger: https://aywenz.blogspot.in/
Facebook: https://www.facebook.com/aywenzit/