by A group of researchers has identified different applications available through the App Store and Play Store that carry out a social engineering attack by which they encourage their victims to invest in cryptocurrencies.
Security-focused software and hardware company Sophos has reported that over the past two years, has been investigating a number of services that combine financial applications and fake web pages to trap victims and steal their money.
During this time, researchers have found applications, available in both the official Apple and Google stores, that have managed to circumvent their security measures to perpetrating social engineering cyberattacks known as CryptoRom.
CryptoRom, also known as ‘slaughtering pigs’, is an attack method that consists of intercepting victims through dating applications such as Facebook Dating or Tinder, and with which cybercriminals seek to establish a relationship of trust with those affected. .
Once interest is generated in these people, threat actors request to continue the conversation outside of these platforms and transfer it to WhatsApp, where they are encouraged to download this application.
First, investigators tracked down a victim living in Switzerland. The cybercriminals managed to trick her by using a fake profile of a woman allegedly from London.
In this one, it They included images of upscale restaurants, high-end brand stores, and expensive destinations., as well as professional-looking selfies. To give continuity to the profile, publications related to current affairs were shared, such as the death of Queen Elizabeth II of England, and they also began to follow official accounts of different brands.
Once the communication was established, via WhatsApp, the scammers encouraged the victim to invest in cryptocurrencies together and sent him a link to the fake application.
Likewise, once a small amount of money was invested and several profits reported, the victim was informed that the account had been blocked. when wanting to withdraw larger amounts of cryptocurrencies.
After access to the account is restricted, the user would receive a message urging them to pay a 20% commission on the total money invested to access it.
Sophos has pointed out that, on second instance, another victim went through the same fraudulent method, with the difference that they contacted the hackers through Tinder, and that he lost around 4,000 dollars (about 3,640 $) as a result of said scam.
Sophos has insisted that both Apple and Google have withdrawn these applications – identified as Ace Pro in the case of the App Store and MBM_BitScan, in this and also in the Play Store – from their official stores after disclosing the results of the this investigation.
They detect another cyberthreat that threatens citizens and entities of Colombia
The state of cyber security in Colombia has become a matter of great concern in recent months, due to the fact that various entities in the health sector (Sanitas, Audifarma) have suffered serious cyber attacks.
The Trading passwords has become a very useful resource for cybercriminals trying to penetrate computer security of public and private entities. This situation, which represents a situation of alert for Colombia, since entities specialized in cybersecurity, such as Lumu, have detected an increase of 1,200% in the commercialization of access codes to email accounts.
According to the information security company, the main ones affected by this sale of access credentials are government entities and educational institutions throughout the country.
The seriousness of this situation lies in the fact that attackers take control of an email account, this becomes a distribution vector to install Malware (malicious software) on the systems of other organizations. Since the effectiveness of these attacks is determined by the ability to use a legitimate account with which a large number of users can be deceived.
An example of this are the emails that warn of a traffic ticket, or an ongoing judicial process, in these communications the victim is invited to download the subpoena file and once the download is complete, the malware is installed on the user’s computer. This opens the door to a ransomware attack or confidential information leak.
What email accounts have been compromised
According to Lumu’s report, at least 80 organizations of different sizes and industry sectors where criminals already have gateways through email.
According to the researchers who built the report, educational institutions and government entities are the most exposed to ransomware attacks and these organizations can be used as a bridge to compromise the infrastructure of other entities.
Only in January 2023 have been reported 27 organizations with compromised access keys and provide access to the Office 365 mail platformwhich is used by the affected organizations.
Of the 27 identified, 17 belong to the Government sector and educational institutions.
Government
- fiscalia.gov.co mincit.gov.co
- uaesp.gov.co
- personeriabogota.gov.co
- lebrija-santander.gov.co
Education
- ipn.edu.co
- ipn.edu.co
- unipamplona.edu.co
- cbsjd.edu.co
- unipamplona.edu.co
- unadvirtual.edu.co
- uco.edu.co
- uac.edu.co
- escolme.edu.co marymountbq.edu.co
- ulibertadores.edu.co
According to Seidor Colombia, a multinational of technological solutions, it is important that companies have resources to carry out an adequate management of computer vulnerabilities to detect and solve existing weaknesses in the system or applications. “Having an incident response plan and having a team of specialists who are prepared to deal with emergency situations is essential to minimize damage in the event of a cyber attack,” says the company.
*With information from Europa Press
