Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
Dubai Tech News

Gmail And GPay Cookies Targeted By New Smartphone Ransomware Threat To 200+ Apps

Cybersecurity Gmail And GPay Cookies Targeted By New Smartphone Ransomware Threat To 200+ Apps Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to stay notified about their latest stories. Got it! Aug 14, 2022, 06:52am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin New malware can infect smartphones with ransomware, researchers reveal getty We tend to think of ransomware as being something that mostly targets businesses and organizations, and primarily does so via gaining access to their networks.

Yet, security researchers at Cleafy have uncovered a worrying new threat module while analyzing the latest versions of the SOVA mobile banking trojan that emerged in July. What’s more, they found evidence the malware wants to steal your Gmail, GPay and Google Password Manager cookies. What is the SOVA smartphone malware and what can it do? This complex and powerful piece of Android malware is capable of intercepting two-factor authentication codes, stealing cookies and data, taking screenshots, and protecting itself from being uninstalled.

Version 4 of the malware, sold through dark web criminal forums, can “record and perform gestures,” as well as “manage multiple commands,” the Cleafy report stated . Those commands include clicking, swiping, copying, pasting, and that old chestnut, activating an overlay screen to hide what’s happening from the user. MORE FROM FORBES Once, Twice, Three Times A Ransomware Victim: Triple-Hacked In Just 2 Weeks By Davey Winder Gmail, GPay and Google Password Manager cookies in the crosshairs While banking, shopping, and perhaps predictably, crypto exchanges and wallets are the primary targets, the latest version of SOVA reportedly includes more than 200 apps on its targeting list.

When it comes to the cookie-stealing activity, the Cleafy report stated that “the cookie stealer mechanism was refactored and improved,” in particular it included a “comprehensive list of Google services. ” Cleafy said that Gmail, GPay, and Google Password Manager were on this list. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features Ransomware on a smartphone is now a thing However, perhaps the most worrying new development can be found in SOVA version 5.

While still in development, this version has already started appearing in the hands of threat actors, and Cleafy has seen “multiple samples” through its threat intelligence platform. That development is the inclusion of a ransomware module. Yes, you heard that right, ransomware on a smartphone.

Wiping evidence of crypto-wallet theft could be a factor behind SOVA ransomware function It would appear that this module allows for the encryption of files using an AES algorithm. Although plenty of data is stored in, or backed up to, the cloud, this could still prove to be a strategically sound move from the criminal side of the fence. Despite, one would assume, having the ultimate respite of simply factory-resetting your phone, it’s likely that enough users, especially at the less technically savvy end of the equation, would be prepared to pay an affordable ransom to get their phone working correctly again.

You only have to think about the panic that sets in when you misplace or lose your phone, or if it bricks, to know this will happen. As Dark Reading reports , given that SOVA targets crypto-wallets, for example, the ransomware module could also be used to effectively destroy evidence making it “difficult for digital forensics to discover any traces or attribution of the attacker. ” MORE FROM FORBES Cisco Hacked: Ransomware Gang Claims It Has 2.

8GB Of Data By Davey Winder Android users need to take care, iPhone users can relax On the plus side, at least for iPhone users, is that SOVA is an Android-only threat. If you’re an Android user, the usual advice applies: be careful what apps you install and be mindful of the places from where you install them. Although malicious apps have found their way into the Google Play Store and other ‘official’ stores before now, far and away, most such apps come from third-party, unofficial depositories.

Follow me on Twitter or LinkedIn . Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.


From: forbes
URL: https://www.forbes.com/sites/daveywinder/2022/08/14/gmail-and-gpay-cookies-targeted-by-new-smartphone-ransomware-threat-to-200-apps/

Exit mobile version