Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the accelerated-mobile-pages domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $options declared before required parameter $ad is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/advanced-ads/classes/display-conditions.php on line 208

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-digital-downloads domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd_cfm domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $params declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutReturn.php on line 6

Deprecated: Optional parameter $insMessage declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutNotification.php on line 6

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the Newsmag domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-content/themes/Newsmag/functions.php on line 616

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-includes/feed-rss2.php on line 8
FileCryptManager Archives - CISO MAG | Cyber Security Magazine Beyond Cyber Security Tue, 07 Jan 2020 10:34:00 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.1 Hackers Exploit Android Vulnerability Via Malicious Apps https://staging-cisomagcom.kinsta.cloud/hackers-exploit-android-vulnerability-via-malicious-apps/ Tue, 07 Jan 2020 10:46:51 +0000 https://staging-cisomagcom.kinsta.cloud/?p=4650 Researchers from cybersecurity firm Trend Micro revealed that they’ve discovered three malicious apps on Google Play, which are designed to compromise victim’s devices and steal information. The three malicious apps, Camero, FileCryptManager, and CallCam, were masked as photography and file manager tools, according to researchers. It’s also observed that the Camero app exploits use-after-free vulnerability […]

The post Hackers Exploit Android Vulnerability Via Malicious Apps appeared first on CISO MAG | Cyber Security Magazine.

]]> Researchers from cybersecurity firm Trend Micro revealed that they’ve discovered three malicious apps on Google Play, which are designed to compromise victim’s devices and steal information.

The three malicious apps, Camero, FileCryptManager, and CallCam, were masked as photography and file manager tools, according to researchers. It’s also observed that the Camero app exploits use-after-free vulnerability CVE-2019-2215 that exists in Binder, an inter-process communication system in Android. By exploiting the CVE-2019-2215 vulnerability, attackers can inject malicious codes and steal information without user knowledge.

The researchers also found that the three apps likely belong to a hacking group “SideWinder.” It’s believed that the SideWinder group has been active since 2012, and reportedly targeted military entities’ Windows machines.

“We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps. The apps have since been removed from Google Play,” the researchers said.

Malware Distribution

According to researchers, SideWinder group deploys malware payload in two steps:

  • It downloads the DEX file from the attacker’s C&C server.
  • The downloaded DEX file installs an APK after exploiting the device, while Camero and FileCrypt Manger apps act as droppers.

“After downloading the extra DEX file from the C&C server, the second-layer droppers invoke extra code to download, install, and launch the callCam app on the device,” the researchers said.

To deploy the callCam app on the device, SideWinder uses techniques like obfuscation, data encryption, and invoking dynamic code to avoid detection.

Once downloaded, the callCam app hides its icon on the device and collects users’ information and sends it to the C&C server. The compromised information includes user location, battery status, files on the device, installed app list, device information, sensor information, camera information, screenshot account, and Wi-Fi information. It also captures data from applications like Twitter, Yahoo Mail, WeChat Facebook, Gmail, and other social media apps.

The three malicious applications were found to be active since March 2019 and they have now been removed from the Google Play store.

The post Hackers Exploit Android Vulnerability Via Malicious Apps appeared first on CISO MAG | Cyber Security Magazine.

]]>