The hackers behind the infamous banking Trojan, TrickBot have developed a new method of intercepting 2-factor authorization codes sent to online banking customers through SMS or push notifications, by using a rogue mobile app.

While the most common method that have been employed over the years to bypass 2FA is the SIM swap fraud, in which the hacker convinces a mobile network or through a compromised employee to port a target’s mobile phone number, allowing them temporary access to receive the 2FA security codes sent via SMS.

According to IBM X-Force researchers, the new Android app used by TrickBot authors is dubbed "TrickMo" and it's still under active development, but exclusively targeted at German companies whose desktops are previously infected with the TrickBot malware.

How the hackers abuse Android's Accessibility Features to Hijack OTP Codes?



TrickMo works by intercepting transaction authentication numbers (TANs), including the popular one-time password (OTP), pushTAN authentication codes and mobile TAN (mTAN) after the app is installed on victims' Android devices.

The malware employ man-in-the-browser (MitB) attacks to coax infected victims (mostly Windows computer users) into giving out their online banking mobile phone numbers and device types in order to prompt them to install the TrickMo fake security app.

The risks with SMS-based authentication is that messages can easily be hijacked by third-party apps and it is also vulnerable to SIM-swap fraud attacks; as such banks are now beginning to rely instead on push notifications to authenticate their users, with the transaction details and the TAN number.

TrickMo Malware app Mode of Operations



The malware app, TrickMo is capable of gaining persistence by restarting itself after the device becomes interactive or on receipt of a new SMS message. It features a mechanism that allow a remote attacker to issue commands to turn specific features on/off on the infected device, for instance recording and accessibility permissions, through a command-and-control (C&C) server.

And to avoid raising any suspicion, TrickMo activates the lock screen when stealing the TAN codes, thereby preventing users from knowing that their devices are been accessed. TrickMo also remove all traces of its presence from a device after successful operations, with self-destruct and removal functions, that allow the cybercriminals to stay undetected.

However, IBM researchers discovered a way to decrypt the encrypted SMS commands using hard-coded RSA private key embedded in the source code, which makes it possible to generate the public key and craft an SMS message that can turn on the self-destruct feature.

Hackers bypassing 2‐Factor Authentication using Rogue Mobile App



The ad fraud scheme is a practice that bad actors leverage by exploiting the system to deliver unsolicited ads, allowing the threat actors to effectively steal advertising funds from enterprises.

While the practice is increasingly finding its way into the mobile ecosystem, as over 50 apps on the Google Play Store, with about a million downloads have been caught using new tricks to secretly self-click ads without the knowledge of smartphone owners, according to security firm Check Point.

The ad fraud actors use a piece of malware called "Tekya" which runs in the apps to imitate users' actions by clicking ads from ads networks like Google’s AdMob, AppLovin’, Facebook, and Unity.

How the Mobile Ad Fraud actors evade Google Play Protect



The piece of malware, Tekya obfuscates the native code to avoid detection by Google Play Protect, which is part of an inbuilt Android defense system against malware, and utilizes the ‘MotionEvent’ mechanism in Android to imitate the user’s actions to generate ad clicks.

According to the researchers, the Tekya malware was undetected by even some known antivirus software such as VirusTotal and Google Play Protect, which ultimately made it available for download in over 50 applications on Google Play Store.

The ad fraud campaign seems to clone legitimate popular applications to gain more audience, mostly kid-friendly apps, with a larger chunk of the applications running Tekya malware serving as children’s games.

How to protect your Device from Tekya malware



This ad fraud highlights once again that Google Play Store can still be tricked into hosting malicious apps, with nearly 3 million apps available on the store; it is far more difficult to manually check that every app is safe.

Therefore, users should not rely on Google Play’s security measures alone to ensure that their devices are protected. If you suspect that your device have any of the infected apps, quickly uninstall the application from your device, and make sure your device operating system and apps are up to date.

Furthermore, enterprises should make sure that the devices used by their employees are free from malware by enforcing the use of antivirus software to secure them against sophisticated mobile attacks.

How Mobile Ad Fraud actors evade Google Play Protect with Tekya Clicker



The impact of technology on the world today is quite different from what it used to be many years back. Its benefits are numerous, but continuous changes can make it difficult to realize when something is unsafe.

The case seems even worse for seniors, who don't know much about the latest changes in technology. This makes them more vulnerable to online threats. However, seniors can use the following 7 tech tips compiled by WriteMyPaper123 tech experts to stay safe online.

7 Tech Tips for Seniors



These simple tips will help the older adults to stay a step ahead of bad actors by safeguarding their online accounts and mobile devices.

1. Use Strong Passwords



Whenever you are creating a password, never use common number patterns like 12345 or common phrases. Instead, you should use a combination of numbers with alphabets and symbols. And after creating a secure password, you should not keep it strictly to yourself. If perhaps you write it somewhere, just in case you forget the password, make sure you must hide it where no one can find it.

2. Guard Your Personal Information



Always think twice before you give out any personal information online. Some websites want to steal your personal information for fraudulent purposes. Beware of pop-up that seeks some data or e-mails from anonymous sources asking you to provide some information. If you must enter any data at all, make sure that the site is a trusted one and you must know exactly where the data is going.

3. Be Wary of Unrealistic Offers



While you are online, it's possible that you see a pop up that congratulates you and tell you that you won a lottery. It's a trap to steal information from you. Most times, the pop up will ask you to enter a few details before you claim your prize. It's best to ignore offers like this except if you have applied for a promo earlier.

4. Report Cyber Abuse



It's not only children that get bullied online. Senior adults get bullied too. Make sure you don't condone any online act of threatening, blackmailing or any other form of abuse. If anyone attempts to make you a victim of abuse, you should report the situation to the hotline of state elder abuse or local law enforcement.

5. Use Privacy Settings on Social Media



You make yourself more vulnerable to internet attack when you allow everyone around the world to see your posts. You should limit the audience for your posts to the people you trust. To do this, change the privacy settings for all your social accounts to allow only your friends to view your posts.

6. Install Reputable Security Software



Security software helps you to protect your computer. It's reasonable to get reputable security software and not just any software that you come across first. Do some research on the software that you want to download. Read reviews from other users to confirm its usefulness. The moment you are able to get one, make sure that you update it regularly.

7. Monitor Your Online Banking Accounts



Check your bank statements periodically just to be sure that no strange transactions occur on your account. In case you notice any fraudulent attempt, contact your bank and take other steps to secure your money.

Conclusion



As a senior or older adult, you are not exempted from the usage of technology. That is why you must have knowledge of tech tips. The above tips will help you to stay safe while making use of the technology devices.

7 Tech Tips for Seniors to help them Stay Safe Online



The infamous banking Trojan, TrickBot that infected nearly 250 million Google accounts in 2019, is back again with newly discovered module (rdpScanDll) built for RDP bruteforce operations.

While the Trojan has been around since 2016, haven initially targeted e-banking as a credential-harvesting threat, and with its plugin-based design evolved into a more focused threat for stealing of financial data. Now, researchers from Bitdefender have discovered a new module based on the IP addresses it targets, with victims mostly US and Hong Kong-based, and predominantly in the telecom industry.

The module, dubbed "rdpScanDll" was first discovered on January 30 and is still in development, according to Bitdefender. And so far, it has targeted 6,013 RDP servers belonging to businesses within telecom, and financial sectors in both the US and Hong Kong.

How TrickBot RDP Brute-Force Attack is carried out?



TrickBot creates a folder with the encrypted malicious payloads and associated configuration files, including a list of command-and-control (C&C) servers with which the plugin needs to communicate to retrieve commands to be executed.

The rdpScanDll plugin then shares its configuration file with a module named "vncDll" which makes use of a standard URL format ( https://C&C/tag/computerID/controlEndpoint) to communicate with the new C&C servers.

Then the "check" mode looks for an RDP connection from the list of targets, with the "trybrute" mode making attempts of a brute force operation on the target using a predetermined list of login details obtained from endpoints "/rdp/names" and "/rdp/dict" respectively.

If the initial list of targeted IPs is exhausted, the plugin will try to retrieve another set of fresh IPs using a second "/rdp/over" endpoint.

TrickBot's Update Delivery Mechanism



TrickBot has been mostly distributed via spam campaigns, but it has also been seen in cahoots with other malware. Such as those distributed by the Emotet spam-sending botnet to deliver Ryuk ransomware, whereby the operators have extended its capabilities to a more advanced malware delivery vehicle.

The update delivery mechanism, according to Bitdefender findings is that plugins responsible for lateral movement across the network (WormDll, TabDll, ShareDll) got the most updates, and followed by modules responsible for carrying out 'system and network' reconnaissance (SystemInfo, NetworkDll), and data harvesting (ImportDll, Pwgrab, aDll) within the course of last six months.

The latest rdpScanDll module is perhaps only one in a long line of modules used by the Trojan, but it stands out because of its use of highly specific list of IP addresses, concluded the researchers.

TrickBot targets Telecoms in US and Hong Kong for RDP bruteforce operations



The annual hacking contest, Pwn2Own 2020 was a remote event owing to the Coronavirus (COVID-19) pandemic, where hackers as contestants try to exploit popular software and mobile operating systems.

The 3-day event ended on March 20, with the previous 2 days been rather phenomenal as a team from Georgia Institute of Technology Systems Software and Security Lab won the second biggest price of $70,000 on the first day by targeting Apple's browser, Safari. They exploited a bug chain to pop calc and escalate to root privilege.

Pwn2Own 2020 is perhaps the first time the hackers contest is being held remotely, with several ethical hackers from all over the world participating to demonstrate their hacking abilities.

Day 1 - Pwn2Own 2020



The RedRocket team member, Manfred Paul won $30,000 and 3 Master of Pwn points by successfully leveraging on an input validation bug to escalate privileges on Ubuntu Software.



And closely followed by last year’s champion, team Fluorescence who won $40,000 by leveraging a UAF in Windows to escalate to SYSTEM.

Day 2 - Pwn2Own 2020



The team from Synacktiv, comprising the due of Corentin Bayet and Bruno Pujos failed to successfully demonstrate their exploit targeted at the VMware Workstation in the virtualization category within the allotted time.

However, Phi Phạm Hồng from STAR labs who targeted Oracle Virtualbox using an OOB Read for an info leak won $40,000, by leveraging an uninitialized variable for code execution on the hypervisor.

Pwn2Own 2020 ended with the title of Master of Pwn going to the duo of Fluorescence team with their 9 points (amounting to $90K) which was ahead of the price for team from Georgia Institute of Technology. With just one official entry left to go, Team Fluoroacetate took the lead in the Master of Pwn standings by amassing 9 points, they targeted Adobe Reader along with a Windows LPE.

All it took them was one click of the mouse to exploit Adobe Reader and then take over the system through a local privilege escalation.

Pwn2Own 2020: Georgia Tech Team hit a $70,000 bounty by targeting Apple Safari



Snapchat Stories is perhaps the best feature of the renown social app, as it provides you with means of broadcasting no matter the type of post; but normally, you cannot view a Story or save it without the creator's knowledge.

And the Stories feature is so addictive that you can spend several hours browsing through the various stories without realizing you've been stuck to your smartphone for such a long time.

While the platform would notify the creators when other users’ view their stories, albeit, the stories need to be set as public for others to see them.

Once in a while you may want to view someone's story without been noticed, or perhaps, you're spying on someone and want to watch the stories on Snapchat. In this post, you'll get to learn how to view Snapchat Stories anonymously without using any Spy Apps.

Steps to View Snapchat Stories Without getting Noticed



The steps outlined below will enable you to view any Snapchat story without them noticing you.

Step 1. Launch the Snapchat app. And tap on the Stories icon at the bottom right corner of the screen if you're logged into Snapchat. Or if you are not logged in, you'll need to enter your email address and password to login to the platform before proceeding.

Step 2. Once on the Stories page, you'll need to refresh the screen and wait for the stories to load. It is necessary that you must not open the Stories or the creator would know. You should close the Snapchat app and switch off mobile data or Wi-Fi, in the case you're browsing on a Wi-Fi network.

Step 3. Now, proceed to re-launch the Snapchat app and click the Story icon. You should be able to still find all the previously loaded stories on your Snapchat.

Step 4. After viewing the Stories, exit the app before switching on the mobile data or Wi-Fi network.

Alternative Way to Watch Snapchat Stories Anonymously



Alternatively, you can view someone’s Snapchat story without getting noticed by using Spy apps, and there’s a number of such apps that work excellently for Snapchat.

But the disadvantage of using a Spy app is that the app would keep a saved version of the story after you've seen it. And using the spy app, you would not be able to view all the videos and photos shared by people on Snapchat, with all the messages sent and much more.

If you plan to have only your friends to see your stories, make the appropriate changes in the privacy settings before posting your photos or videos on the platform.

How to View Snapchat Stories anonymously without using Spy Apps



The Coronavirus (COVID-19) pandemic has forced many companies to require their employees to work from home, which places remote networking technologies at an all-time-high demand, with bandwidth and security concerns at its peak.

Such companies like Google, Amazon, IBM, Cisco, Apple and others are scrambling to support an enormously rising number of teleworkers, with secure remote-access networks to facilitate and ensure the safety of the workers. But without some tools, working from home could be rather too challenging for several reasons.

Besides the few challenges, the fact that no manager or co-worker is hanging over your shoulder, and none to steal your lunch from the office fridge, add up to make remote work wonderful. In order to help you surmount some of the challenges, we've compiled a list of 5 best online tools to work from home.

5 Best Online Tools to Work from Home



As major businesses around the world are resorting to remove work by facilitating their employees to work from home, they'd find the following tools handy for effective collaborations.

1. Hangouts Meet




Hangouts Meet is a video conferencing software developed by Google which can be used for business purposes. The app is available on all major platforms such as iOS, Android, Mac, and Windows.

As part of Google's effort to help businesses and schools stay connected in response to Coronavirus, the company has rolled out free access to advanced Hangouts Meet video-conferencing capabilities to G Suite and G Suite for Education customers worldwide. The capabilities include support for larger meetings of up to 250 participants per call, live streaming for up to 100,000 viewers within a domain and the ability to record meetings and save them to Google Drive.

Additionally, the screen sharing feature will be handy if you want to share the screen with other participants in order to collaborate on work projects more efficiently.

2. Microsoft Teams




Microsoft Teams is a software that serves as a virtual workspace with features like team collaborations, meetings, and integration of various other useful applications.

It allow users to share and edit files on the go and also supports HD audio and video calls, with users capable of communicating with other participants personally or via dedicated channels.

Also, Microsoft Teams comes with customizable notification systems and an option for saving important and confidential conversations.

3. Slack




Slack is an online application that's popular for instant messaging in professional work environment, and it comes with an attractive interface with tools like analytics, calendar, and many others.

It offers the ability for a team to be subdivided within different channels as per the work requirement. And users can mention each other for effective collaboration in the app. There are also the availability of a number of emojis to make things a bit fun, just like on the social media platforms.

There are several other unique features like the generating of message threads for individual message so that no one will spam a channel with messages.

4. AnyDesk




AnyDesk is a remote desktop software that aids remote workers, with the free version offering an ample number of features to effectively coordinate a team.

It includes a built-in chat feature, remote screen casting and recording, remote printing and other nifty features that makes remote work easier.

Additionally, AnyDesk supports login credentials for unattended access, albeit some features are a bit complicated to use with remote access to a computer.

5. Zoom Meetings




Zoom Meetings offers a high-quality audio and video call capability and the ability to conduct business video conferences. It has a capacity of about 1000 participants in a single meeting and having 49 of them shown on PC screen at a time.

While the most unique feature on Zoom Meetings is perhaps the video conferencing which can be saved directly in the cloud.

And the saved meetings can be accessed and used from any device to study a particular point or recall the mentioned points.

5 Best Online Tools to Work from Home as A Remote Worker



Debian GNU/Linux is prepping a micro-blogging platform similar to mastodon, which will use Pleroma to host Peertube as a federated video sharing platform, with Pixelfed for image publishing, and Jitsi for web video conferencing.

While Debian already has the debian.social domain where they'll most likely deploy the new set of services to publish content and collaborate with Debian contributors in their own federated social platform.

According to the Debian lists, the launch of the new service is targeted to help contributors to collaborate more and be able to share their works directly on the social platform.

Why A Federated Social Platform?



The Debian Social team outlines the very early stage and plans to go further over the next quarter with Debian.Social domain, which is designed to host the social activities of Debian contributors.

All the social service is geared at creating, integrating and aggregating all Debian-related news, updates or contents in one single platform. And irrespective of whether anyone is a project member or not, they won’t have to go to a random platform to share Debian-related content anymore.

Moreover, every member is free to share their ideas, current projects, or work with other members on the platform and the official team can also post any current updates.

How to get Started with Debian Social



The Debian social platform is currently under development, with critical bug fixing at this stage. But, you can request for a test account to help with testing the service before the actual release of the beta version.

To get started, you have to create a salsa account which will serve as a form of authentication. After that, create a ticket from salsa.debian.org and wait for your account to get activated for the Debian social platform.

And Debian contributors can also log in to any of the service using the account of a particular platform, for instance, if you’re already on Pleroma service, you can browse or comment on Peertube using your Pleroma account.

Debian GNU/Linux pivots to a More Dedicated Social Platform for Contributors



Microsoft has announced a milestone of over one billion people across 200 countries haven activated Windows 10 devices, which number corresponds to 1 in every 7 people in the world using the platform.

While Windows 10 was launched in 2015, which has also followed different service model from its predecessors, with new features and security updates delivered faster than ever before. Microsoft has evolved from new version release every three years, to releasing multiple versions per year.

And the recent Windows 7 end of life might have contributed to more people switching to Windows 10, albeit perhaps, it is highly critical for driving transformation in the enterprise.

The Milestone of going from One to One Billion Devices



Microsoft launched Windows 10 as the first Windows-as-a-Service (WaaS) and provides two feature updates per year, which remains the major change to have happened to the platform. Though, there are several other additions that have made Windows 10 more versatile, such as the Windows Subsystem for Linux (WSL), Your Phone app and the last-minute switch of Edge to Chromium-based engine.

The decoupling to the new Chromium-based Edge browser for Windows 10 deliver new builds to users outside of the normal Windows 10 release cycle, with support for more versions of Windows.

And the Your Phone app has bridged the gap between Android and iOS devices by adding the much needed continuity features to Windows 10. With the company focusing more on putting the customer at the center, by listening to feedback, and having that feedback shape the development process.

Why Microsoft's aim goes Beyond Windows 10?



Microsoft pioneered seamless experiences, to biometric log-in with Windows Hello, and with such experiences as the Your Phone app, enabling Android users to connect to their PC, which are all aimed at meeting people's basic security and connectivity requirements.

Now, this innovation continues with the bringing of Windows to the cloud through Azure and virtual machines, making Windows 10 available on nearly every platform, from Mac to iOS or even Chromebooks.

The company is striving to make Windows the most accessible operating system on the planet regardless of where users are, or what device they are on. So, also is the big move for the Universal Windows Platform (UWP) which idea was to create universal apps that can run on virtually all Windows 10 platforms without needing the re-writting of code.

But sadly, the UWP didn’t get the popularization and appeal that Microsoft had intended for it.

Microsoft records a Milestone as Windows 10 Crosses 1 Billion Active Devices



A new Trojan, dubbed "Cookiethief", attempts to gain superuser rights on target devices, and if successfully gained, transfer the web cookies to a remote command-and-control (C&C) server operated by the attackers.

While the messages that servers pass to browser when a user visits Internet sites, which information is stored in a small file, is called cookie. These piece of information is often used by websites to differentiate a user from another, and serve personalized content for targeted advertisements.

The malware is capable of this maneuver, not owing to a vulnerability in the Facebook app or browser, but according to Kaspersky researchers, it could steal cookie files of website from any app in several other ways.

Ways the Cookiethief Hijack Accounts Without Passwords



As web cookies allow users to stay logged in to a web service without having to resign in repeatedly, the Cookiethief tries to exploit this technique to allow attackers gain unauthorized access to the target accounts without actually having their online accounts passwords.

There are a number of ways that a Trojan could infiltrate a device, such as planting of malware in a device firmware, or exploiting known vulnerabilities in the operating system to install the malicious software.

So, if a device is infected, the malware can easily connect to a backdoor installed on the same device to execute a "superuser" command that will facilitate the stealing of cookie.

How to protect Your Facebook Account from Cookiethief



Facebook has a number of security measures in place to safeguard users accounts against any suspicious login attempts from devices, IPs and browsers that they have never used to log in to the platform.

Albeit, an attacker could work around the safeguard by leveraging the piece of malware that creates a proxy server on the infected device in order to impersonate the actual account owner's location to make the access look legitimate.

But still, users can block third-party cookies on the browser, like Chrome or Firefox and clear the cookies on regular basis, and the use of private browsing mode to protect their accounts.

Android Cookie-Stealing Trojan, Cookiethief Target Facebook Users