New Android banking malware is going around with remote-access capabilities allowing hackers to perform on-device fraud. US-Based crypto trading firm Coinbase has had to disable the UPI payments option just days after launching the feature.
Motorola G22 debuts in India, being the first smartphone powered by the MediaTek Helio G37. Atlassian is still working on recovering from a recent data outage, and Snap-on, an American automotive tools manufacturer, announced a data breach that exposed associate and franchisee data.
In the News: Elon Musk is no longer joining the Twitter board
New Android banking malware on the rise
- Researchers at ThreatFabric have spotted a new variant of the out-of-business Exo trojan called Octo.
- The researchers found several users looking to purchase the malware on darknet forums.
- The malware has remote access capabilities that let attackers assume control of the device and perform on-device fraud.
- Remote access works by providing a live stream of the device’s screen updated every second.
- The malware uses a black screen overlay to hide the attacker’s remote operations. It also sets the brightness to zero and disables all notifications.
- The malware also has a keylogger to monitor and capture all keystrokes on an infected device.
- Other malware features include blocking push notifications, SMS interception, disabling sounds, temporarily locking the phone’s screen, launching a specific application, opening a specified URL and sending SMS with a particular text to a specified phone number.
Coinbase temporarily disables UPI payment support
- The US-based crypto trading firm announced its entry into the Indian market on April 7.
- After saying that it would allow users to purchase cryptocurrency using UPI payments, the firm has come under NPCI’s (National Payments Corporation of India) radar.
- The feature has been disabled after just three days of running.
- The NPCI stated on the same day as Coinbase’s announcement saying that it’s unaware of any crypto exchange using UPI.
- Coinbase has reached out to the NPCI following the clarification.
H/t: The Block
New Meta info-stealing malware is being distributed in a spam campaign
- A spam campaign is distributing the META malware, a newly arrived information-stealing malware.
- META is being marketed as an improved version of RedLine, another info-stealing malware.
- The malware was noticed by analysts at KELA last month being sold on the TwoEasy Botnet marketplace.
- The malware was likely launched at the beginning of March.
- META is currently being sold for $125 for a monthly subscription and $1000 for unlimited use.
- The campaign seen by security researchers Brad Duncan gives proof of META being actively used in attacks and deployed to steal information like stored passwords from Chrome, Edge, Firefox, and cryptocurrency wallets that work as browser extensions.
Motorola G22 makes Indian debut
- Motorola G22 launched in India on April 8.
- It’s the first phone in India powered by MediaTek’s Helio G37 SoC, a 12nm octa-core chip running at 2.3GHz.
- The phone has a 90Hz full HD IPS display, 4GB RAM and 64GB internal storage expandable up to 1TB. This is powered by a 5000mAh battery supporting 20W wired fast charging.
- In terms of cameras, the phone gets a quad-camera setup at the rear with a 50MP primary sensor and ultra-wide, macro and a dedicated depth camera. The front camera is a 16MP punch hole.
- The phone comes with Android 12 out of the box and offers three years of security updates.
Atlassian struggles to resolve outage issues
- Four days since customers first reported issues with Atlassian’s collaboration software, the company is still working on resolving the issues.
- The Register reported that the issue affects a relatively small number of Atlassian customers coming in at around 400.
- The company addressed the issue on Twitter, stating that it expects most site recoveries to occur with minimal or no data loss.
- A number of the company’s services, including Jira Software, Jira Service and Work management, Confluence, Opsgenie and Atlassian Access, have been down, some since at least April 5 and are still reported as active incidents on Atlassian’s Status Page.
In the News: China attacks 7 Indian power grid assets in Ladakh