Large-scale DDoS and Banking Trojan
This post is an overview for those who are concerned about Fintech and security development. It provides brief summaries and links to articles and news, describing the most remarkable events in the sphere.
Learn about the latest news.
Government Websites And Banks Hit By New Wave Of Cyberattacks.
The website of the Ministry of Defense of Ukraine and the web resources of at least two of the largest banks in the country were disabled by a powerful cyber attack.
According to representatives of the Ministry of Defense, it was a DDoS that also affected other sites in the military sector.
According to a post published on Twitter by the Ministry of Defense of Ukraine, the department recorded “an excessive number of hits per second.”
The resources of Privatbank and Oschadbank also fell under a large-scale cyber attack, which affected online transactions and the operation of ATMs throughout the country.
New version of banking trojan TeaBot
The TeaBot banking trojan was again spotted on the Google Play Store, where it posed as a QR code app and spread to over 10,000 devices. These apps are sent without malicious code and ask for minimal permissions, making it hard for Google reviewers to spot anything shady. In addition, trojanized apps include the promised functionality, which is why user reviews on the Play Store are positive.
Once installed, the app requests an update via a pop-up message, but contrary to the standard procedure imposed by the Play Store guidelines, the update is pulled from an external source – two GitHub repositories owned by the same user (feleanicusor) containing multiple TeaBot samples.
Once the victim agrees to install an update from untrusted sources, TeaBot is downloaded to their device as a new app called “QR Code Scanner: Add-On”. The new app starts automatically and prompts the user for permission to use Accessibility Services.