Cyber security news for all

More

    Users of Italian National Institute for Social Security compromised by a phishing campaign

    Users of the Italian National Institute for Social Security (INPS) are the recent victims of a phishing campaign. CERT-AGID presented the findings of D3Lab in their published security advisory. These findings contained detailed information about the technique used by these actors to carry out their fraudulent activities.

    The threat actors have implemented a new strategy meant to strip Italians of indemnity from the Government. The payment already promised by the Government shared with citizens who meet certain requirements.

     

    The criminals are taking advantage of the method of payment, which is via the IPNS; by introducing a malicious APK named acrobatreader.apk, a Trojan-Banker malware.

    A post published by D3Lab reads, “our research and analysis center for Phishing campaigns detected in the past few hours a new Phishing campaign against INPS users, similar to the previous one of April 6 2020. A web domain created Ad Hoc with similarities in the name to the official one of the national social security institution; used to carry out the fraudulent activity with the intent to download malware to users interested in receiving the Covid-19 allowance allocated from the Italian state.”

     

    The pattern of attack is quite similar to previous ones. In that, the threat actors set-up false INPS sites to lure victims into downloading malicious apps. Unsuspecting citizens visit the website to download the supposed app for the new Covid-19 indemnity but redirected to the malware.

    The malware searches for accessibility service to exploit the valid functions of the service; gains access to communicate with other apps on the device through the system’s API.

    “As soon as the presence of connectivity is detected, an HTTP POST request is sent to C2 through the following url ” http: // greedyduck [.] Top / gate [.] Php ” passing two parameters:

    ” Action “: with botcheck or injcheck values ;

    ” Data “: information collected and passed in encrypted form (RC4).”

    The CERT-AGID published the Indicators of Compromise (IoCs) here.

     

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox