Who is World Wired Labs and why are they selling an Android trojan?

A company advertising a remote access tool frequently used by criminals and nation-state hackers may be serving as a front for a Chinese hacking group, according to new research published Tuesday by BlackBerry Cylance. In a lengthy report on remote access trojans (RAT), BlackBerry Cylance researchers detail an Android malware variant, which they call PWNDROID4, that can be used to monitor targets’ phone calls, record audio, send and receive text messages, and track victims’ GPS location. Researchers believe it has been used by suspected Chinese government-linked hackers known as the Winnti group. In the report, researchers have pieced together that PWNDROID4 is remarkably similar to the Android version of a RAT known as NetWire, which has been around since 2017. BlackBerry Chief Product Architect Eric Cornelius told CyberScoop that researchers traced NetWire, a multi-platform RAT that’s been in use since at least 2012, back to a firm known as World Wired […]

The post Who is World Wired Labs and why are they selling an Android trojan? appeared first on CyberScoop.

Continue reading Who is World Wired Labs and why are they selling an Android trojan?

Cyber Command flags North Korean-linked hackers behind ongoing financial heists

The Department of Defense has once again called out North Korean hackers by exposing malware samples researchers say are linked to regime-backed financial heists, including past attacks on the interbank messaging system known as the Society for Worldwide Interbank Financial Telecommunication (SWIFT), CyberScoop has learned. Cyber Command assessed that the malware, which it posted to the information sharing platform VirusTotal, is being used in ongoing cyberattacks aimed at the financial sector. “These malware samples are currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command by malicious cyber actors,” the command said in a tweet. The command did not name victims or describe the magnitude of the scheme. It’s a rare statement from the Pentagon’s cyber-operations division on the intent and capabilities of adversary-linked malware in what appears to be an expansion of the command’s willingness and ability to discuss the intelligence behind its VirusTotal […]

The post Cyber Command flags North Korean-linked hackers behind ongoing financial heists appeared first on CyberScoop.

Continue reading Cyber Command flags North Korean-linked hackers behind ongoing financial heists

Cylance: More and more APT groups are relying on mobile malware to track dissidents

State-backed hackers from China and Iran have long been spying on their country’s political dissidents using mobile malware, but new research from BlackBerry’s Cylance shows these same nation-state hackers — including groups that have previously been unknown — are using the malware to also spy on targets abroad. “It’s … worth expanding our notion of the typical target of the Chinese government: malware meant for targets of interest … for domestic reasons may very well end up inside a Western business,” Cylance researchers write in a blog post. Chinese hackers, for instance, have been using mobile malware to spy on the Uighur and Tibetan population in recent months through iOS and Android malware. But while Volexity, the firm behind the Uighur population’s surveillance research, has previously said there were “possible ties” between the two campaigns, Cylance links both to one actor. Cylance claims Winnti, a Chinese APT group better known for its targeting […]

The post Cylance: More and more APT groups are relying on mobile malware to track dissidents appeared first on CyberScoop.

Continue reading Cylance: More and more APT groups are relying on mobile malware to track dissidents

Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal

A set of remote access tools used by Vietnam’s top hacking group remained largely undetected for years despite their reliance on sloppy code and other hacking techniques that fall short of the group’s normally high standard, according to research published Monday by BlackBerry Cylance. The OceanLotus group, also known as APT32, has gained notoriety in recent years for using carefully crafted tools to breach companies with business interests in Vietnam, particularly in the manufacturing and hospitality sectors. But use of the newfound remote access trojans (RATs), known as Ratsnif, is out of character for OceanLotus, a technically advanced group that projects power in cyberspace in support of Vietnamese interests. BlackBery Cylance’s new analysis shows how state-aligned groups can select from a range of malware that varies in sophistication, only using what is necessary against a target organization. There is “sloppy code [and] programmatical errors and debug messages not typically present in OceanLotus malware,” said Tom Bonner, BlackBerry Cylance’s director of threat research […]

The post Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal appeared first on CyberScoop.

Continue reading Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal