The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, DDoS, Industrial Control Systems, Phishing, Russia, Toll fraud, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Toll Fraud Malware: How an Android Application Can Drain Your Wallet
(published: June 30, 2022)
Toll fraud malware (subcategory of billing fraud) subscribes users to premium services without their knowledge or consent. It is one of the most prevalent types of Android malware, accounting for 35% of installed harmful applications from the Google Play Store in the first quarter of 2022. Microsoft researchers describe evolution of the toll fraud malware techniques used to abuse the Wireless Application Protocol (WAP) billing. Toll malware can intercept one-time passwords (OTPs) over multiple protocols (HTTP, SMS, or USSD). It suppresses notifications and uses dynamic code loading to hide its malicious activities.Analyst Comment: Mobile applications should only be downloaded from official trusted locations such as the Google Play Store. Users should be mindful when granting unusual, powerful permissions such as SMS permissions, notification listener access, or accessibility access. Replace older Android phones if they no longer receive updates.MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204Tags: Toll fraud, Android, Billing fraud, Wireless Application Protocol, WAP billing
< ..
Support the originator by clicking the read the rest link below.
