Sunday, March 26, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
World Cybercon Middle East
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Explicit Online Content of Children

    Removing Explicit Online Content of Children is a Global War

    Rio Tinto Cyber Attack

    Rio Tinto Cyber Attack Puts Employee Information at Risk

    Team Insane PK Targets Indian Businesses

    Team Insane PK Targets Indian Businesses, Leaks Sensitive Data

    Goa Cyber attack 2

    Cl0p Ransomware Lists Goa State Government as Victim

    opt out of ChatGPT data collection

    OpenAI Has Privacy Issues: How Do We Opt Out of ChatGPT Data Collection?

    The City of Toronto Cyberattack

    The City of Toronto Cyberattack Confirmed, Linked to GoAnywhere Data Breach

    Counter Strike 2 leaked

    Oh No! Counter Strike 2 leaked Before Official Launch

    Medusa ransomware group

    Minneapolis Public Schools Data Breach: Medusa Allegedly Leaks 100GB Data

    US District Court's Network Access

    Everest Ransomware Group Adds US District Court’s Network Access for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    CISA

    13 Specialists to Join Forces with CISA’s Cybersecurity Advisory Committee

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Explicit Online Content of Children

    Removing Explicit Online Content of Children is a Global War

    Rio Tinto Cyber Attack

    Rio Tinto Cyber Attack Puts Employee Information at Risk

    Team Insane PK Targets Indian Businesses

    Team Insane PK Targets Indian Businesses, Leaks Sensitive Data

    Goa Cyber attack 2

    Cl0p Ransomware Lists Goa State Government as Victim

    opt out of ChatGPT data collection

    OpenAI Has Privacy Issues: How Do We Opt Out of ChatGPT Data Collection?

    The City of Toronto Cyberattack

    The City of Toronto Cyberattack Confirmed, Linked to GoAnywhere Data Breach

    Counter Strike 2 leaked

    Oh No! Counter Strike 2 leaked Before Official Launch

    Medusa ransomware group

    Minneapolis Public Schools Data Breach: Medusa Allegedly Leaks 100GB Data

    US District Court's Network Access

    Everest Ransomware Group Adds US District Court’s Network Access for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    CISA

    13 Specialists to Join Forces with CISA’s Cybersecurity Advisory Committee

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Firewall Daily Dark Web News

YouTube Vanced Android App Spoofed to Launch Nexus Malware to Steal Banking Data

The malware attack was launched on targets via phishing pages there were spoofed to look like the legitimate page of the now-defunct YouTube Vanced Android app.

Vishwa Pandagle by Vishwa Pandagle
March 10, 2023
in Dark Web News, Firewall Daily, Malware News
0
YouTube Vanced Android App
602
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

An Android banking trojan called Nexus, advertised on a Russian cybercrime forum, can launch malware attacks on all Android versions up to the 13 and was still being worked on to include more features and capabilities.

Nexus malware was found to be distributed through phishing pages disguised as YouTube Vanced’s legitimate websites, including youtubeadvanced[.]net and youtubevanvedadw[.]net, found researchers at Cyble Research and Intelligence Labs (CRIL).

You might also like

Removing Explicit Online Content of Children is a Global War

Rio Tinto Cyber Attack Puts Employee Information at Risk

Team Insane PK Targets Indian Businesses, Leaks Sensitive Data

The malware’s code was analyzed and found to have similarities with the S.O.V.A banking trojan, which targets Android devices.

Android malware
Screenshot of the advertisement (Photo: Cyble)

Nexus malware targets

Nexus malware targets banking apps to steal sensitive data from Android-based devices. Some of the banks were Finansbank Enpara, mBank, Ziraat bank, YKB, and VakifBank. A full list of links to the targeted banks can be seen below:

YouTube Vanced Android App Spoofed
Targeted banks with their icons and countries (Photo: Cyble)

Most of the banks were headquartered in Turkey, the Togolese Republic, Spain, etc. Nexus was capable of stealing wallet information from specific banking apps including accessing Exodus wallets.

Nexus malware can exploit permissions and run its own commands including:

  1. startlock to lock the device screen
  2. getperm to work as an administrator
  3. stop2faactivator to disable 2FA activator
  4. starthidenpush to hide push notifications on the device
  5. getsms to steal SMSs from the device
  6. call to make calls
  7. gettrustwallet to steal Trust wallet data
  8. delbot to deactivate the admin and uninstall Nexus

The malware attack was launched on targets via phishing pages there were spoofed to look like the legitimate page of the now-defunct YouTube Vanced Android application. Researchers spotted the following cloned pages used to cheat targets:

  • youtubeadvanced[.]net
  • youtubevanvedadw[.]net
YouTube Vanced Android App Spoofed to Launch Nexus Malware to Steal Banking Data
Screenshot of the fake app icon with Nexus malware (Photo: Cyble)

Nexus malware: A detailed analysis

“The malware prompts the user to enable the Accessibility Service upon launching it for the first time. Once the victim grants this permission, the malware exploits the service to automatically approve requested permissions, enable device administration, and initiate keylogging activities,” said the CRIL report.

The URL hxxp://5.161.97[.]57:5000 was used as the Command and Control server and the package name was com.toss.soda. The SHA256 hash was 3dcd8e0cf7403ede8d56df9d53df26266176c3c9255a5979da08f5e8bb60ee3f.

CRIL researchers warned users to inform the bank and then disable WiFi and/or mobile data and remove the sim card. They may need to perform a factory reset. Removing the banking application is also advisable for immediate mitigation.

Researchers found similarities between Nexus Android malware and the SOVA Android banking trojan that was discovered in 2021.

Nexus banking malware versus SOVA banking trojan

SOVA also had similar coding as Nexus, and it attacked Android versions 7 through 11. An advertisement in an XSS.is forum publicized SOVA with intention of making it capable of launching DDoS attacks and ransomware attacks.

The malware developers were planning to add Man in the Middle (MiTM) capabilities to the SOVA banking trojan. MiTM attacks generally target banking and e-commerce applications that require logging in.

In such attacks, the cybercriminal or developer of malware tries to interact with the target while posing as a legitimate executive or member of a team offering app-related help.

SOVA Android Trojan was in the cybersecurity news recently, when the Indian Computer Emergency Response Team (CERT-In) issued an alert that the country’s banking customers were being targeted by it.

The malware, which first appeared for sale in underground markets in September 2021, can harvest usernames and passwords, capture credentials when users log into their net banking apps, and prevent uninstallation by intercepting actions and returning the user to the home screen with a display: This app is secured.

“It has been discovered that the makers of SOVA recently upgraded it to its fifth version since its inception, and this version has the capability to encrypt all data on an Android phone and hold it to ransom,” said the official alert.

“Another key features of SOVA is the refactoring of its “protections” module, which aims to protect itself from different victim’s actions.”

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Android banking malwareCRIL Nexus researchNexus malwareSOVA and Nexus malwareThe Cyber ExpressThe Cyber Express News
Previous Post

Android Security Bulletin March 2023: Top Android Security Fixes and Security Patches

Next Post

BlackSnake Ransomware Slithers Out of Chaos’s Shadows

Vishwa Pandagle

Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes cybersecurity news related to data breaches, ransomware, phishing, and best practices among others. She also writes about cybersecurity developments and likes interacting with experts in this field. When not working, she likes self-reflecting, meditating, volunteering, and going for long walks.

Related Posts

Explicit Online Content of Children
Firewall Daily

Removing Explicit Online Content of Children is a Global War

by Vishwa Pandagle
March 25, 2023
Rio Tinto Cyber Attack
Data Breach News

Rio Tinto Cyber Attack Puts Employee Information at Risk

by Ashish Khaitan
March 25, 2023
Team Insane PK Targets Indian Businesses
Dark Web News

Team Insane PK Targets Indian Businesses, Leaks Sensitive Data

by Vishwa Pandagle
March 25, 2023
Goa Cyber attack 2
Dark Web News

Cl0p Ransomware Lists Goa State Government as Victim

by Chandu Gopalakrishnan
March 24, 2023
opt out of ChatGPT data collection
Firewall Daily

OpenAI Has Privacy Issues: How Do We Opt Out of ChatGPT Data Collection?

by Chandu Gopalakrishnan
March 24, 2023
Next Post
BlackSnake Ransomware

BlackSnake Ransomware Slithers Out of Chaos’s Shadows

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Issue is Out. Subscribe Now

Women in Cybersecurity

Download Now

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Top 10 Cybersecurity Jobs

Categories

About The Cyber Express

The Cyber Express

Cyber Security News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Events: +1 (678) 578-4140

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Tel: (678) 578-8838

Events: +1 (678) 578-4140

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cyber Security Magazine
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.