___  ___    _ _    _  _ _____   _____
 / __|/ _ \  | | |  | || |_ _\ \ / / __|
| (_ | (_) | |_  _| | __ || | \ V /| _|
 \___|\___/    |_|  |_||_|___| \_/ |___|

 --- A GOPHER-LIKE INTERFACE FOR HIVE BLOCKCHAIN ---

There is an Alien looking to steal your Crypto!

BY: @moonunit | CREATED: Sept. 25, 2020, 2:15 p.m. | VOTES: 71 | PAYOUT: $3.16 | [ VOTE ]

And no, its not @acidyo or @derangedvisions from the OCD community, although them guys are weird, right? This is a new trojan is affecting Android users and the Coinbase, blockchain.com and luno wallets. The trojan is based on the Cerburus trojan from some years back. Google play store was almost free of infected apps, mainly because the group behind it pretty much deserted it when Google discoverd a way to track infected apps, but the trojan has seen new life in recent weeks after its been picked up by a new group and its spreading. There are 226 apps that are currently affected. This particular trojan has the ability to intercept 2fa codes and passwords in transit. This is a dangerous trojan. I would strongly advise anyone using an android device to keep your eyes peeled and uninstall any unused or questionable apps from your devices.

[IMAGE: https://images.hive.blog/DQmZ4cJkHLwsiZQxeBEYGjj9amu2fn3xAdTwRYKAEfCvbxY/fantasy-2847724_1280.jpg]

This first came to my attention a couple of weeks ago when @hetty-rowan hit me up on discord to say she had a lot of weird things happening in her coinbase wallet. Her account had been compromised and she had 2fa enabled. The attacker was able to convert some of her coins to BTC but thankfully they were unable to withdraw the funds from her account as she had the email feature also enabled.

FYI: Hetty does not know the answer to your questions!! There are apps listed below, read the list and if you have an affected app, remove it.

Currently, according to ThreatFabric, Alien boasts the following capabilities:

Can overlay content on top of other apps (feature used for phishing login credentials)

Log keyboard input

Provide remote access to a device after installing a TeamViewer instance

Harvest, send, or forward SMS messages

Steal contacts list

Collect device details and app lists

Collect geo-location data

Make USSD requests

Forward calls

Install and start other apps

Start browsers on desired pages

Lock the screen for a ransomware-like feature

Sniff notifications showed on the device

Steal 2FA codes generated by authentication apps

SRC:

Apps and specific package names for that are infected are listed below.

Package name App name com.coinbase.android Coinbase – Buy & Sell Bitcoin. Crypto Wallet piuk.blockchain.android Blockchain Wallet. Bitcoin, Bitcoin Cash, Ethereum com.bbva.bbvacontigo BBVA Spain com.bankinter.launcher Bankinter Móvil es.bancosantander.apps Santander es.univia.unicajamovil UnicajaMovil es.cm.android Bankia es.evobanco.bancamovil EVO Banco móvil com.kutxabank.android Kutxabank com.rsi ruralvía com.akbank.android.apps.akbank_direkt Akbank com.garanti.cepsubesi Garanti BBVA Mobile com.finansbank.mobile.cepsube QNB Finansbank Mobile Banking com.connectivityapps.hotmail Connect for Hotmail & Outlook: Mail and Calendar com.teb CEPTETEB com.ykb.android Yapı Kredi Mobile finansbank.enpara Enpara.com Cep Şubesi com.tmobtech.halkbank Halkbank Mobil com.kuveytturk.mobil Kuveyt Türk com.ziraat.ziraatmobil Ziraat Mobile com.pozitron.iscep İşCep - Mobile Banking com.vakifbank.mobile VakıfBank Mobil Bankacılık es.ibercaja.ibercajaapp Ibercaja com.abnamro.nl.mobile.payments ABN AMRO Mobiel Bankieren pl.pkobp.iko IKO pl.mbank mBank PL pe.com.interbank.mobilebanking Interbank APP jp.co.rakuten_bank.rakutenbank 楽天銀行 -個人のお客様向けアプリ com.sbi.sbifreedomplus - it.copergmps.rt.pf.android.sp.bmps Banca MPS com.google.android.gm Gmail com.mail.mobile.android.mail mail.com mail it.bnl.apps.banking BNL it.ingdirect.app ING Italia com.yahoo.mobile.client.android.mail Yahoo Mail – Organized Email com.db.mm.norisbank norisbank App com.db.pbc.miabanca La Mia Banca eu.unicreditgroup.hvbapptan HVB Mobile Banking de.commerzbanking.mobil Commerzbank Banking - The app at your side de.fiducia.smartphone.android.banking.vr VR Banking Classic de.postbank.finanzassistent Postbank Finanzassistent com.targo_prod.bad TARGOBANK Mobile Banking de.comdirect.android comdirect mobile App de.dkb.portalapp DKB-Banking com.starfinanz.smob.android.sfinanzstatus Sparkasse Ihre mobile Filiale de.consorsbank Consorsbank com.finanteq.finance.ca CA24 Mobile com.boursorama.android.clients Boursorama Banque com.caisseepargne.android.mobilebanking Banque com.cm_prod.bad Crédit Mutuel com.ingdirectandroid - fr.lcl.android.customerarea Mes Comptes - LCL fr.banquepopulaire.cyberplus Banque Populaire fr.creditagricole.androidapp Ma Banque mobi.societegenerale.mobile.lappli L'Appli Société Générale au.com.nab.mobile NAB Mobile Banking com.cibc.android.mobi CIBC Mobile Banking® com.grppl.android.shell.cmblloydstsb73 - com.grppl.android.shell.halifax Halifax: the banking app that gives you extra org.stgeorge.bank St.George Mobile Banking com.att.mywireless - com.chase.sig.android Chase Mobile com.clairmail.fth Fifth Third Mobile Banking com.csam.icici.bank.imobile iMobile by ICICI Bank com.unicredit Mobile Banking UniCredit it.popso.scrignoapp - com.microsoft.office.outlook Microsoft Outlook: Organize Your Email & Calendar com.infonow.bofa Bank of America Mobile Banking com.konylabs.capitalone Capital One® Mobile com.suntrust.mobilebanking SunTrust Mobile App com.usaa.mobile.android.usaa USAA Mobile com.usbank.mobilebanking U.S. Bank - Inspired by customers com.wf.wellsfargomobile Wells Fargo Mobile com.bmo.mobile BMO Mobile Banking it.nogood.container UBI Banca com.rbc.mobile.android RBC Mobile com.latuabancaperandroid Intesa Sanpaolo Mobile com.ingbanktr.ingmobil ING Mobil com.magiclick.odeabank Odeabank posteitaliane.posteapp.apppostepay Postepay tr.com.sekerbilisim.mbank ŞEKER MOBİL ŞUBE com.commbank.netbank CommBank com.android.vending Google Play es.liberbank.cajasturapp Banca Digital Liberbank www.ingdirect.nativeframe ING España. Banca Móvil com.cajasur.android Cajasur com.tecnocom.cajalaboral Banca Móvil Laboral Kutxa com.db.pbc.mibanco Mi Banco db net.inverline.bancosabadell.officelocator.android Banco Sabadell App. Your mobile bank com.bbva.netcash BBVA Net Cash ES & PT es.bancosantander.empresas Santander Empresas com.paypal.android.p2pmobile PayPal Mobile Cash: Send and Request Money Fast pl.bzwbk.bzwbk24 Santander mobile es.caixageral.caixageralapp Banco Caixa Geral España alior.bankingapp.android Usługi Bankowe eu.eleader.mobilebanking.pekao Pekao24Makler eu.eleader.mobilebanking.pekao.firm PekaoBiznes24 com.facebook.katana Facebook com.imaginbank.app imaginBank - Your mobile bank com.whatsapp WhatsApp Messenger com.snapchat.android Snapchat com.twitter.android Twitter org.telegram.messenger Telegram com.instagram.android Instagram com.viber.voip Viber Messenger - Messages, Group Chats & Calls es.lacaixa.mobile.android.newwapicon CaixaBank softax.pekao.powerpay PeoPay com.ebay.mobile eBay: Buy, sell, and save money on home essentials com.amazon.mshop.android.shopping - com.getingroup.mobilebanking Getin Mobile wit.android.bcpbankingapp.millenniumpl - com.konylabs.cbplpat Citi Handlowy es.caixagalicia.activamovil ABANCA- Banca Móvil com.moneybookers.skrillpayments.neteller NETELLER - fast, secure and global money transfers com.pcfinancial.mobile Simplii Financial com.td TD Canada cz.csob.smartbanking ČSOB Smartbanking com.airbitz Bitcoin Wallet - Airbitz clientapp.swiftcom.org ePayments: wallet & bank card de.number26.android N26 — The Mobile Bank au.com.ingdirect.android ING Australia Banking com.payoneer.android Payoneer – Global Payments Platform for Businesses com.cimbmalaysia CIMB Clicks Malaysia eu.eleader.mobilebanking.invest plusbank24 com.moneybookers.skrillpayments Skrill - Fast, secure online payments com.mycelium.wallet Mycelium Bitcoin Wallet uk.co.santander.santanderuk - com.aff.otpdirekt OTP SmartBank com.kasikorn.retail.mbanking.wap K PLUS com.krungsri.kma KMA com.scb.phone SCB EASY com.netflix.mediaclient Netflix com.bendigobank.mobile Bendigo Bank com.citibank.citibankmy - com.konylabs.hongleongconnect - org.banksa.bank BankSA Mobile Banking org.bom.bank Bank of Melbourne Mobile Banking at.volksbank.volksbankmobile Volksbank hausbanking net.bnpparibas.mescomptes Mes Comptes BNP Paribas com.ocito.cdn.activity.creditdunord Crédit du Nord pour Mobile pl.bph BusinessPro Lite pt.bancobpi.mobile.fiabilizacao BPI APP pt.novobanco.nbapp NB smart app pt.santandertotta.mobileparticulares Santander Particulares com.bankofqueensland.boq BOQ Mobile fr.laposte.lapostemobile La Poste - Services Postaux com.cic_prod.bad CIC com.fortuneo.android Fortuneo, mes comptes banque & bourse en ligne nz.co.asb.asbmobile ASB Mobile Banking pl.bzwbk.ibiznes24 iBiznes24 mobile pl.millennium.corpapp - net.garagecoders.e_llavescotiainfo ScotiaMóvil com.credemmobile - it.carige Carige Mobile eu.inmite.prj.kb.mobilbank Mobilni Banka jp.co.netbk 住信SBIネット銀行 au.com.cua.mb CUA Mobile Banking com.advantage.raiffeisenbank - com.bankaustria.android.olb Bank Austria MobileBanking com.barclays.android.barclaysmobilebanking Barclays com.bochk.com BOCHK com.htsu.hsbcpersonalbanking HSBC Mobile Banking com.anz.android.gomoney ANZ Australia com.bankia.wallet Bankia Wallet com.fusion.banking Bank Australia app com.fusion.beyondbank Beyond Bank Australia com.greater.greater - com.bancsabadell.wallet Sabadell Wallet es.bancosantander.wallet Santander Wallet com.fullsix.android.labanquepostale.accountaccess La Banque Postale com.cajamar.cajamar - wit.android.bcpbankingapp.millennium - enterprise.com.anz.shield ANZ Shield com.fibabanka.mobile Fibabanka Corporate Mobile com.mobileloft.alpha.droid myAlpha Mobile mbanking.nbg - com.eurobankefg - es.bancopopular.nbmpopular Popular ktbcs.netbank Krungthai NEXT com.bbva.bbvawallet BBVA Wallet Spain. Mobile Payment com.bancomer.mbanking BBVA México (Bancomer Móvil) ar.com.santander.rio.mbanking Santander Argentina com.mercadolibre Mercado Libre: compra fácil y rápido es.santander.money Santander Money Plan com.dhanlaxmi.dhansmart.mtc Dhanlaxmi Bank Mobile Banking com.infrasofttech.centralbank - com.infrasofttech.mahabank - com.msf.kbank.mobile Kotak - 811 & Mobile Banking com.sbi.sbanywherecorporate - com.snapwork.hdfc HDFC Bank MobileBanking com.samba.mb SambaMobile eu.netinfo.colpatria.system Scotiabank Colpatria com.todo1.mobile Bancolombia App Personas org.westpac.bank Westpac Mobile Banking au.com.suncorp.suncorpbank - au.com.pnbank.android P&N BANKING APP com.ing.mobile ING Bankieren com.tfkb Türkiye Finans Mobile Branch finansbank.enpara.sirketim Enpara.com Şirketim Cep Şubesi com.google.android.play.games Google Play Games com.icomvision.bsc.tbc TBC Bank com.citi.citimobile Citi Mobile® com.tdbank TD Bank (US) com.unionbank.ecommerce.mobile.android Union Bank Mobile Banking com.comarch.security.mobilebanking ING Business de.sdvrz.ihb.mobile.secureapp.sparda.produktion SpardaSecureApp au.com.bankwest.mobile Bankwest com.hsbc.hsbcnet HSBCnet Mobile com.nearform. ptsb permanent tsb org.banking.bom.businessconnect Bank of Melbourne Business App org.banking.bsa.businessconnect BankSA Business App org.banking.stg.businessconnect St.George Business App org.westpac.col Westpac Corporate Mobile ca.bnc.android National Bank of Canada ca.servus.mbanking Servus Mobile Banking co.bitx.android.wallet Luno: Buy Bitcoin, Ethereum and Cryptocurrency com.acceltree.mtc.screens Alawwal Mobile enbd.mobilebanking Emirates NBD lt.spectrofinance.spectrocoin.android.wallet Bitcoin Wallet by SpectroCoin com.skype.raider Skype - free IM & video calls com.barclaycardus Barclays US com.grppl.android.shell.bos - com.rbs.mobile.android.natwest NatWest Mobile Banking com.rbs.mobile.android.rbs Royal Bank of Scotland Mobile Banking tsb.mobilebanking TSB Bank Mobile Banking net.inverline.bancosabadell.officelocator.activobank ActivoBank

Src:

As you can see there is a massive number of affected apps so be super careful with what you are doing and I would strongly advise everyone reading this to audit your apps and if you don't need it, bin it!

Top image Src:

TAGS: [ #crypto ] [ #security ] [ #trojan ] [ #leofinance ] [ #menofcrypto ] [ #neoxian ]

Replies

@poshbot | Sept. 25, 2020, 2:23 p.m. | Votes: 0 | [ VOTE ]

https://twitter.com/Moonuni00622029/status/1309498775082237952

@hetty-rowan | Sept. 25, 2020, 2:24 p.m. | Votes: 0 | [ VOTE ]

Very very useful ... and thank you for checking all of this out. Now going to reblog your post and check my phone out once again. Maybe also worth to mention that malwarebytes for android didn't find this trojan on my phone. So if it happened to me because of the trojan, than you can't trust on malwarebytes. Unfortunately

😟

@moonunit | Sept. 25, 2020, 2:28 p.m. | Votes: 0 | [ VOTE ]

I believe that would be more that the malwarebytes signatures wouldn't have the signature included in its new updates. I would imagine we will see updates from the likes of malwarebytes and also we'll see Google scanning the play store too.

@hetty-rowan | Sept. 25, 2020, 3:16 p.m. | Votes: 0 | [ VOTE ]

I hope to see the updates soon because it's really not a fun thing to have it happening. And luckily they weren't able to steal from me this time, but still rather not go through that once again ...

Yes let's hope Google will be alert soon too.

@xcountytravelers | Sept. 25, 2020, 3:10 p.m. | Votes: 0 | [ VOTE ]

That is a very scary list!!!! Thanks for letting us know.

@jerrytsuseer | Sept. 25, 2020, 3:40 p.m. | Votes: 0 | [ VOTE ]

Post upvoted and reblogged @moonunit. I still don't see what can be done, other than simply don't use the effected apps, so if you have or come up with more insight about that, please share

@moonunit | Sept. 29, 2020, 8:36 a.m. | Votes: 1 | [ VOTE ]

Thank you @jerrysuseer I try to keep myself up to date on new attacks. When they involve the crypto space I do all I can to get the word out to as many as possible.

@jerrytsuseer | Sept. 29, 2020, 9:26 a.m. | Votes: 0 | [ VOTE ]

I copied most of the details of your post, used it as the basis of a msg I sent to the two banks that I use, Wells Fargo, and USAA that I was concerned about this new virus.

WF replied that they had checked and there was no virus in their system.

I thank you for the heads up, and I've warned my friends to beware of it as well.

Thank you @moonunit

@moonunit | Sept. 29, 2020, 10:03 a.m. | Votes: 1 | [ VOTE ]

That is great that they responded to you but they should't have been scanning their system. The issue is not with them specifically, rather with the infrastructure its running on I.E. Android. The compromised app once installed is logging information that should be secured in a TEE (trusted execution envirnoment) which is a secure part of the CPU on your device. This would be best practice for android devices but they may not use it due to lazy devs etc. Apple do not use TEE on their devices, they use TAP (trusted application protocol I believe) just as an FYI.

I haven't seen the detail on where the malware is picking up the information, I.E. if its in a TEE but I highly doubt it. I would say that it is monitoring transactions like device to server etc.

@poshbot | Sept. 25, 2020, 4:36 p.m. | Votes: 0 | [ VOTE ]

https://twitter.com/Jeffrey66032603/status/1309532324971896833

@poshbot | Sept. 25, 2020, 7:16 p.m. | Votes: 0 | [ VOTE ]

https://twitter.com/ForeverHero7/status/1309572583176704001

@c0ff33a | Sept. 25, 2020, 7:33 p.m. | Votes: 2 | [ VOTE ]

I never touch droids, ever since the Jawa sold me a bum one. Looks like this is a case for Mulder and Scully - the truth is out there.

@moonunit | Sept. 25, 2020, 7:38 p.m. | Votes: 0 | [ VOTE ]

Haha, so many innuendos! Mad skills yo!

@spinvest-neo | Sept. 25, 2020, 8:14 p.m. | Votes: 1 | [ VOTE ]

@hetty-rowan did her job, BTW

TY moon-unit and Hettie!

@hetty-rowan | Sept. 25, 2020, 8:37 p.m. | Votes: 0 | [ VOTE ]

🙄😋

The word has to go out as much as possible

@chekohler | Sept. 25, 2020, 8:26 p.m. | Votes: 0 | [ VOTE ]

Whenever there is a buck to be made by scamming people are going to do it, it's why decentralisation and education and healthy scepticism and distrust of systems are important. Getting into crypto means taking responsibility in many ways people may not be ready for

Posted Using LeoFinance Beta

@moonunit | Sept. 29, 2020, 8:37 a.m. | Votes: 0 | [ VOTE ]

Yes, very true. Scammers be scamming. It is on the users to keep themselves safe. I do what I can to try to raise awareness. Thanks for checking it out.

@poshbot | Sept. 26, 2020, 3:10 a.m. | Votes: 0 | [ VOTE ]

https://twitter.com/Bhattg18/status/1309691756439453697

@deeanndmathews | Sept. 26, 2020, 5:47 a.m. | Votes: 0 | [ VOTE ]

Thank you!

@moonunit | Sept. 29, 2020, 8:37 a.m. | Votes: 0 | [ VOTE ]

No, Thank you. I am glad you read through and I hope it helps you to avoid being caught up in any way.

@deeanndmathews | Sept. 29, 2020, 8:43 a.m. | Votes: 0 | [ VOTE ]

I have an Android, and looked through and saw some apps I had THOUGHT about downloading, but never did ... it was near enough, and it is good to know what to avoid -- thank YOU!

@careassaktart | Sept. 26, 2020, 12:45 p.m. | Votes: 0 | [ VOTE ]

Thanks for this great info!

@moonunit | Sept. 29, 2020, 8:38 a.m. | Votes: 0 | [ VOTE ]

No problem at all. I do what I can to help when I can.

@ninahaskin | Sept. 26, 2020, 10:59 p.m. | Votes: 0 | [ VOTE ]

Thank you for the heads-up and warning!

@moonunit | Sept. 29, 2020, 8:20 a.m. | Votes: 0 | [ VOTE ]

No problem, Just trying to spread the word as much as possible. We are all crypto folk here.

[ BACK TO TRENDING ] [ BACK TO MENU ]
CMD>