“Try Without Personalisation” Google’s New Search Feature For Non-Personalised Search Results

Introduction:

A new Android malware called NGate is capable of stealing money from payment cards through relaying the data read by the Near Field Communication (“NFС”) chip to the attacker’s device. NFC  is a device which allows  devices such as smartphones to communicate over a short distance wirelessly.  In particular, NGate allows forging the victims’ cards and, therefore, performing fraudulent purchases or withdrawing money from ATMs. . 

 About NGate Malware: 

The whole purpose of NGate malware is to target victims’ payment cards by relaying the NFC data to the attacker’s device. The malware is designed to take advantage of phishing tactics and functionality of the NFC on android based devices. 

Modus Operandi: 

• Phishing Campaigns: The first step is spoofed emails or SMS used to lure the users into installing the  Progressive Web Apps (“PWAs”) or the WebAPKs presented as genuine banking applications. These apps usually have a layout and logo that makes them look like an authentic app of a Targeted Bank which makes them believable. 

• Installation of NGate: When the victim downloads the specific app, he or she is required to input personal details including account numbers and PIN numbers. Users are also advised to turn on or install  NFC on their gadgets and place the payment cards to the back part of the phone to scan the cards. 

• NFCGate Component: One of the main working features of the NGate is the NFCGate, an application created and designed by some students of Technical University of Darmstadt. This tool allows the malware to:
  • • Collect NFC traffic from payment cards in the vicinity. 
    • Transmit, or relay this data to the attacker’s device through a server. 
    • Repeat data that has been previously intercepted or otherwise copied.

It is important to note that some aspects of NFCGate mandate a rooted device; however, forwarding NFC traffic can occur with devices that are not rooted, and therefore can potentially ensnare more victims. ‍

Technical Mechanism of Data Theft:

• Data Capture: The malware exploits the NFC communication feature on android devices and reads the information from the payment card, if the card is near the infected device. It is able to intercept and capture the sensive card details.  

• Data Relay: The stolen information  is transmitted through a server to the attacker’s device so that he/she is in a position to mimic the victim’s card. 

• Unauthorized Transactions: Attackers get access to spend money on the merchants or withdraw money from the ATM that has NFC enabled. This capability marks a new level of Android malware in that the hackers are able to directly steal money without having to get hold of the card. 

Social Engineering Tactics: 

In most cases, attackers use social engineering techniques to obtain more information from the target before implementing the attack. In the second phase, attackers may pretend to be representatives of a bank that there is a problem with the account and offer to download a program called NGate, which in fact is a Trojan under the guise of an application for confirming the security of the account. This method makes it possible for the attackers to get ITPIN code from the sides of the victim, which enables them to withdraw money from the targeted person’s account without authorization. 

 Technical Analysis:

The analysis of malicious file hashes and phishing links are below:

Malicious File Hashes:

csob_smart_klic.apk:

• MD5: 7225ED2CBA9CB6C038D8
• Classification: Android/Spy.NGate.B

csob_smart_klic.apk:

• MD5: 66DE1E0A2E9A421DD16B
• Classification: Android/Spy.NGate.C

george_klic.apk:

• MD5: DA84BC78FF2117DDBFDC
• Classification: Android/Spy.NGate.C

george_klic-0304.apk:

• MD5: E7AE59CD44204461EDBD
• Classification: Android/Spy.NGate.C

rb_klic.apk:

• MD5: 103D78A180EB973B9FFC
• Classification: Android/Spy.NGate.A

rb_klic.apk:

• MD5: 11BE9715BE9B41B1C852
• Classification: Android/Spy.NGate.C.

Phishing URLs:

Phishing URL: 

• https://client.nfcpay.workers[.]dev/?key=8e9a1c7b0d4e8f2c5d3f6b2

Additionally, several distinct phishing websites have been identified, including:

• rb.2f1c0b7d.tbc-app[.]life
• geo-4bfa49b2.tbc-app[.]life
• rb-62d3a.tbc-app[.]life
• csob-93ef49e7a.tbc-app[.]life
• george.tbc-app[.]life.

Analysis:

‍

‍

Broader Implications of NGate: 

The ultramodern features of NGate mean that its manifestation is not limited to financial swindling. An attacker can also generate a copy of NFC access cards and get  full access when hacking into restricted areas, for example, the corporate offices or restricted facility. Moreover, it is also safe to use the capacity to capture and analyze NFC traffic as threats to identity theft and other forms of cyber-criminality. 

Precautionary measures to be taken:

To protect against NGate and similar threats, users should consider the following strategies:

• Disable NFC: As mentioned above, NFC should be not often used, it is safe to turn NFC on Android devices off. This perhaps can be done from the general control of the device in which the bursting modes are being set. 

• Scrutinize App Permissions: Be careful concerning the permission that applies to the apps that are installed particularly the ones allowed to access the device. Hence, it is very important that applications should be downloaded only from genuine stores like Google Play Store only. 

• Use Security Software: The malware threat can be prevented by installing relevant security applications that are available in the market. 

• Stay Informed: As it has been highlighted, it is crucial for a person to know risks that are associated with the use of NFC while attempting to safeguard an individual’s identity. 

Conclusion: 

The presence of malware such as NGate is proof of the dynamism of threats in the context of mobile payments. Through the utilization of NFC function, NGate is a marked step up of Android malware implying that the attackers can directly manipulate the cash related data of the victims regardless of the physical aspect of the payment card. This underscores the need to be careful when downloading applications and to be keen on the permission one grants on the application. Turn NFC when not in use, use good security software and be aware of  the latest scams are some of the measures that help to fight this high level of financial fraud. The  attackers are now improving their methods. It is only right for the people and companies to take the right steps in avoiding the breach of privacy and identity theft.

Reference:

• https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
• https://therecord.media/android-malware-atm-stealing-czech-banks
• https://www.darkreading.com/mobile-security/nfc-traffic-stealer-targets-android-users-and-their-banking-info
• https://cybersecuritynews.com/new-ngate-android-malware/

‍

Introduction

This tale, the Toothbrush Hack, straddles the ordinary and the sophisticated; an unassuming household item became the tool for committing cyber crime. Herein lies the account of how three million electronic toothbrushes turned into the unwitting infantry in a cyber skirmish—a Distributed Denial of Service (DDoS) assault that flirted with the thin line that bridges the real and the outlandish.

In January, within the  Swiss borders, a story began circulating—first reported by the Aargauer Zeitung, a Swiss German-language daily newspaper. A legion of cybercriminals, with honed digital acumen, had planted malware on some three million electric toothbrushes. These devices, mere slivers of plastic and circuitry, became agents of chaos, converging their electronic requests upon the servers of an undisclosed Swiss firm, hurling that digital domain into digital blackout for several hours and wreaking an economic turmoil calculated in seven-figure sums.

The entire Incident

It was claimed that three million electric toothbrushes were allegedly used for a distributed denial-of-service (DDoS) attack, first reported by the Aargauer Zeitung, a Swiss German-language daily newspaper. The article claimed that cybercriminals installed malware on the toothbrushes and used them to access a Swiss company's website, causing the site to go offline and causing significant financial loss. However, cybersecurity experts have questioned the veracity of the story, with some describing it as "total bollocks" and others pointing out that smart electric toothbrushes are connected to smartphones and tablets via Bluetooth, making it impossible for them to launch DDoS attacks over the web. Fortinet clarified that the topic of toothbrushes being used for DDoS attacks was presented as an illustration of a given type of attack and that no IoT botnets have been observed targeting toothbrushes or similar embedded devices.

The Tech Dilemma - IOT Hack

Imagine the juxtaposition of this narrative against our common expectations of technology: 'This example, which could have been from a cyber thriller, did indeed occur,' asserted the narratives that wafted through the press and social media. The story radiated outward with urgency, painting the image of IoT devices turned to evil tools of digital unrest. It was disseminated with such velocity that face value became an accepted currency amid news cycles. And yet, skepticism took root in the fertile minds of those who dwell in the domains of cyber guardianship.

Several cyber security and IOT experts, postulated that the information from Fortinet had been contorted by the wrench of misinterpretation. They and their ilk highlighted a critical flaw: smart electric toothbrushes are bound to their smartphone or tablet counterparts by the tethers of Bluetooth, not the internet, stripping them of any innate ability to conduct DDoS or any other type of cyber attack directly.

With this unraveling of an incident fit for our cyber age, we are presented with a sobering reminder of the threat spectrum that burgeons as the tendrils of the Internet of Things (IoT) insinuate themselves into our everyday fabrics. Innocuous devices, previously deemed immune to the internet's shadow, now stand revealed as potential conduits for cyber evil. The layers of impact are profound, touching the private spheres of individuals, the underpinning frameworks of national security, and the sinews that clutch at our economic realities. The viral incident was a misinformation. 

IOT Weakness

IoT devices bear inherent weaknesses for twin reasons: the oft-overlooked element of security and the stark absence of a means to enact those security measures. Ponder this problem Is there a pathway to traverse the security settings of an electric toothbrush? Or to install antivirus measures within the cooling confines of a refrigerator? The answers point to an unsettling simplicity—you cannot.

How to Protect 

Vigilance - What then might be the protocol to safeguard our increasingly digital space? It begins with vigilance, the cornerstone of digital self-defense. Ensure the automatic updating of all IoT devices when they beckon with the promise of a new security patch. 

Self Awareness - Avoid the temptation of public USB charging stations, which, while offering electronic succor to your devices, could also stand as the Trojan horses for digital pathogens. Be attuned to signs of unusual power depletion in your gadgets, for it may well serve as the harbinger of clandestine malware. Navigate the currents of public Wi-Fi with utmost care, as they are as fertile for data interception as they are convenient for your connectivity needs.

Use of Firewall - A firewall can prove stalwart against the predators of the internet interlopers. Your smart appliances, from the banality of a kitchen toaster to the novelty of an internet-enabled toilet, if shielded by this barrier, remain untouched, and by extension, uncompromised. And let us not dismiss this notion with frivolity, for the prospect of a malware-compromised toilet or any such smart device leaves a most distasteful specter.

Limit the use of IOT -  Additionally, and this is conveyed with the gravity warranted by our current digital era, resist the seduction of IoT devices whose utility does not outweigh their inherent risks. A smart television may indeed be vital for the streaming aficionado amongst us, yet can we genuinely assert the need for a connected laundry machine, an iron, or indeed, a toothbrush? Here, prudence is a virtue; exercise it with judicious restraint.

Conclusion 

As we step forward into an era where connectivity has shifted from a mere luxury to an omnipresent standard, we must adopt vigilance and digital hygiene practices with the same fervour as those for our corporal well-being. Let the toothbrush hack not simply be a tale of caution, consigned to the annals of internet folklore, but a fable that imbues us with the recognition of our role in maintaining discipline in a realm where even the most benign objects might be mustered into service by a cyberspace adversary.

References 

• https://www.bleepingcomputer.com/news/security/no-3-million-electric-toothbrushes-were-not-used-in-a-ddos-attack/ 
• https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-not-used-in-a-ddos-attack-but-they-could-have-been/
• https://www.securityweek.com/3-million-toothbrushes-abused-for-ddos-attacks-real-or-not/

https://www.cxodigitalpulse.com/hackers-use-electric-toothbrushes-in-massive-cyber-attack-results-in-huge-financial-loss/

Executive Summary:

A video clip being circulated on social media allegedly shows the Hon’ble President of India, Smt. Droupadi Murmu, the TV anchor Anjana Om Kashyap and the Hon’ble Chief Minister of Uttar Pradesh, Shri Yogi Adityanath promoting a medicine for diabetes. While The CyberPeace Research Team did a thorough investigation, the claim was found to be not true. The video was digitally edited, with original footage of the heavy weight persons being altered to falsely suggest their endorsement of the medication. Specific discrepancies were found in the lip movements and context of the clips which indicated AI Manipulation. Additionally, the distinguished persons featured in the video were actually discussing unrelated topics in their original footage. Therefore, the claim that the video shows endorsements of a diabetes drug by such heavy weights is debunked. The conclusion drawn from the analysis is that the video is an AI creation and does not reflect any genuine promotion. Furthermore, it's also detected by AI voice detection tools.

‍

‍

Claims:

A video making the rounds on social media purporting to show the Hon'ble President of India, Smt. Draupadi Murmu, TV anchor Anjana Om Kashyap, and Hon'ble Chief Minister of Uttar Pradesh Shri Yogi Adityanath giving their endorsement to a diabetes medicine.

‍

‍

      Post link

Fact Check:

Upon receiving the post we carefully watched the video and certainly found some discrepancies between lip synchronization and the word that we can hear. Also the voice of Chief Minister of Uttar Pradesh Shri Yogi Adityanath seems to be suspicious which clearly indicates some sign of fabrication. In the video, we can hear Hon'ble President of India Smt. Droupadi Murmu endorses a medicine that cured her diabetes. We then divided the video into keyframes, and reverse-searched one of the frames of the video. We landed on a video uploaded by Aaj Tak on their official YouTube Channel.

‍

‍

Video link

We found something similar to the same viral video, we can see the courtesy written as Sansad TV. Taking a cue from this we did some keyword searches and found another video uploaded by the YouTube Channel Sansad TV. In this video, we found no mention of any diabetes medicine. It was actually the Swearing in Ceremony of the Hon’ble President of India, Smt. Droupadi Murmu.

‍

‍

Video link

In the second part, there was a man addressed as Dr. Abhinash Mishra who allegedly invented the medicine that cures diabetes. We reverse-searched the image of that person and landed at a CNBC news website where the same face was identified as Dr Atul Gawande who is a professor at Harvard School of Public Health. We watched the video and found no sign of endorsing or talking about any diabetes medicine he invented.

‍

‍

Website link

We also extracted the audio from the viral video and analyzed it using the AI audio detection tool named Eleven Labs, which found the audio very likely to be created using the AI Voice generation tool with the probability of 98%. 

‍

Hence, the Claim made in the viral video is false and misleading. The Video is digitally edited using different clips and the audio is generated using the AI Voice creation tool to mislead netizens. It is worth noting that we have previously debunked such voice-altered news with bogus claims.

‍

Conclusion:

In conclusion, the viral video claiming that Hon'ble President of India, Smt. Droupadi Murmu and Chief Minister of Uttar Pradesh Shri Yogi Adityanath promoted a diabetes medicine that cured their diabetes, is found to be false. Upon thorough investigation it was found that the video is digitally edited from different clips, the clip of Hon'ble President of India, Smt. Droupadi Murmu is taken from the clip of Oath Taking Ceremony of 15th President of India and the claimed doctor Abhinash Mishra whose video was found in CNBC News Outlet. The real name of the person is Dr. Atul Gawande who is a professor at Harvard School of Public Health. Online users must be careful while receiving such posts and should verify before sharing them with others.

‍

Claim: A video is being circulated on social media claiming to show distinguished individuals promoting  a particular medicine for diabetes treatment.

Claimed on: Facebook

Fact Check: Fake & Misleading

‍