Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario?

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app.
What is the attack performed on Don in the above scenario?

Option 1 : Clickjacking
Option 2 : SMS phishing attack
Option 3 : Agent Smith attack
Option 4 : SIM card attack
1. Clickjacking

Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. this will cause users to unwittingly download malware, visit malicious sites , provide credentials or sensitive information, transfer money, or purchase products online.
Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they’re clicking the visible page but actually they’re clicking an invisible element within the additional page transposed on top of it.
The invisible page might be a malicious page, or a legitimate page the user didn’t shall visit – for instance , a page on the user’s banking site that authorizes the transfer of cash .
There are several variations of the clickjacking attack, such as:
• Likejacking – a way during which the Facebook “Like” button is manipulated, causing users to “like” a page they really didn’t shall like.
• Cursorjacking – a UI redressing technique that changes the cursor for the position the user perceives to a different position. Cursorjacking relies on vulnerabilities in Flash and therefore the Firefox browser, which have now been fixed.

Clickjacking attack example

1. The attacker creates a beautiful page which promises to offer the user a free trip to Tahiti.
2. within the background the attacker checks if the user is logged into his banking site and if so, loads the screen that permits transfer of funds, using query parameters to insert the attacker’s bank details into the shape .
3. The bank transfer page is displayed in an invisible iframe above the free gift page, with the “Confirm Transfer” button exactly aligned over the “Receive Gift” button visible to the user.
4. The user visits the page and clicks the “Book My Free Trip” button.
5. actually the user is clicking on the invisible iframe, and has clicked the “Confirm Transfer” button. Funds are transferred to the attacker.
6. The user is redirected to a page with information about the free gift (not knowing what happened within the background).

This example illustrates that, during a clickjacking attack, the malicious action (on the bank website, during this case) can’t be traced back to the attacker because the user performed it while being legitimately signed into their own account.

Clickjacking mitigation

There are two general ways to defend against clickjacking:
• Client-side methods – the foremost common is named Frame Busting. Client-side methods are often effective in some cases, but are considered to not be a best practice, because they will be easily bypassed.
• Server-side methods – the foremost common is X-Frame-Options. Server-side methods are recommended by security experts as an efficient thanks to defend against clickjacking.

2. SMS phishing attack

Smishing, or SMS phishing, is that the act of committing text message fraud to undertake to lure victims into revealing account information or installed malware. almost like phishing, cybercriminals use smishing, the fraudulent plan to steal mastercard details or other sensitive information, by disguising as a trustworthy organization or reputable person during a text message.
With smishing, cybercriminals use a text message to undertake to urge potential victims to offer out personal information. The text message, which usually contains a link to a fake website that appears just like the legitimate site, asks the recipient to enter personal information. Fake information is usually wont to make the texts appear to be from a legitimate organization or business.
Smishing has grown in popularity with cybercriminals now that smartphones are widely used, because it enables them to steal sensitive financial and private information without having to interrupt through the safety defenses of a computer or network. Public awareness about phishing, smishing and other attacks continues to grow, as many incidents are reported on within the news.
How Smishing Works

Smishing uses social-engineering techniques to lure text message recipients into revealing personal or financial information. for instance , during the vacations , you get a text message pretending to be from a well known retailer telling you to travel to verify your billing information or your package won’t be shipped in time to form it your gift recipient. the sole problem is that the fake text message is providing you with a fake website link, where the knowledge you provide are going to be wont to commit fraud , fraud and other crimes. Smishing is additionally wont to distribute malware and spyware though links or attachments which will steal information and perform other malicious tasks. Messages typically contain some quite urgency, threat or warning to undertake to urge the recipient to require immediate action.

3. Agent Smith attack

In the Wachowski Brothers’ classic Matrix trilogy, “Agent Smith” famously describes the humanity as a species that multiplies until every resource is consumed. actually , it’s the “Agent Smith” of the mobile malware world that’s the important virus – and is spreading at alarming rates.
Check Point Researchers recently discovered a replacement variant of mobile malware that has quietly infected around 25 million devices, while the user remains completely unaware. Disguised as a Google related installed application, the core a part of the malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the user’s interaction.
So far, the first victims are based in India though other Asian countries like Pakistan and Bangladesh also are impacted, as are even a clear number of devices within the UK, Australia and therefore the US.
Dubbed “Agent Smith”, the malware currently uses its broad access to the device’s resources to point out fraudulent ads for gain . This activity resembles previous campaigns like Gooligan, Hummingbad and CopyCat malware and may infect all smartphones updated beyond even Android v.7.
In this case, “Agent Smith” is getting used to for gain through the utilization of malicious advertisements. However, it could easily be used for much more intrusive and harmful purposes like banking credential theft and eavesdropping. Indeed, thanks to its ability to cover its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this type of malware to harm a user’s device.

What Does “Agent Smith” Do?

“Agent Smith” has primarily three phases in its attack flow.
In the first phase, the attacker lures users to download a dropper application from an app store like 9Apps. These droppers are usually disguised as free games, utility installed applications or adult entertainment applications, yet contain an encrypted malicious payload. The dropper application then checks if any popular applications, such apps include WhatsApp, MXplayer, ShareIt and more from the attacker’s pre-determined list, are installed on the device. If any targeted installed application is found, “Agent Smith” will then attack those innocent installed applications at a later stage.
In the second phase, after the dropper gains an edge on victim device, it automatically decrypts the malicious payload into its original form – an APK (Android installed file) file which is the core a part of “Agent Smith’s attack. The dropper then abuses several known system vulnerabilities to put in the core malware with none user interaction in the least .
In the third phase, the core malware conducts attacks against each installed application on device which appears on its target list. The core malware quietly extracts a given innocent installed application’s APK file, patches it with extra malicious modules and eventually abuses an extra set of system vulnerabilities to silently swap the innocent version with a malicious one.

4. SIM card attack

Your cellphone could provide how for cybercriminals to access your financial accounts. How? Through your mobile number.
The fraud is understood as SIM swapping, and it are often wont to take over your financial accounts. SIM swapping relies on phone-based authentication. during a successful SIM swap scam, cybercriminals could hijack your telephone number and use it to realize access to your sensitive personal data and accounts.
Here’s how it works. you would possibly attempt to access one among your bank accounts that uses text-based two-factor authentication. meaning you start to access your account by entering your user name and password. Your bank then sends an access code to your cellphone for you to finish the log-in process.
But what if fraudsters are ready to change the SIM card connected to your mobile number? that might give them control over that number — and they’d receive the access code to your account.
It’s an honest idea to find out about of SIM card swapping. That way you’ll help protect yourself against this sort of fraud — or recognize if you’ve become a victim. Here’s what you would like to understand .

How do SIM swapping scams work?

A SIM swap scam — also referred to as SIM splitting, simjacking, sim hijacking, or port-out scamming — may be a fraud that happens when scammers cash in of a weakness in two-factor authentication and verification during which the second step may be a text message (SMS) or call to your mobile number.
First, some SIM-card basics. Cellphone subscriber identity module (SIM) cards are the storage for user data in Global System for Mobile (GSM) phones. Without a SIM card, your GSM phone wouldn’t be authorized to use a mobile network.
So having control over your cellphone number would be valuable to fraudsters. To steal your number, scammers start by gathering the maximum amount personal information on you as they will get and interesting during a little bit of social engineering.
The scammers call your mobile carrier, impersonating you and claiming to possess lost or damaged their (your) SIM card. They then ask the customer service representative to activate a replacement SIM card within the fraudster’s possession. This ports your phone number to the fraudster’s device containing a special SIM. Or, they’ll claim that they have help switching to a replacement phone.
How are fraudsters ready to answer your security questions? That’s where the info they’ve collected on you thru phishing emails, malware, the dark web, or social media research becomes useful.
Once they gain access to and control over your cellphone number, fraudsters can then access your phone communications with banks and other organizations — especially , your text messages. they will then receive any codes or password resets sent thereto phone via call or text for any of your accounts. And that’s it: They’re in.
How do they get your money? they could found out a second checking account in your name at your bank — where, because you’re already a bank customer, there could also be less robust security checks. Transfers between those accounts in your name won’t sound any alarms.

Learn CEH & Think like hacker

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment