Latest news with #CleafyThreatIntelligence
Morocco World
4 days ago
- Morocco World
Morocco Top African Target in Chinese Malware Attack on 11,000 Devices Worldwide
Rabat – Cybersecurity researchers have identified Morocco as the main African target in a rapidly expanding global cybercrime operation using a sophisticated Android Remote Access Trojan (RAT) known as PlayPraetor. The large-scale campaign, orchestrated by Chinese-speaking threat actors, has infected more than 11,000 devices worldwide in under three months. While Europe remains the primary focus, with Portugal, Spain, and France recording the highest infection rates, a report by Cleafy Threat Intelligence said Morocco is the continent's most significant hotspot. 'Accounting for 22% of total infections, the botnet's footprint in Africa is characterised by a geographically dispersed activity, with the clear exception of Morocco, which has emerged as the continent's primary hotspot,' reads the report. The malware is spread through fraudulent Google Play Store pages and enables full real-time control of infected smartphones. Once installed, it can steal banking credentials, intercept SMS messages, capture screenshots, and even stream the victim's screen live to cybercriminals. The RAT is part of a Malware-as-a-Service (MaaS) model, which allows multiple criminal affiliates to run independent campaigns while using shared infrastructure. Moroccan victims are believed to be targeted primarily in French and Arabic. The growing Arabic-language infections, which saw a sharp spike in late June, may signal an intensifying wave of attacks against users in Morocco and across North Africa. The malware's operators have been continuously updating its capabilities, which makes it harder to detect and block. 'A final, telling development is the sudden, sharp spike in Arabic-speaking victims in the last week, which may signal the opening of another major campaign front,' added the report. The report concluded that the campaign is growing by more than 2,000 new infections each week, and is increasingly targeting Spanish and French speakers. Tags: Androidmalware attackMorocco
Daily Mirror
22-04-2025
- Daily Mirror
Android users must check one phone setting now - ignoring new alert may be costly
There's a worrying new Android scam doing the rounds but a simple settings check will stop you from becoming its next victim. Android users need to watch out for a scary new scam that could see their bank accounts raided and money stolen. The latest alert has been issued after security experts at Cleafy spotted a worrying trend that uses a bug called Supercard X to try and steal cash from unsuspecting users. This new attack is more complicated than most, but those who are fooled could see their accounts drained without them ever knowing anything is wrong. According to Cleafy, the threat begins via a simple text message which is sent out to Android phones. The note, which appears to have come from the user's bank, explains that there has been some suspicious activity on their account. A number is included with the recipient of the text, then urged to call for help without delay. Once dialled, scammers then answer the phone and attempt to trick the user into handing over account details and PIN numbers. If that wasn't bad enough, they are also told to download a new "security" app (called Reader) and then tap their bank card on their phone to verify that things are working. Sadly, the application isn't going to stop any banking threats and actually contains the harmful Supercard X bug, which then transmits data from the debit card to the scammer's phone. Once completed, hackers then have everything they need to pay for goods using the victim's card. During the call, they even try and get the user to turn off any spending limits, which means even more money can be taken. "The Cleafy Threat Intelligence team has identified a new and sophisticated Android malware campaign, dubbed 'SuperCard X'," Cleafy explained. "This campaign employs a novel NFC-relay technique, enabling Threat Actors to fraudulently authorise Point-of-Sale payments and Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from compromised devices. The malware is distributed through Social Engineering tactics, deceiving victims into installing the malicious application and subsequently 'tapping' their payment cards on their infected phones." It's unclear how many people have been targeted so far but reports suggest the majority of attacks are currently located in Italy. Although the UK appears unaffected for now, it's always good to know about these types of attacks and to stay alert. Now is also a good time to check your Android phone and make sure Google 's Play Protect setting is turned on as this should block any dangerous apps from being installed. Google is also keen to point out that no apps on its Play Store have yet to infected with the Supercard X bug. Expalining more about this service, Google said: "Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."
