Tag Archives: malware

2025, Digital Security

APT44 QR Code Phishing: New Cyber Espionage Tactics

Posted on by FMTAD
Illustration of a Russian APT44 (Sandworm) cyber spy exploiting QR codes to infiltrate Signal, highlighting advanced phishing techniques and vulnerabilities in secure messaging platforms.
24
Feb
APT44 QR Code Phishing: A New Era of Cyber Espionage — Jacques Gascuel unveils the latest phishing techniques exploiting QR codes, exposing vulnerabilities in secure messaging platforms like Signal. Learn how these attacks compromise communications and discover best practices to defend against evolving threats.

APT44 QR Code Phishing: How Russian Hackers Exploit Signal

APT44 (Sandworm), Russia’s elite cyber espionage unit, has launched a wave of QR Code Phishing attacks targeting Signal Messenger, leading to one of the largest Signal security breaches to date. Exploiting the growing use of QR codes, these state-sponsored cyber attacks compromised over 500 accounts, primarily within the Ukrainian military, media, and human rights communities. This article explores how QR code scams have evolved into sophisticated espionage tools and offers actionable steps for phishing prevention.

APT44 Sandworm: The Elite Russian Cyber Espionage Unit

Unmasking Sandworm’s sophisticated cyber espionage strategies and their global impact.

APT44, widely recognized as Sandworm, has been at the core of several global cyber espionage operations. The group’s latest method — QR code phishing — targets platforms trusted for privacy, exploiting their vulnerabilities to gain unauthorized access.

Specifically, Russian groups, such as UNC5792 and UNC4221, use malicious QR codes to link victims’ Signal accounts to attacker-controlled devices, enabling real-time interception of messages.

How APT44 Uses QR Codes to Infiltrate Signal

Breaking down APT44’s phishing process and how it targets Signal’s encryption loopholes.

The Google Threat Analysis Group (TAG) discovered that APT44 has been deploying malicious QR codes disguised as legitimate Signal invites or security notifications. When victims scan these QR codes, their devices unknowingly link to systems controlled by APT44, enabling real-time access to sensitive conversations.

APT44 QR Code Phishing Attack Flow

Step-by-step analysis of APT44’s QR code phishing methodology.

APT44 QR Code Phishing Attack Flow Diagram showing malicious QR code creation, distribution, data exfiltration, and remote control. APT44 QR Code Phishing Attack Flow Diagram showing malicious QR code creation, distribution, data exfiltration, and remote control.

APT44’s Cyber Espionage Timeline (2022-2025)

Tracking APT44’s evolution: From NotPetya to global QR code phishing campaigns.

📅 Date💣 Attack🎯 Target⚡ Impact
June 2022NotPetya VariantUkrainian GovernmentCritical infrastructure disruption
February 2024QR Code PhishingUkrainian Military & Journalists500+ Signal accounts compromised
January 2025QR Code Phishing 2.0Global Signal UsersWider-scale phishing

Google Unveils Advanced Phishing Techniques

Insights from Google TAG on the most sophisticated QR code phishing tactics used by Russian hackers.

Recent investigations by the Google Threat Analysis Group (TAG), published on February 19, 2025, have exposed sophisticated phishing techniques used by Russian cyber units, notably UNC5792 and UNC4221, to compromise Signal Messenger accounts. These threat actors have refined their methods by deploying malicious QR codes that mimic legitimate Signal linking features, disguised as official security prompts or Signal invites.

When unsuspecting users scan these QR codes, their Signal accounts become silently linked to attacker-controlled devices, granting real-time access to private conversations and the ability to manipulate communications.

Key Discoveries:

  • Malicious QR Codes: Hackers use fake Signal invites and security warnings embedded with dangerous QR codes that trick users into linking their accounts.
  • Real-Time Access: Once connected, attackers gain instant access to sensitive conversations, allowing them to monitor or even alter the communication flow.
  • Expanded Target Base: While the initial campaign focused on Ukrainian military and media personnel, the phishing campaign has now expanded across Europe and North America, targeting dissidents, journalists, and political figures.

📖 Source: Google TAG Report on APT44

Expanding Global Impact of APT44’s Cyber Campaigns

How APT44’s QR code phishing campaigns went global, targeting high-profile individuals.

Initially focused on Ukrainian military personnel, journalists, and human rights activists, APT44’s QR code phishing campaign has now evolved into a global cyber espionage threat. Cybersecurity experts have observed a significant expansion of APT44’s operations, targeting dissidents, activists, and ordinary users across Europe and North America. This shift highlights APT44’s intention to influence political discourse, monitor critical voices, and destabilize democratic institutions beyond regional conflicts.

The widespread use of QR codes in secure communication platforms like Signal has made it easier for attackers to exploit unsuspecting users, despite the platform’s robust encryption protocols. The attackers’ focus on exploiting social engineering tactics rather than breaking encryption underscores a growing vulnerability in user behavior rather than technical flaws.

Global Implications:

  • Cross-Border Threats: Russian cyber units now pose risks to journalists, politicians, human rights defenders, and activists worldwide, extending their espionage campaigns far beyond Ukraine.
  • Application Vulnerabilities: Even platforms known for strong encryption, like Signal, are susceptible if users unknowingly link their accounts to compromised devices.
  • Rising QR Code Exploits: A 40% surge in QR code phishing attacks was reported globally in 2024 (CERT-UA), signaling a broader trend in cyber espionage techniques.

These developments highlight the urgent need for international cooperation and proactive cybersecurity measures. Governments, tech companies, and cybersecurity organizations must work together to improve user education, strengthen security protocols, and share threat intelligence to counter these evolving threats.

Why This Timeline Matters

  • Awareness: Helps cybersecurity teams predict APT44’s next move by analyzing past behaviors.
  • Real-Time Updates: Encourages regular threat monitoring as tactics evolve.
  • Proactive Defense: Organizations can fine-tune incident response plans based on historical attack patterns.

Who’s Been Targeted?

APT44 primarily focuses on:

  • Ukrainian military personnel using Signal for tactical communications.
  • Journalists and media personnel the ongoing conflict (Pegasus Spyware) have been prime targets.
  • Human rights activists and government officials.

Key Insights & Building Long-Term Resilience Against APT44’s QR Code Cyber Threats

Best practices and lessons learned to prevent future phishing attacks.

The Google Threat Analysis Group (TAG) has revealed how Russian cyber units, notably APT44, employ malicious QR codes that mimic legitimate Signal linking features. When unsuspecting users scan these codes, their Signal accounts are silently connected to attacker-controlled devices, granting real-time access to sensitive conversations. This sophisticated phishing method bypasses even the strongest encryption by targeting user behavior rather than exploiting technical vulnerabilities.

While QR codes have become a convenient tool for users, they have also opened new avenues for cyber espionage. The evolving tactics of APT44 emphasize the importance of proactive cybersecurity strategies, especially as QR code phishing continues to rise globally.

Lessons Learned from APT44’s Attacks

  • Messaging Security Isn’t Bulletproof: Even end-to-end encrypted platforms like Signal can be compromised if attackers manipulate users into linking their accounts to malicious devices.
  • Vigilance Is Global: The expansion of APT44’s operations beyond Ukraine highlights that users worldwide—including journalists, activists, and politicians—are increasingly at risk.
  • QR Code Phishing Is Rising: The 40% increase in QR code phishing attacks (CERT-UA, 2024) shows that these techniques are becoming a preferred tool for state-sponsored hackers.
  • High-Value Targets Remain Vulnerable: Journalists, activists, and dissidents continue to be primary targets, echoing tactics seen in other high-profile spyware campaigns like Pegasus.

Best Practices for Long-Term Resilience

Simple yet effective strategies to protect against QR code phishing attacks.

To mitigate risks and strengthen defenses against QR code phishing attacks, individuals and organizations should implement the following measures:

  • Keep apps and systems up to date to patch potential vulnerabilities.
  • Verify the authenticity of QR codes before scanning—especially in messaging platforms.
  • Regularly audit linked devices within apps like Signal to detect unauthorized connections.
  • Follow official cybersecurity alerts from trusted agencies like CISA and CERT-UA for the latest threat updates.

The Broader Lessons: Safeguarding Global Communications

The critical need for user awareness and international cooperation in combating state-sponsored cyber threats.

APT44’s phishing campaigns highlight the fragility of even the most secure communication systems when user trust is exploited. State-sponsored cyber espionage will continue to evolve, focusing on social engineering tactics rather than technical hacks.

  • Education Is Key: Raising awareness about QR code phishing is critical in safeguarding both individual users and organizations.
  • Collaboration Is Crucial: International cooperation between governments, tech companies, and cybersecurity agencies is essential to build more resilient defenses.
  • Technical Safeguards Matter: Enhanced security features—such as device linking verifications and multi-factor authentication—can help prevent unauthorized access.

As cybercriminal tactics grow more sophisticated, vigilance, education, and proactive security strategies remain the strongest lines of defense against global cyber threats.

International Efforts & Strategic Insights to Counter APT44’s QR Code Phishing

How governments and tech companies are collaborating to neutralize global phishing threats.

As APT44’s cyber campaigns expand globally, the response from governmental agencies, tech companies, and cybersecurity bodies has intensified. The evolution of APT44’s tactics—from traditional malware attacks like NotPetya to advanced QR code phishing—has highlighted the urgent need for collaborative defense strategies and strengthened cybersecurity protocols.

Consistent Evolution of APT44’s Tactics

APT44’s shift from malware to social engineering: What cybersecurity teams need to know.

APT44 has demonstrated its ability to adapt and diversify its attack strategies over time, continually evolving to exploit emerging vulnerabilities:

  • From Malware to Social Engineering: Transitioning from large-scale malware like the NotPetya variant to more targeted QR code phishing and supply chain exploits.
  • Infrastructure Disruption: APT44 has prioritized attacks on critical infrastructures, including energy grids and water supplies, causing widespread disruptions.
  • Global Expansion in 2025: Initially focused on Ukrainian targets, the group has broadened its reach, now actively targeting users across Europe and North America.

International Countermeasures Against QR Code Phishing

The global response to APT44’s expanding cyber campaigns and what’s being done to stop them.

Recognizing the growing threat of APT44’s cyber campaigns, both government bodies and tech companies have stepped up efforts to contain the spread and impact of these attacks.

Collaborative Countermeasures

  • Google & Messaging Platforms: Tech companies like Google are partnering with messaging platforms (e.g., Signal) to detect phishing campaigns early and eliminate platform vulnerabilities exploited by malicious QR codes.
  • CERT-UA & Global Cybersecurity Agencies: Agencies such as CERT-UA are actively sharing real-time threat intelligence with international partners, creating a united front against evolving APT44 tactics.

Policy Updates & User Protections

  • Signal’s Enhanced Security Protocols: In response to these breaches, Signal has rolled out stricter device-linking protocols and strengthened two-factor authentication to prevent unauthorized account access.
  • Awareness Campaigns: Government and private organizations have launched global initiatives aimed at educating users about the risks of scanning unverified QR codes, promoting cyber hygiene and encouraging regular device audits.

Proactive Strategies for Users & Organizations

Empowering individuals and companies to defend against APT44’s evolving phishing tactics.

Building resilience against APT44’s phishing attacks requires both policy-level changes and individual user awareness:

  • Always verify the authenticity of QR codes before scanning.
  • Regularly audit linked devices in messaging platforms to identify unauthorized connections.
  • Stay informed through official alerts from cybersecurity bodies like CERT-UA and CISA.
  • Encourage education and awareness on evolving phishing tactics among both end-users and organizations.

The Bigger Picture: A Global Call for Cyber Resilience

Why international collaboration is key to protecting digital infrastructures worldwide.

APT44’s ability to consistently evolve and scale its operations from regional conflicts to global cyber campaigns underlines the importance of international cooperation in cybersecurity. By working together, governments, tech companies, and users can build a stronger defense against increasingly sophisticated state-sponsored attacks.

As cyber threats continue to adapt, only a coordinated and proactive approach can ensure the integrity of critical systems and protect the privacy of global communications.

Proactive Cybersecurity Measures Against QR Code Phishing

Techniques and tools to detect and block advanced QR code phishing attacks.

In response to APT44’s phishing techniques Digital Security, it is crucial to educate users about the risks of scanning unsolicited QR codes. Enforcing security protocols can mitigate potential breaches, and implementing cutting-edge technology to detect and block phishing attempts is more crucial than ever.

To stay protected from APT44 QR Code Phishing attacks:

  • Scrutinize QR Codes Before Scanning
  • Update Messaging Apps Regularly
  • Monitor Linked Devices
  • Use QR Code Scanners with Threat Detection

🆔 Protecting Against Identity Theft with DataShielder NFC HSM Auth

How Freemindtronic’s DataShielder protects users from phishing attacks and identity theft.

Phishing attacks often aim to steal user identities to bypass security systems. DataShielder NFC HSM Auth enhances security by providing robust identity verification, ensuring that even if attackers gain access to messaging platforms, they cannot impersonate legitimate users.

Its AES-256 CBC encryption and unique NFC-based authentication block unauthorized access, even during advanced phishing attempts like APT44’s QR code scams.

🔗 Learn more about DataShielder NFC HSM Auth and how it combats identity theft

Stopping Cyber Espionage Before It Starts with DataShielder NFC HSM & DataShielder HSM PGP

The role of hardware-based encryption in preventing cyber espionage.

With DataShielder NFC HSM, even if attackers successfully link your Signal account through QR code phishing, your messages remain encrypted and unreadable. Only the hardware-stored key can decrypt the data, ensuring absolute privacy—even during a breach.

Cyber espionage techniques, such as QR code phishing used by groups like APT44, expose serious vulnerabilities in secure messaging platforms like Signal. Even when sophisticated attacks succeed in breaching a device, the use of advanced encryption solutions like DataShielder NFC HSM and DataShielder HSM PGP can prevent unauthorized access to sensitive data.

💡 Why Use DataShielder for Messaging Encryption?

  • End-to-End Hardware-Based Encryption: DataShielder NFC HSM and HSM PGP employ AES-256 CBC encryption combined with RSA 4096-bit key sharing, ensuring that messages remain unreadable even if the device is compromised.
  • Protection Against Advanced Threats: Since encryption keys are stored offline within the NFC HSM hardware and never leave the device, attackers cannot extract them—even if they gain full control over the messaging app.
  • Independent of Device Security: Unlike software-based solutions, DataShielder operates independently of the host device’s security. This means even if Signal or another messaging app is compromised, the attacker cannot decrypt your messages without physical access to the DataShielder module.
  • Offline Operation for Ultimate Privacy: DataShielder works without an internet connection or external servers, reducing exposure to remote hacking attempts and ensuring complete data isolation.
  • PGP Integration for Enhanced Security: The DataShielder HSM PGP browser extension enables PGP encryption for emails and messaging platforms, allowing users to protect communications beyond Signal, including Gmail, Outlook, and other web-based services.

🔒 How DataShielder Counters QR Code Phishing Attacks

QR code phishing attacks often trick users into linking their accounts to malicious devices. However, with DataShielder NFC HSM, even if a phishing attempt is successful in gaining access to the app, the contents of encrypted messages remain inaccessible without the physical NFC HSM key. This ensures that:

  • Messages remain encrypted even if Signal is hijacked.
  • Attackers cannot decrypt historical or future communications without the hardware key.
  • Real-time encryption and decryption occur securely within the DataShielder module, not on the vulnerable device.

💬 Protecting More Than Just Signal

Expanding DataShielder’s protection to email, cloud storage, and instant messaging platforms.

While this article focuses on Signal, DataShielder NFC HSM and DataShielder HSM PGP support encryption across various messaging platforms, including:

  • 📱 Signal
  • ✉️ Email services (Gmail, Outlook, ProtonMail, etc.)
  • 💬 Instant messaging apps (WhatsApp, Telegram, etc.)
  • 📂 Cloud services and file transfers

Even If Hacked, Your Messages Stay Private

Unlike standard encryption models where attackers can read messages once they gain account access, DataShielder NFC HSM ensures that only the physical owner of the NFC HSM key can decrypt messages.

🛡️ Zero-Access Security: Even if attackers link your Signal account to their device, they cannot read your messages without the physical NFC HSM.

💾 Hardware-Based Encryption: AES-256 CBC and RSA 4096 ensure that all sensitive data remains locked inside the hardware key.

Post-Attack Resilience: Compromised devices can’t expose past or future conversations without the NFC HSM.

🚀 Strengthen Your Defense Against Advanced ThreatsCyber Threats

Why organizations need hardware-based encryption to protect sensitive data from sophisticated attacks.

In an era where phishing attacks and cyber espionage are increasingly sophisticated, relying solely on application-level security is no longer enough. DataShielder NFC HSM Lite or Master and DataShielder HSM PGP provide an extra layer of defense, ensuring that even if attackers breach the messaging platform, they remain locked out of your sensitive data.

Collaborative Efforts to Thwart APT44’s Attacks

Cybersecurity experts and organizations worldwide are joining forces to prevent QR code phishing:

  • Google Threat Intelligence Group — Continues to track APT44’s evolving tactics. (Google TAG Report)
  • CERT-UA — Provides real-time alerts to Ukrainian organizations. (CERT-UA Alert)
  • Signal Developers — Introduced stricter device-linking protocols in response to these attacks. (Signal Security Update)

Strategies for Combating APT44’s Phishing Attacks

Collaboration among cybersecurity professionals is essential to develop effective defenses against sophisticated threats like those posed by APT44. Sharing knowledge about QR code phishing and other tactics enhances our collective security posture.

The Broader Lessons: Safeguarding Global Communications

The revelations surrounding APT44’s phishing campaigns offer critical lessons on the evolving landscape of state-sponsored cyber espionage:

  • Messaging Security Isn’t Bulletproof: Even end-to-end encrypted platforms like Signal can be compromised through social engineering tactics like QR code phishing.
  • Global Awareness Is Key: Users beyond conflict zones are now prime targets, emphasizing the importance of widespread cybersecurity education.
  • QR Code Phishing on the Rise: The surge in QR code-based scams underscores the need for both user vigilance and technical safeguards.

As cybercriminal tactics evolve, so too must our defenses. Collaborative efforts between tech companies, governments, and end-users are essential to protect global communications.

Additional Resources

📖 Official Reports and Alerts

🔗 Related Freemindtronic Articles

2024, Articles, Digital Security, News

Russian Espionage Hacking Tools Revealed

Posted on by FMTAD
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement
31
Aug
Jacques Gascuel provides an in-depth analysis of Russian espionage hacking tools in the “Digital Security” topic, focusing on their technical details, legal implications, and global cybersecurity impact. Regular updates keep you informed about the evolving threats, defense strategies from companies like Freemindtronic, and their influence on international cybersecurity practices and regulations.

Russian Espionage: How Western Hacking Tools Were Turned Against Their Makers

Russian espionage hacking tools came into focus on August 29, 2024, when operatives linked to the SVR (Foreign Intelligence Service of Russia) adapted and weaponized Western-developed spyware. This espionage campaign specifically targeted Mongolian government officials. The subject explored in this “Digital Security” topic delves into the technical details, methods used, global implications, and strategies nations can implement to detect and protect against such sophisticated threats.

Russian Espionage Hacking Tools: Discovery and Initial Findings

Russian espionage hacking tools were uncovered by Google’s Threat Analysis Group (TAG) on August 29, 2024, during an investigation prompted by unusual activity on Mongolian government websites. These sites had been compromised for several months. Russian hackers, linked to the SVR, embedded sophisticated malware into these sites to target the credentials of government officials, particularly those from the Ministry of Foreign Affairs.

Compromised Websites can be accessed at the Government of Mongolia. It’s recommended to use secure, up-to-date devices when visiting.

Historical Context of Espionage

Espionage has been a fundamental part of statecraft for centuries. The practice dates back to ancient civilizations, with documented use in places like ancient China and Egypt, where it played a vital role in military and political strategies. In modern times, espionage continues to be a key tool for nations to protect their interests, gather intelligence, and navigate the complex web of international relations.

Despite its prevalence, espionage remains largely unregulated by international law. Countries develop or acquire various tools and technologies to conduct espionage, often pushing the boundaries of legality and ethics. This lack of regulation means that espionage is widely accepted, if not officially sanctioned, as a necessary element of national security.

Global Dynamics of Cyber Espionage

In the evolving landscape of cyber espionage, the relationships between nation-states are far from straightforward. While Russia’s Foreign Intelligence Service (SVR) has notoriously employed cyberattacks against Western nations, it’s critical to note that these tactics aren’t limited to clear-cut adversaries. Recently, Chinese Advanced Persistent Threat (APT) groups have targeted Russian systems. This development underscores that cyber espionage transcends traditional geopolitical boundaries, illustrating that even ostensibly neutral or allied nations may engage in sophisticated cyber operations against one another. Even countries that appear neutral or allied on the global stage engage in sophisticated cyber operations against one another. This complexity underscores a broader trend in cyber espionage, where alliances in the physical world do not always translate to cyberspace. Consider splitting complex sentences like this to improve readability: “As a result, this growing web of cyber operations challenges traditional perceptions of global espionage. It compels nations to reassess their understanding of cyber threats, which may come from unexpected directions. Nations must now consider potential cyber threats from all fronts, including those from unexpected quarters.

Recent Developments in Cyber Espionage

Add a transitional sentence before this, such as “In recent months, the landscape of cyber espionage has evolved, with new tactics emerging that underscore the ongoing threat. APT29, known for its persistent cyber operations, has recently weaponized Western-developed spyware tools, turning them against their original creators. This alarming trend exemplifies the adaptive nature of cyber threats. In particular, the group’s activities have exploited new vulnerabilities within the Mongolian government’s digital infrastructure, demonstrating their ongoing commitment to cyber espionage. Moreover, these developments signal a critical need for continuous vigilance and adaptation in cybersecurity measures. As hackers refine their methods, the importance of staying informed about the latest tactics cannot be overstated. This topic brings the most current insights into focus, ensuring that readers understand the immediacy and relevance of these cyber threats in today’s interconnected world.

Who Are the Russian Hackers?

The SVR (Sluzhba Vneshney Razvedki), Russia’s Foreign Intelligence Service, manages intelligence and espionage operations outside Russia. It succeeded the First Chief Directorate (FCD) of the KGB and operates directly under the president’s oversight. For more information, you can visit their official website.

APT29, also known as Cozy Bear, is the group responsible for this operation. With a history of conducting sophisticated cyber espionage campaigns, APT29 has consistently targeted governmental, diplomatic, and security institutions worldwide. Their persistent activities have made APT29 a significant threat to global cybersecurity.

Methodology: How Russian Espionage Hacking Tools Were Deployed

Compromise Procedure:

  1. Initial Breach:
    To begin with, APT29 gained unauthorized access to several official Mongolian government websites between November 2023 and July 2024. The attackers exploited known vulnerabilities that had, unfortunately, remained effective on outdated systems, even though patches were available from major vendors such as Google and Apple. Furthermore, the tools used in these attacks included commercial spyware similar to those developed by companies like NSO Group and Intellexa, which had been adapted and weaponized by Russian operatives.
  2. Embedding Malicious Code:
    Subsequently, after gaining access, the attackers embedded sophisticated JavaScript code into the compromised web pages. In particular, this malicious code was meticulously designed to harvest login credentials, cookies, and other sensitive information from users visiting these sites. Moreover, the tools employed were part of a broader toolkit adapted from commercial surveillance software, which APT29 had repurposed to advance the objectives of Operation Dual Face.
  3. Data Exfiltration:
    Finally, once the data was collected, Russian operatives exfiltrated it to SVR-controlled servers. As a result, they were able to infiltrate email accounts and secure communications of Mongolian government officials. Thus, the exfiltrated data provided valuable intelligence to the SVR, furthering Russia’s geopolitical objectives in the region.

Detecting Russian Espionage Hacking Tools

Effective detection of Russian espionage hacking tools requires vigilance. Governments must constantly monitor their websites for unusual activity. Implement advanced threat detection tools that can identify and block malicious scripts. Regular security audits and vulnerability assessments are essential to protect against these threats.

Enhancing Defense Against Operation Dual Face with Advanced Cybersecurity Tools

In response to sophisticated espionage threats like Operation Dual Face, it is crucial to deploy advanced cybersecurity solutions. Russian operatives have reverse-engineered and adapted elements from Western-developed hacking tools to advance their own cyber espionage goals, making robust defense strategies more necessary than ever. Products like DataShielder NFC HSM Master, PassCypher NFC HSM Master, PassCypher HSM PGP Password Manager, and DataShielder HSM PGP Encryption offer robust defenses against the types of vulnerabilities exploited in this operation.

DataShielder NFC HSM secures communications with AES-256 CBC encryption, preventing unauthorized access to sensitive emails and documents. This level of encryption would have protected the Mongolian government’s communications from interception. PassCypher NFC HSM provides strong defenses against phishing and credential theft, two tactics prominently used in Operation Dual Face. Its automatic URL sandboxing feature protects against phishing attacks, while its NFC HSM integration ensures that even if attackers gain entry, they cannot extract stored credentials without the NFC HSM device.

DataShielder HSM PGP Encryption revolutionizes secure communication for businesses and governmental entities worldwide. Designed for Windows and macOS, this tool operates serverless and without databases, enhancing security and user privacy. It offers seamless encryption directly within web browsers like Chromium and Firefox, making it an indispensable tool in advanced security solutions. With its flexible licensing system, users can choose from various options, including hourly or lifetime licenses, ensuring cost-effective and transient usage on any third-party computer.

Additionally, DataShielder NFC HSM Auth offers a formidable defense against identity fraud and CEO fraud. This device ensures that sensitive communications, especially in high-risk environments, remain secure and tamper-proof. It is particularly effective in preventing unauthorized wire transfers and protecting against Business Email Compromise (BEC).

These tools provide advanced encryption and authentication features that directly address the weaknesses exploited in Operation Dual Face. By integrating them into their cybersecurity strategies, nations can significantly reduce the risk of falling victim to similar cyber espionage campaigns in the future.

Global Reactions to Russian Espionage Hacking Tools

Russia’s espionage activities, particularly their use of Western hacking tools, have sparked significant diplomatic tensions. Mongolia, backed by several allied nations, called for an international inquiry into the breach. Online forums and cybersecurity communities have actively discussed the implications. Many experts emphasize the urgent need for improved global cyber norms and cooperative defense strategies to combat Russian espionage hacking tools.

Global Strategy of Russian Cyber Espionage

Russian espionage hacking tools, prominently featured in the operation against Mongolia, are part of a broader global strategy. The SVR, leveraging the APT29 group (also known as Cozy Bear), has conducted cyber espionage campaigns across multiple countries, including North America and Europe. These campaigns often target key sectors, with industries like biotechnology frequently under threat. When mentioning specific industries, ensure accurate references based on the most recent data or reports. If this is speculative or generalized, it may be appropriate to state, “…and key industries, including, but not limited to, biotechnology.”

The Historical Context of Espionage

Espionage is a practice as old as nations themselves. Countries worldwide have relied on it for centuries. The first documented use of espionage dates back to ancient civilizations, where it played a vital role in statecraft, particularly in ancient China and Egypt. In modern times, nations continue to employ espionage to safeguard their interests. Despite its widespread use, espionage remains largely unregulated by international law. Like many other nations, Russia develops or acquires espionage tools as part of its strategy to protect and advance its national interests.

Mongolia’s Geopolitical Significance

Mongolia’s geopolitical importance, particularly its position between Russia and China, likely made it a target for espionage. The SVR probably sought to gather intelligence not only on Mongolia but also on its interactions with Western nations. This broader strategy aligns with Russia’s ongoing efforts to extend its geopolitical influence through cyber means.

The Need for International Cooperation

The persistence of these operations, combined with the sophisticated methods employed, underscores the critical need for international cooperation in cybersecurity. As espionage remains a common and historically accepted practice among nations, the development and use of these tools are integral to national security strategies globally. However, the potential risks associated with their misuse emphasize the importance of vigilance and robust cybersecurity measures.

Global Reach of Russian Espionage Hacking Tools

In the evolving landscape of modern cyber espionage, Russian hacking tools have increasingly gained significant attention. Specifically, while Mongolia was targeted in the operation uncovered on August 29, 2024, it is important to recognize that this activity forms part of a broader, more concerning pattern. To confirm these findings, it is essential to reference authoritative reports and articles. For instance, according to detailed accounts by the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), the SVR, acting through APT29 (Cozy Bear), has executed cyber espionage campaigns across multiple countries. These reports highlight the SVR’s extensive involvement in global cyber espionage, which significantly reinforces the credibility of these claims. Moreover, these operations frequently target governmental institutions, critical infrastructure, and key industries, such as biotechnology.

Given Mongolia’s strategic location between Russia and China, it was likely selected as a target for specific reasons. The SVR may have aimed to gather intelligence on Mongolia’s diplomatic relations, especially its interactions with Western nations. This broader strategy aligns closely with Russia’s ongoing efforts to extend its geopolitical influence through cyber means.

The sophistication and persistence of these operations clearly underscore the urgent need for international cooperation in cybersecurity. As nations continue to develop and deploy these tools, the global community must, therefore, remain vigilant and proactive in addressing the formidable challenges posed by cyber espionage.

Historical Context and Comparative Analysis

Historical Precedents
Russia’s use of reverse-engineered spyware mirrors previous incidents involving Chinese state-sponsored actors who adapted Western tools for cyber espionage. This pattern highlights the growing challenge of controlling the spread and misuse of advanced cyber tools in international espionage. Addressing these challenges requires coordinated global responses.

Future Implications and Predictions

Long-Term Impact
The proliferation of surveillance technologies continues to pose a significant threat to global cybersecurity. Nations must urgently collaborate to establish robust international agreements. These agreements will govern the sale, distribution, and use of such tools. Doing so will help prevent their misuse by hostile states.

Visual and Interactive Elements

Operation Dual Face: Timeline and Attack Flow

Timeline:
This visual representation spans from November 2023, marking the initial breach, to the discovery of the cyberattack in August 2024. The timeline highlights the critical stages of the operation, showcasing the progression and impact of the attack.

Attack Flow:
The flowchart details the attackers’ steps, showing the process from exploiting vulnerabilities, embedding malicious code, to exfiltrating data.

Global Impact:
A map (if applicable) displays the geographical spread of APT29’s activities, highlighting other nations potentially affected by similar tactics.

A detailed timeline illustrating the stages of the Operation Dual Face cyberattack, from the initial breach in November 2023 to the discovery in August 2024.
The timeline of Operation Dual Face showcases the critical stages from the initial breach to the discovery of the cyberattack, highlighting the progression and impact of the attack.

Moving Forward

The Russian adaptation and deployment of Western-developed spyware in Operation Dual Face underscore the significant risks posed by the uncontrolled proliferation of cyber-surveillance tools. The urgent need for international collaboration is clear. Establishing ethical guidelines and strict controls is essential, especially as these technologies continue to evolve and pose new threats.

For further insights on the spyware tools involved, please refer to the detailed articles:

2023, Articles, DataShielder, Digital Security, EviCore NFC HSM Technology, EviCypher NFC HSM, EviCypher Technology, NFC HSM technology

FormBook Malware: How to Protect Your Gmail and Other Data

Posted on by FMTAD
FormBook Malware: how to protect your gmail and other data
23
Nov
Protect your Gmail Account FormBook malware – Jacques Gascuel: This article will be updated with any new information on the topic.

Secure Your Gmail from FormBook Attacks

FormBook is a malware that can steal your Gmail credentials, messages, and attachments. Learn how to use the Freemindtronic devices to encrypt your Gmail data and use passwordless and 2FA.

How to Protect Your Gmail Account from FormBook Malware

Introduction

Imagine that you receive an email from your bank, asking you to confirm your identity by clicking on a link. You open the link, and you find yourself on a page that looks like your bank’s website, but it is actually a fake. You enter your credentials, and you think you are done. But in reality, you have just given access to your bank account to hackers, who will use it to steal your money, or worse. This is what FormBook can do, a malware that can steal your sensitive data, and that Google cannot stop. In this article, we will explain what FormBook is, how it works, and how to protect yourself from this malware.

What is FormBook and why is it a threat?

FormBook is a malware that can record your keystrokes, take screenshots, and steal your passwords, cookies, and clipboard data. It can also download and execute other malicious files on your device.

FormBook is distributed through phishing emails that contain malicious attachments. These attachments are usually disguised as invoices, receipts, or shipping confirmations. When you open them, they ask you to enable macros or content. If you do, the malware will be installed on your device.

FormBook can target any web browser, but it has a special feature for Chrome. It can inject a fake Gmail login page into your browser, and trick you into entering your credentials. The malware will then send your Gmail username and password to a remote server controlled by the hackers.

FormBook is a threat because it can compromise your Gmail account and access your personal and professional information. It can also use your Gmail account to send spam or phishing emails to your contacts, or to access other online services that are linked to your Gmail account, such as Google Drive, Google Photos, or Google Pay.

How to protect yourself from FormBook?

Google has not yet found a way to detect and block FormBook. Therefore, you need to be extra careful when you use Gmail and other online services. Here are some tips to protect yourself from FormBook and other malware:

  • Do not open or download attachments from unknown or suspicious senders. If you are not sure about the legitimacy of an email, contact the sender directly or check the official website of the company or organization.
  • Do not enable macros or content in any document unless you trust the source. Macros are small programs that can run malicious code on your device.
  • Use a strong and unique password for your Gmail account and other online accounts. Do not reuse the same password for different services. Change your password regularly and use a password manager to store and generate your passwords.
  • Enable two-factor authentication (2FA) for your Gmail account and other online accounts. 2FA adds an extra layer of security by requiring a code or a device confirmation in addition to your password.
  • Use a reputable antivirus software and keep it updated. Antivirus software can scan your device for malware and remove it. You can also use a browser extension that can block malicious websites and pop-ups.

How to encrypt your Gmail messages and attachments with DataShielder NFC HSM

DataShielder NFC HSM is a device that allows you to encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021.

With DataShielder NFC HSM, you can encrypt and decrypt your data with AES-256 keys that are randomly generated and stored in the NFC HSM. You can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM. You can also use different keys for the message and the attachment.

To encrypt your Gmail message and attachment, you need to use the EviCrypt and EviFile applications that are embedded in the DataShielder NFC HSM. These applications allow you to encrypt and decrypt your data with a simple tap of your NFC phone on the DataShielder NFC HSM. You can also share your encrypted data with other users who have the same device and the same key.

By using DataShielder NFC HSM, you can protect your Gmail messages and attachments from FormBook or any other malware that can access your Gmail account. Even if your Gmail account is hacked, your encrypted data will remain encrypted and unreadable by the hackers. Only you and the authorized recipients can decrypt your data with the DataShielder NFC HSM.

How to protect your web Gmail account with passwordless and 2FA using PassCypher NFC HSM

Do you want to manage your web accounts with complicated and complex passwords that you do not need to know, remember, or type? If yes, then you should try PassCypher NFC HSM. This device uses the EviPass NFC HSM technology, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021.

With PassCypher NFC HSM, you can create and store your usernames and passwords of more than 256-bit in the NFC HSM. Moreover, you can store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

To use PassCypher NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass and EviOTP applications that are embedded in the PassCypher NFC HSM. These applications allow you to create, edit, and delete your web accounts and OTP secret keys with a simple tap of your NFC phone on the PassCypher NFC HSM.

By using PassCypher NFC HSM, you can secure your web accounts with passwordless and 2FA. You do not need to display, know, or type your username and password. You just need to tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your web account. You also do not need to check for a typosquatting attack, since the extension will verify the URL of the website before logging in. And you do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

How to protect your Gmail account from FormBook with PassCypher NFC HSM

FormBook is a dangerous malware that can access your Gmail account and other sensitive data. Google has not yet found a solution to stop it. Therefore, you need to be vigilant and follow the best practices to protect yourself from cyberattacks. One of them is to use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA.

By using PassCypher NFC HSM, you can protect your Gmail account from FormBook or any other malware that can access your web browser. Even if your web browser is hacked, your usernames and passwords will remain encrypted and inaccessible by the hackers. Only you can decrypt your Gmail account with the PassCypher NFC HSM. And even if the hackers manage to steal your session cookies, they will not be able to log in to your Gmail account without the 2FA code that is generated by the PassCypher NFC HSM.

To use PassCypher NFC HSM with your Gmail account, you need to follow these steps:

  • Create a Gmail account in the EviPass application on the PassCypher NFC HSM. You can use the default username and password, or you can generate a random and complex password with the EviPass application.
  • Enable 2FA for your Gmail account on the Google website.
  • Choose the option to use an authenticator app, and scan the QR code with the EviOTP application on the PassCypher NFC HSM. This will store your OTP secret key in the NFC HSM.
  • Log in to your Gmail account with the Freemindtronic extension on your web browser. Tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your Gmail account. You will also see a pop-up window with the 2FA code that you need to enter on the Google website.

By following these steps, you can use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA. You can also use PassCypher NFC HSM with other web accounts that support 2FA, such as Facebook, Twitter, or Amazon. This way, you can protect yourself from FormBook and other malware that can access your web browser.

Recent statistics on FormBook

FormBook is a malware that was first discovered in 2016, but it remains very active and dangerous. According to the Check Point report on cybersecurity in 2022, FormBook was the third most widespread malware in 2021, attacking 5% of enterprise networks. It was also the most prolific infostealer malware, accounting for 16% of attacks worldwide.

FormBook spreads mainly through phishing emails that contain malicious attachments. These attachments are often RAR self-extracting archives, which are compressed files that can run malicious code when opened. The RAR files contain a legitimate document, such as a PDF or a Word file, and a hidden executable file, which is the FormBook malware. When the user opens the RAR file, the document is displayed, but the malware is also installed in the background.

FormBook can also spread through other methods, such as drive-by downloads, malicious links, or removable media. The malware can infect any Windows device, from Windows XP to Windows 10. The malware can also evade detection and removal by using various techniques, such as encryption, obfuscation, or anti-analysis.

Here are some recent statistics on FormBook, based on the data from Check Point and ANY.RUN:

  • FormBook was the most popular malware in August 2021, affecting 4.5% of organizations worldwide, followed by Trickbot and Agent Tesla, affecting respectively 4% and 3% of organizations worldwide.
  • FormBook was the fourth most common malware in 2020, according to the ranking of malware families by ANY.RUN. It accounted for 8% of the samples analyzed by the online sandboxing service.
  • FormBook was used in many phishing campaigns targeting various industries, such as defense, aerospace, health, education, finance, retail, etc. It was also used to attack Ukrainian targets during the war between Russia and Ukraine in 2022.
  • FormBook has a successor called XLoader, which appeared in 2020 and which is able to infect macOS users. XLoader is sold on the dark web for $59 for a Windows license and $49 for a macOS license.

Danger level of FormBook compared to other malware

FormBook is a very dangerous malware, because it can steal sensitive information, such as credentials, passwords, credit card numbers, 2FA codes, etc. It can also download and execute other malware, such as ransomware, banking trojans, spyware, etc. It can also remotely control the infected device and perform various malicious actions, such as deleting browser cookies, taking screenshots, restarting or shutting down the system, etc.

FormBook is also hard to detect and remove, because it uses advanced evasion techniques, such as code injection, string obfuscation, data encryption, anti-analysis, etc. It also changes frequently its name, path, and file extension, and uses random Windows registry keys to maintain its persistence.

To compare the danger level of FormBook with other known malware in its category, we can use the following criteria:

  • The number of organizations affected worldwide
  • The type and amount of information stolen
  • The ability to download and execute other malware
  • The ability to remotely control the infected device
  • The evasion techniques used
  • The ease of detection and removal

Here is a table that compares FormBook with other popular infostealer malware, such as Trickbot, Agent Tesla, LokiBot, and Raccoon:

MalwareNumber of organizations affectedType and amount of information stolenAbility to download and execute other malwareAbility to remotely control the infected deviceEvasion techniques usedEase of detection and removal
FormBook4.5% in August 2021Credentials, passwords, credit card numbers, 2FA codes, screenshots, keystrokes, etc.YesYesCode injection, string obfuscation, data encryption, anti-analysis, etc.Hard
Trickbot4% in August 2021Credentials, passwords, banking information, personal data, etc.YesYesCode injection, string obfuscation, data encryption, anti-analysis, etc.Hard
Agent Tesla3% in August 2021Credentials, passwords, banking information, personal data, screenshots, keystrokes, etc.NoYesString obfuscation, data encryption, anti-analysis, etc.Medium
LokiBot1.5% in August 2021Credentials, passwords, banking information, personal data, etc.NoYesString obfuscation, data encryption, anti-analysis, etc.Medium
Raccoon0.8% in August 2021Credentials, passwords, banking information, personal data, etc.NoYesString obfuscation, data encryption, anti-analysis, etc.Medium

From this table, we can see that FormBook is the most dangerous infostealer malware, because it affects the most organizations, steals the most types of information, and can download and execute other malware. It is also the hardest to detect and remove, because it uses more evasion techniques than the other malware.

Forms of attacks of FormBook

FormBook can be delivered through different forms of attacks, depending on the delivery mechanism chosen by the malicious actor. Here are some forms of attacks of FormBook:

  • Phishing: FormBook can be sent by email as a malicious attachment, such as a Word, Excel, PDF, or ZIP or RAR file. The email can have a misleading subject, such as an invoice, a receipt, a contract, a job offer, etc. When the user opens the attachment, the malware runs and infects the device.
  • Exploitation of vulnerabilities: FormBook can exploit vulnerabilities in popular software, such as Microsoft Office, Windows, Adobe Reader, etc. For example, FormBook used the vulnerability CVE-2017-8570 in Microsoft Office to run malicious code from a RTF file. FormBook also used the vulnerability CVE-2021-40444 in Microsoft MSHTML to run malicious code from a CAB file.
  • Drive-by downloads: FormBook can be downloaded without the user’s knowledge when they visit a compromised or malicious website. The website can use a script or an exploit kit to trigger the download and execution of the malware on the user’s device.
  • Removable media: FormBook can be copied to removable media, such as USB drives, external hard drives, memory cards, etc. When the user connects the removable media to their device, the malware runs automatically and infects the device.
  • Social media: FormBook can be spread by messages or posts on social media, such as Facebook, Twitter, Instagram, etc. These messages or posts can contain links or images that redirect to malicious websites or infected files. When the user clicks on the link or image, the malware is downloaded and executed on their device.

Here is a type of formbook malware attacks image:

Type of Formbook MalwareAttacks

How PassCypher NFC HSM and DataShielder NFC HSM can protect you from FormBook attacks

PassCypher NFC HSM and DataShielder NFC HSM are two devices that use the EviPass NFC HSM technology from Freemindtronic, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021. These devices can help you protect your web accounts and your Gmail messages and attachments from FormBook attacks, by using passwordless, 2FA, and encryption.

PassCypher NFC HSM can create and store your usernames and passwords of more than 256-bit in the NFC HSM. It can also store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

DataShielder NFC HSM can encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021. It can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM.

To use PassCypher NFC HSM and DataShielder NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass, EviOTP, EviCrypt, and EviFile applications that are embedded in the PassCypher NFC HSM and DataShielder NFC HSM. These applications allow you to create, edit, delete, encrypt, and decrypt your web accounts, OTP secret keys, messages, and attachments with a simple tap of your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM.

By using PassCypher NFC HSM and DataShielder NFC HSM, you can secure your web accounts and your Gmail messages and attachments with passwordless, 2FA, and encryption. You do not need to display, know, or type your username, password, or encryption key. You just need to tap your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM and the extension will autofill, auto login, encrypt, or decrypt your web account, message, or attachment. You also do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

Here is a table that shows how PassCypher NFC HSM and DataShielder NFC HSM can protect you from different FormBook attack vectors, such as keylogger, password stealer, file transfer, screenshot, etc. I used a check mark or a cross mark to show visually what PassCypher NFC HSM and DataShielder NFC HSM protect.

 

FormBookPassCypherDataShielder
Keylogger✔️✔️
Password stealer✔️✔️
File transfer✔️
Screenshot✔️✔️
Remote control
Phishing✔️✔️
Exploit kit
Drive-by download
Removable media✔️
Social media

This table shows that PassCypher NFC HSM and DataShielder NFC HSM can protect your web accounts from FormBook’s keylogger, password stealer, and phishing, by using passwordless and 2FA. They can also protect your Gmail messages and attachments from FormBook’s file transfer and screenshot, by using encryption and decryption. DataShielder NFC HSM can also protect your data stored in computers or removable media, by using encryption and decryption. However, neither device can protect your device from FormBook’s remote control, exploit kit, drive-by download, or unsecured social media, which can compromise your system and your data. Therefore, you should also use an antivirus software and a firewall to prevent FormBook from accessing your device.

Articles, Digital Security

What is Juice Jacking and How to Avoid It?

Posted on by FMTAD
what is juice jacking and how to avoid it
06
May

Juice Jacking by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

How to protect yourself from Juice Jacking”

Do you often use public USB chargers to recharge your smartphone or tablet? If so, you may be exposing your device to a cyberattack called Juice Jacking. In this article, we will explain what Juice Jacking is and how to protect yourself from it.

Juice Jacking: How to Avoid This Cyberattack

Do you often use public USB chargers to recharge your smartphone or tablet? If so, you may be exposing your device to a cyberattack called Juice Jacking. This is a type of attack that can steal your data or infect your device when you use a public USB charger. In this article, we will explain what Juice Jacking is and how to protect yourself from it.

What is Juice Jacking?

Juice Jacking is an attack that hackers can perform. They put malware on the public charger’s USB port. When you plug your device into the charger, the malware can access your data or infect your device.

Juice Jacking can take two forms:

  • Data theft: the malware can copy your contacts, photos, messages, passwords or any other sensitive information stored on your device.
  • Malware installation: the malware can install a program that will do malicious things to your device.

The Lack of Awareness and Protection of Juice Jacking Among Users Worldwide

One of the reasons why juice jacking is a serious threat is that many people are unaware of it or do not take precautions when using public USB ports. According to a 2019 study by the University of Illinois at Urbana-Champaign, 64% of Americans use public USB ports to charge their devices, and 15% of them do not know what juice jacking is. The study also found that only 8% of the participants used a USB data blocker or a power-only cable to protect their devices from potential attacks. A similar situation exists in other countries, such as the United Kingdom and Australia. A 2020 study by Comparitech surveyed more than 2,000 people in the UK and found that 45% of them used public USB ports to charge their devices, and 50% of them had never heard of juice jacking. A 2019 study by Finder analyzed the behavior of more than 1,000 people in Australia and found that 41% of them used public USB ports at least once a month, and 21% of them did not know what juice jacking was. These studies show that there is a need for more education and awareness on the risks and prevention of juice jacking.

How to prevent Juice Jacking?

To prevent Juice Jacking, don’t use public USB chargers. Instead, you can use your own charger or a portable battery. However, if you have no choice but to use a public charger, you can take some precautions:

  • Use a USB data blocker. This is a device that blocks the data transfer between the charger and your device. It only allows the power to pass through.
  • Turn off your device before plugging it into the charger. This may reduce the risk of data theft or infection.
  • Use a VPN app on your device. This can encrypt your data and make it harder for hackers to access it.

How to protect yourself from Juice Jacking with EviCore NFC HSM and EviCypher Technology

Juice Jacking is a cyberattack that steals or modifies your data through malicious USB chargers. You need a secure and portable encryption solution to protect yourself from this threat. EviCore NFC HSM and EviCypher technology can help you.

EviCore NFC HSM is a contactless hardware security module (HSM). It stores your sensitive data and protects it with configurable multi-factor authentication. You can access your data with your smartphone via NFC (Near Field Communication).

EviCypher is a hardware encryption device that works with EviCore NFC HSM. It encrypts and decrypts your documents, emails and messages with your smartphone. You can use it with any messaging service and enjoy an advanced electronic signature system.

With EviCore NFC HSM and EviCypher, you can avoid hackers who use malicious USB chargers. Your data are safe and secure offline, without any server or database. To learn more about this innovative technology, visit the website EviCore NFC HSM by Freemindtronic.

EviCore NFC HSM and EviCypher are products and services from Freemindtronic. Freemindtronic is a company specialized in NFC security solutions. It offers the best encryption products on the market.

A more technical explanation by ethical hackers

The Juice Jacking is a cyberattack that exploits the vulnerability of the USB ports that are used for both charging and data transfer. Ethical hackers, who are security professionals who use their skills for good, have demonstrated how this attack works and how to prevent it.

One of the first demonstrations of Juice Jacking was made by researchers from the University of Michigan in 2011 at the DEF CON hacker convention. They set up an informative kiosk on Juice Jacking to raise awareness among visitors about the danger of plugging their devices into public charging stations. When a visitor plugged in their phone, the screen turned red and displayed a warning message: “You should not trust public kiosks with your smart phoneYou should not trust public kiosks with your smart phoneYou should not trust public kiosks with your smart phone”.

The researchers also showed how malicious actors could use the kiosk to steal data, track devices, or compromise them. They also provided information on how to compromise charging kiosks.

Another demonstration was made by security researchersecurity researcher Kyle Osborn in 2012. He published an attack framework called P2P-ADB that uses a USB On-The-Go cable to connect an attacker’s phone to a victim’s device. The framework includes examples and proofs of concept that would allow hackers to unlock locked phones, steal data from a phone, including authentication keys that would allow the attacker to access the owner’s Google account.

In 2013, security researchers from Georgia Tech published a proof of concept of a malicious tool called Mactans that uses the USB charging port of an Apple mobile device. They used low-cost hardware components to build a small malicious wall charger that can inject malware into an iPhone running

In 2014, security researchers Karsten Nohl and Jakob Lell from srlabs published their research on the BadUSB attack at the Black Hat USA conference . They showed how hackers can reprogram USB devices such as flash drives or cables to act as keyboards or network cards and send commands or data to a connected device.

These demonstrations show how Juice Jacking can be performed by skilled hackers who have access to the USB ports or cables in public places. They also show how users can protect themselves by using their own chargers or batteries, using data blockers, turning off their devices, or using VPN apps.

Some examples and testimonials

Juice Jacking is a serious threat for users of public USB chargers. It can compromise your data and your device’s security. Here are some examples and testimonials that illustrate the risks of Juice Jacking:

  • In 2011, at the DEF CON hacker convention, an informative kiosk on Juice Jacking was set up to raise awareness among visitors about the danger of plugging their devices into public charging stations . When a visitor plugged in their phone, the screen turned red and displayed a warning message: “You should not trust public kiosks with your smart phone” .
  • In 2013, security researchers from Georgia Tech presented a proof of concept of a malicious wall charger that could inject malware into an iPhone running the latest version of iOS while it was being charged. The malware bypasses all the built-in security measures in iOS and hides itself in the same way that Apple hides background processes in iOS .
  • In 2019, the Los Angeles County District Attorney warned travelers about Juice Jacking in airports. He advised travelers to use electrical outlets rather than USB ports to charge their devices.
  • In 2020, a French journalist testified that she was a victim of Juice Jacking during a trip to India. She said that her phone was infected by malware after plugging it into a USB port in a hotel. The malware sent her messages asking her to pay a ransom to get her data back.

To illustrate the phenomenon of Juice Jacking further, you can also check out these videos:

  • A video explanation from ZDNet that presents Juice Jacking and its consequences.
  • A video demonstration from ETX Studio that shows how to protect yourself from Juice Jacking with a USB data blocker.
  • A video information from Slate that explains why you should not be afraid of Juice Jacking and how it is unlikely to happen.

Some scientific and statistical sources

Juice Jacking is a topic that interests security researchers and public authorities. Here are some scientific and statistical sources that address Juice Jacking:

  • An academic paper published in 2011 by researchers from the University of Michigan that analyzes the risks associated with using public USB ports and proposes solutions to reduce them.
  • A technical report published in 2014 by researchers from Johns Hopkins University that describes a method to detect and prevent Juice Jacking on Android devices.
  • A study conducted in 2017 by Kaspersky Lab that reveals that 25% of French users have already used a public USB charger and that 12% of them have already suffered a loss or theft of data as a result of such use.

Conclusion

Juice Jacking is a cyberattack that targets users of public USB chargers. It can compromise your data and your device’s security. To avoid it, you should use your own charger or battery whenever possible. If you have to use a public charger, you should use a USB data blocker, turn off your device, or use a VPN app.

We hope this article helped you understand what Juice Jacking is and how to protect yourself from it.

Articles, Phishing

Protect Your Data from AMOS Malware

Posted on by FMTAD
AMOS malware protection with Keepser NFC Cold Xallet
04
May


AMOS Malware Protection by Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Related topic : CryptBot malware

Protect Your Mac from AMOS Malware

Are you worried about the threat of AMOS malware on your Mac? Keep your data safe with Keepser Cold Wallet. Learn how this technology can protect your sensitive information from this dangerous malware.

Courtroom scene with a judge's gavel and legal documents on a wooden desk in the foreground, symbolizing a ruling on IT liability. A screen in the background displays a ransomware warning, emphasizing the case's digital focus.

2025 Cyberculture Legal information

French IT Liability Case: A Landmark in IT Accountability
January 22, 2025
PassCypher HSM PGP password manager software box and laptop displaying web browser interface

2025 PassCypher Password Products Technical News

Passwordless Password Manager: Secure, One-Click Simplicity to Redefine Access
January 8, 2025
Laptop and smartphone displaying 2FA MFA security features with OATH initiative, key management solutions for 2024.

2024 Articles Technical News

Best 2FA MFA Solutions for 2024: Focus on TOTP & HOTP
October 8, 2024
Flags of France and the European Union on a white background representing ANSSI cryptography authorization

2024 Articles Cyberculture Legal information

ANSSI Cryptography Authorization: Complete Declaration Guide
October 7, 2024
laptop displaying Microsoft Uninstallable Recall feature, highlighting TPM-secured data and uninstall option, with a user's hand interacting, on a white background.

2024 Articles Technical News

New Microsoft Uninstallable Recall: Enhanced Security at Its Core
October 3, 2024
Ultra-realistic image illustrating Andorra's shared EAN code with Spain, featuring a barcode starting with 84 and a map connecting Andorra and Spain.

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code
September 9, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Balance scale showing the balance between privacy and law enforcement in EU regulation of end-to-end encrypted messaging.

2024 Articles Cyberculture legal Legal information News

End-to-End Messaging Encryption Regulation – A European Issue
June 10, 2024

AMOS Malware Protection with Keepser Cold Wallet

The Threat of AMOS Malware on macOS

AMOS malware is a growing threat to macOS users. Hackers are marketing a new malware for the macOS operating system. Named Atomic Macos Stealer or AMOS, this malicious software is designed to steal user data for $1,000 per month. It extracts passwords from the keychain, steals files on disks, cookies, as well as cards and identification information stored in the browser and tries to extract data from 50 different cryptocurrency wallets. Buyers also benefit from a complete web dashboard to brute force MetaMask.

How AMOS Malware Works

AMOS is capable of accessing iCloud keychain passwords, system information, files from the desktop and documents folder, as well as the Mac password. It is able to infiltrate applications such as Chrome and Firefox and extract autofill information, passwords, cookies, wallets and credit card information. Cryptocurrency wallets such as Electrum, Binance and Atomic are specific targets.

The malware is being propagated using an unsigned disk image file called Setup.dmg. Once executed, the file prompts the victim to enter their system password on a bogus prompt. This allows the malware to escalate privileges and carry out its malicious activities. This technique is similar to that used by other macOS malware, such as MacStealer.

How to Protect Against AMOS Malware

The increase in the deployment of macOS stealer malware by non-state actors highlights the need for users to be cautious when downloading and installing software. The cybersecurity industry recommends that users only download and install software from trustworthy sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via email or SMS messages.

The Solution: Keepser Cold Wallet with EviVault Technology

However, there is a solution to protect your sensitive data against AMOS malware. For only €387, you can purchase two NFC Cold Wallet Keepser from Keepser Group with EviVault technology from Freemindtronic SL. These wallets allow you to store offline and physically externalized from macOS and/or PC computers the private keys and/or seed phrases of cryptocurrency wallets as well as identifier and password pairs. Thus, it will simply be impossible to extract sensitive data from a computer that is not physically present in these computers, even for this AMOS malware.

By using EviVault NFC Cold Wallet technologies from Freemindtronic embedded in Keepser products, you can protect your sensitive data against malware attacks such as AMOS or Cryptbot. These wallets also work on macOS, providing additional protection to Mac users.

The Benefits of EviVault Technology

Thanks to EviVault technology developed by Freemindtronic, the Keepser Cold Wallet is a unique ultra-secure cold storage solution for cryptocurrency wallets, offering anonymous, offline and contactless use via NFC technology, as well as compatibility with NFC Android phones and computer systems via a browser extension.

It’s like they say: “Why pay €1,000 per month to steal sensitive data when you can pay €387 one shot for AMOS malware protection without subscription to protect against it (and other malware like Cryptbot)!” 😉

It is important to take seriously the threats posed by malware such as AMOS and to take the necessary measures to protect your sensitive data. By using advanced technologies such as EviVault NFC Cold Wallet from Freemindtronic embedded in Keepser products, you can ensure that your data is secure.