The notorious Xenomorph Android malware, which targeted 56 European banks in 2022, has resurfaced with a renewed focus on US banks, financial institutions, and cryptocurrency wallets.
The cyber security and fraud detection company called this one of the most advanced and dangerous Android malware variants they’ve seen.
The malware is primarily disseminated by masquerading as an update for the Chrome browser or Google Play Store. Upon clicking the fraudulent “update,” the malware is installed, enabling it to automate the process of accessing online accounts, as well as extracting and transferring funds.
Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself:
● Avoid links and attachments in any unsolicited e-mail. Simply previewing a document could infect your device, so never open or click on anything suspicious.
● To update your browser, simply close it and reopen. You don’t have to download an application to update it. Furthermore, the Google Play Store app will not ask you for an update, so don’t fall for any website alert or text stating you need to download an update.
But remember, bank fraud can manifest itself in several forms, including:
1. Phishing Scams: Cybercriminals send deceptive e-mails or messages, often impersonating trusted entities like banks or government agencies, to trick you or your employees into revealing sensitive information like login credentials. Sometimes these are facilitated by phone calls, so make sure your team is fully aware of this. The latest MGM hack happened when a hacker called the company’s IT department requesting a password reset.
2. Check Fraud: Criminals may forge or alter your business’s checks to siphon funds from your account, making it essential for you to secure your checkbook and be careful about sharing or e-mailing your account information. You might consider going checkless to cut down on the chances of your account being hacked.
3. Unauthorized Wire Transfers: Hackers may compromise your online banking credentials to initiate unauthorized transfers, diverting funds to their accounts.
4. Account Takeover: Criminals may gain control of your business’s online banking accounts by exploiting weak passwords, reused passwords or security gaps, such as e-mailing your passwords to others or storing your bank password in your browser, allowing them to make unauthorized transactions.
5. Employee Fraud: Sometimes, even employees may engage in fraudulent activities, such as embezzlement or manipulating financial records.
To enhance your security, employ strong, unique passwords for your online banking accounts and avoid storing them in your browser. Regularly update your passwords with complex variations, including uppercase and lowercase letters, symbols, and numbers, ensuring they are at least 14 to 16 characters long.
Additionally, activate multi-factor authentication (MFA) to receive alerts about unauthorized account access attempts.
Consider setting up alerts for large withdrawals and requesting your bank to mandate physical signatures for wire transfers, adding an extra layer of protection against unauthorized transactions.
Finally, consider obtaining fraud insurance that covers employee and online theft, providing coverage in case cybercriminals attempt to steal funds from your account.
And, as always, make sure you have strong cyber protections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked.
If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.
It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.