BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Nexus gaining popularity in hacker forums

    A banking Trojan for Android known as Nexus, which has recently appeared on the radar, is rapidly gaining popularity among attackers and is already being used by many different hacker groups. Reportedly, at least 450 financial applications around the world have already become victims of the Nexus attack.

    Representatives of Cleafy believe that the malware is at an early stage of development, and will subsequently be finalized more than once. “Nexus provides all the basic functions for performing ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as stealing credentials and intercepting SMS,” the experts say.

    The Trojan, which appeared on various hacker forums earlier this year, is advertised as a subscription-based service (MaaS) for a monthly fee of $3,000. Details of the malware were first documented by Cyble earlier this month. However, there are indications that the malware could have been used in real attacks as early as June 2022, at least six months before it was officially announced on the darknet sites.

    Most infections with the Nexus Trojan were recorded in Turkey, however, the authors of the malware in their Telegram channel assure that Nexus clients did not arrange a targeted attack on Turkey for political or other reasons.

    Initially, Nexus was classified as another variation of banking Trojan - SOVA. And only after a while, the researchers realized that the new malware is simply based on the code of the old one, and also uses its ransomware module.

    Interestingly, the authors of Nexus have laid out clear rules for their clients that prohibit the use of their malware in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia. This makes it clear that the authors of the malware are most likely natives of one of these countries themselves.

    The Nexus malware, like many other banking trojans, contains functions to take over accounts by performing overlay attacks and registering keys. In addition, the Trojan is capable of reading two-factor authentication (2FA) codes from SMS messages and the Google Authenticator app, abusing Android accessibility services.

    Some new additions to the list of features are the ability for Nexus to delete received SMS messages, activate or stop the 2FA stealing module, and update itself by periodically pinging the C2 server.

    “The MaaS model allows criminals to most effectively monetize their malware by providing customers with a ready-made infrastructure that can then be used to attack targets of their choice,” the researchers report.
    Author DeepWeb
    Hackers posted part of the Twitter source code on GitHub
    How AI became a tool for cybercrime and terrorism

    Comments 0

    Add comment