BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Nexus gaining popularity in hacker forums

    A banking Trojan for Android known as Nexus, which has recently appeared on the radar, is rapidly gaining popularity among attackers and is already being used by many different hacker groups. Reportedly, at least 450 financial applications around the world have already become victims of the Nexus attack.

    Representatives of Cleafy believe that the malware is at an early stage of development, and will subsequently be finalized more than once. “Nexus provides all the basic functions for performing ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as stealing credentials and intercepting SMS,” the experts say.

    The Trojan, which appeared on various hacker forums earlier this year, is advertised as a subscription-based service (MaaS) for a monthly fee of $3,000. Details of the malware were first documented by Cyble earlier this month. However, there are indications that the malware could have been used in real attacks as early as June 2022, at least six months before it was officially announced on the darknet sites.

    Most infections with the Nexus Trojan were recorded in Turkey, however, the authors of the malware in their Telegram channel assure that Nexus clients did not arrange a targeted attack on Turkey for political or other reasons.

    Initially, Nexus was classified as another variation of banking Trojan - SOVA. And only after a while, the researchers realized that the new malware is simply based on the code of the old one, and also uses its ransomware module.

    Interestingly, the authors of Nexus have laid out clear rules for their clients that prohibit the use of their malware in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia. This makes it clear that the authors of the malware are most likely natives of one of these countries themselves.

    The Nexus malware, like many other banking trojans, contains functions to take over accounts by performing overlay attacks and registering keys. In addition, the Trojan is capable of reading two-factor authentication (2FA) codes from SMS messages and the Google Authenticator app, abusing Android accessibility services.

    Some new additions to the list of features are the ability for Nexus to delete received SMS messages, activate or stop the 2FA stealing module, and update itself by periodically pinging the C2 server.

    “The MaaS model allows criminals to most effectively monetize their malware by providing customers with a ready-made infrastructure that can then be used to attack targets of their choice,” the researchers report.
    Author DeepWeb
    Hackers posted part of the Twitter source code on GitHub
    How AI became a tool for cybercrime and terrorism

    Comments 0

    Add comment