Infi-Zeal's Blog

An international hacking ring has stolen as much as $1 billion from more than 100 banks in 30 countries in what may be the biggest banking breach ever, a new report shows. The scheme, which goes back as far as 2013, uses malware so sophisticated that hackers have used it to dispense cash from ATMs without any physical contact with the machines, according to the report by Moscow-based security firm Kaspersky Labs. The hackers then sent mules to pick up the cash, according to the shocking report released Monday. The malware used in the hacks, dubbed Carbanak, targets employees of banking institutions, rather than customers, and suggests a "new era in cybercrime" in which criminals go after institutions' internal operations, the report said. The Kaspersky report declined to name the banks that have been compromised, but said the victims were mostly "Russian-speaking financial institutions," and the malware was largely downloaded from Russian. Still, the

 A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone application without the owner’s knowledge or consent. Once connected, the attacker could have full control over the phone – even without physical access to it. The attacker needs only access to the same local network as the phone is connected to, for example via Wi-Fi. The LG On-Screen Phone application (OSP) makes it easy to access and control LG’s Android smartphones through a PC. The connection can be established either by using an USB cable or wirelessly through Wi-Fi or Bluetooth. When attempting to connect to the phone via OSP, a popup dialog is displayed on the phone and it is to be confirmed and accepted by the owner. Once the channel is established, the screen contents of the device are being transmitted to the PC as a motion stream, mouse clicks on the PC are turned into touch events on the phone. By using OSP one can cont