A banking Trojan striking corporate targets across Brazil has been unmasked by researchers. 

On Tuesday, ESET published an advisory on the malware, which has been in development since 2018.Dubbed Janeleiro, the Trojan appears to be focused on Brazil as a hunting ground and has been used in cyberattacks against corporate players in sectors including healthcare, engineering, retail, finance, and manufacturing. Operators have also attempted to use the malware when infiltrating government systems.  According to the researchers, the Trojan is similar to others currently operating across the country — such as Casbaneiro, Grandoreiro, and Mekotio — but is the first detected that is written in .NET, rather than Delphi, which is usually favored.  Phishing emails, sent in small batches, are sent to corporate targets pretending to relate to unpaid invoices. These messages contain links to compromised servers and to the download of a .zip archive hosted in the cloud. If the victim unzips this archive file, a Windows-based MSI installer then loads the main Trojan DLL.  “In some cases, these URLs have distributed both Janeleiro and other Delphi bankers at different times,” ESET says. “This suggests that either the various criminal groups share the same provider for sending spam emails and for hosting their malware, or that they are the same group. We have not yet determined which hypothesis is correct.” The Trojan will first check the geolocation of the target system’s IP address. If the country code is other than Brazil, the malware will exit. However, if the check is passed, the malware will then collect a variety of operating system data and will grab the address of its command-and-control (C2) server from a dedicated GitHub page.  

Janeleiro is used to create fake pop-up windows “on-demand,” such as when banking-related keywords are detected on a compromised machine. These pop-ups are designed to appear to be from some of the largest banks across Brazil and they request the input of sensitive and banking details from victims.  The malware’s command list includes options for controlling windows, killing existing browser sessions — such as those launched in Google Chrome — capturing screens, keylogging, and hijacking clipboard data, among other functions.  The operator of the Trojan appears to prefer a hands-on approach and may control the windows remotely, in real-time.  Most malware operators at least make a token attempt to conceal their activities. In this case, code obfuscation is light but there is no attempt to circumvent existing security software and no custom encryption.The operator uses GitHub, a code repository, to host files containing C2 server lists to manage Trojan infections. These repositories are updated on a daily basis.  As of March, four variants of Janeleiro have been detected in the wild, although two share the same internal version number. Some samples have been packaged together with a password stealer in attacks, which suggests “the group behind Janeleiro has other tools in their arsenal,” according to the team. ESET says that GitHub has been made aware of the threat actor’s account and abuse of the platform. The page has now been disabled and the owner suspended.”GitHub values the contributions of our security research community and is committed to investigating reported security issues,” a GitHub spokesperson told ZDNet. “We disabled the page in accordance with our Acceptable Use Policies, following the report that it was using our platform maliciously.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months. Analysis by cybersecurity company Lookout found that there’s been a 37% increase in mobile phishing attacks worldwide between the last three months of […] More

Google Love it or hate it, Google’s AI Mode has revamped the way you search for information. Instead of presenting you with tens of thousands of website links, Google serves up an AI-generated overview and summary of the results. Also: Sick of AI in your search results? Try these 7 Google alternatives with old-school, AI-free charm […] More

Tax-related identity theft is a persistent problem in the US. In fact, the IRS’s Criminal Investigation Division reported that it identified $2.3 billion in tax fraud in fiscal year 2020, with the fraud ranging from cyber crimes to tax-related identity theft.Have you fallen victim to tax identity theft and need help dealing with the financial ramifications? Or do you just want to learn ways to prevent it from happening to you? Either way, this guide can help.What is tax identity theft?Tax identity theft occurs when someone files a tax return using your Social Security Number (SSN). In some cases, thieves do this in order to claim a fraudulent tax refund. In others, they may have used your SSN to obtain employment. When this occurs, their employer will report all income to the IRS using that SSN. When you don’t report that same income on your own return, the IRS will flag it as suspicious and require you to pay taxes on that additional income. It may even lead to a tax audit.Victims of tax identity theft face serious financial ramifications. Not only are they unable to file their own returns (or claim their tax refund), but other financial vulnerabilities might be at work. Unauthorized loans, credit cards, and other accounts may have been opened using the victim’s identity. Victims are typically encouraged to freeze their credit when tax-related identity theft occurs. They may also need to work with creditors and credit reporting agencies to clear their name of any fraudulent activity.How does tax identity theft happen?Generally, tax identity theft — and all identity theft, for that matter — occurs after a person’s sensitive information has become public or fallen into the wrong hands. This often happens due to security breaches or digital data hacks.Tax identity theft often occurs in February and early March, as thieves must file the fraudulent returns before the real taxpayers file their legitimate ones. Fortunately, the IRS has taken steps to reduce identity theft from many angles. The agency has hired more employees dedicated to stopping fraud, implemented additional safeguards, and changed many of the standards used to file and authorize returns. 

Despite these efforts, tax identity fraud does still occur. It’s important everyday Americans are prepared should it happen.How to know if you’ve been victimizedIf you’ve fallen victim to tax identity theft, there are several ways you might learn of it. First, your legitimate tax return may be rejected. When you go to e-file your tax return, the IRS will reject it if a return has already been filed for your SSN. If you filed a paper return, you will get a rejection notice in the mail, alerting you that your return has already been filed.In the event the thief used your SSN to obtain a job, you likely won’t learn of the issue until your returns have been filed and processed. Once the IRS sees that your reported income does not match the income reported by employers to your SSN, they will send you a letter saying you failed to report income or that you owe additional taxes.It’s important to note that all communications from the IRS will come via mail. The IRS will not call, text, or email you regarding your returns or any suspicious activity. Do not provide sensitive information to anyone pretending to be an IRS agent via these methods, and report the issue to the U.S. Treasury Inspector General for Tax Administration.What to do next If you discover that you are the victim of tax identity theft, you’ll need to report it to both the IRS and the Federal Trade Commission.Specifically, you’ll need to:Fill out Letter 5071C, if you’ve received it. The IRS may send you Letter 5071C if it flags your return as suspicious or suspects fraud has been committed. This form requires you to verify your identity and breaks down the steps for doing so. Follow these directions exactly, and take any additional recommended steps once your identity has been confirmed.Use Form 14039 to alert the IRS of the issue. Fill out the form and mail it, along with a copy of your Social Security card and driver’s license, to Internal Revenue Service, P.O. Box 9039, Andover, MA, 01810-0939. Make sure to send the letter by certified mail to ensure it arrives safely. If you received a notice in the mail, include this with your letter as well.Apply for an Identity Protection PIN. These are six-digit numbers that the IRS will use to confirm your identity on all future returns and filings. (Please note that this service will be unavailable until January 2022 for planned maintenance.)Notify the Federal Trade Commission. File an identity theft report at IdentityTheft.gov in order to alert the FTC. This website can also help you create a plan of action for responding to identity theft.Contact your state tax agency. There may be additional steps your state requires when identity theft occurs.If you tried to e-file and got rejected, you should go ahead and file your paper return and pay any taxes you owe via mail. If at any point you need help in the process, call the IRS Identity Protection Specialized Unit at 1-800-908-4490 for assistance. An agent can walk you through the appropriate steps to both report and respond to the theft.The road ahead: Rebuilding your credit and financesThe IRS says it typically takes 120 days or less to address cases of identity theft, but due to “extenuating circumstances” caused by the COVID-19 pandemic, the IRS’s identity theft inventories have increased dramatically. It’s taking them 260 days on average to resolve identity theft cases.This doesn’t even include the time and resources needed to address other consequences of identity theft, such as unauthorized loans, credit cards, and purchases. Depending on how deep the theft goes and how available your personal information was, the financial ramifications can often last months or even years.The important thing to do is to remain vigilant. This means:Pulling your credit report and monitoring for suspicious financial activity. Look at your credit report and make sure there are no unauthorized accounts or loans in your name. Contact the creditors and close these if necessary. You should also check with your banks and lenders to ensure there is no suspicious activity. If there is, dispute the charges and follow the steps to have those waived from your accounts.Placing a fraud alert on your credit profile. Contact one of the three major credit reporting bureaus (Experian, TransUnion, or Equifax) and ask that a fraud alert be placed on your record. This can prevent thieves from opening up new credit cards or loans in your name. You can also request a total credit freeze if you want to be extra safe.Considering credit monitoring. Though these services come at a fee, they can help you keep tabs on your credit profile — as well as any changes that occur.Working with the Social Security Administration. Report the identity theft and take any additional steps recommended. In severe cases, you may need to apply for a new Social Security Number.Continuing to work with the IRS and FTC as necessary. Respond quickly to any FTC or IRS request. Any delays will slow the resolution of your case and the delivery of your refund.In some cases, you may want to involve a lawyer — especially if your investments, retirement accounts, mortgage, or other major financial products have been affected. They can help you traverse the legal issues that crop up with creditors, lenders, and financial institutions along the way.Your options for financial recovery Many victims of tax identity theft experience cash flow issues or must deal with additional debt as a result of the experience. They also may be unable to take out traditional loans or credit accounts due to the impact the theft has had on their credit score and profile.When this occurs, victims have five options:Tax Refund Advance Loan: A Tax Refund Advance Loan gives you an advance on your projected refund. While sometimes helpful, these aren’t the best idea if your refund is small. They can also impact your credit score and often require a significant chunk of your refund to secure.A personal loan: Personal loans can offer access to more cash, as well as more lenient (and longer) repayment terms. These can be especially helpful for victims hit hard by their identity theft.Credit-builder loans: These loans are beneficial if your credit score was severely impacted by the theft. Typically offered through community banks and credit unions, they help you improve your score by reporting your consistent payments to credit bureaus.Secured credit cards: If the identity theft required you to close your credit accounts, a secured credit card can be a good option. These require you to deposit money up front as collateral. They then function like traditional credit cards, while also helping you establish good credit standing (as long as you pay on time, every time).Help from loved ones: In many cases, family members, friends, and other loved ones are willing to provide financial help. They might offer no-interest loans or even gifts to help you get through your rough patch.There’s always the option to wait it out, too. If the damage was minimal or you weren’t relying on your refund for financial stability, you may be able to await the IRS’ resolution of your case.Reducing your riskIf you aren’t already the victim of tax-related identity theft, you should take action to ensure you never become one. This means protecting your personal information, shredding sensitive documents, and using strong passwords on all online accounts.You can also:Lock your mailbox.Use a secure computer on a secure network when e-filing.Check your credit report annually for suspicious activity.Install a firewall and antivirus software on your computer.Learn how to recognize phishing emails and fraudulent requests for information.Keep sensitive documents (like your Social Security card) in a safety deposit box.Only provide your Social Security Number when absolutely necessary.You should also file your returns as early as possible. A fraud cannot file a return using your Social Security Number if one has already been filed. Make it a point to file your taxes as soon as you have the information necessary to do so.[This article was originally published on the Simple Dollar in February, 2019. It was updated in December, 2021.] More

DJI Osmo 360 Adventure Combo kit. Adrian Kingsley-Hughes/ZDNET ZDNET’s key takeaways The Osmo 360 is DJI’s first 360-degree action camera.It can shoot 360-degree panoramic video at 8K/30fps.Unfortunately, the camera won’t initially be offered in the US.DJI recently unveiled its latest product. No, not a drone, but a camera — the Osmo 360 More