Barbie malware

March 3rd 2023, New Delhi: If you have received any message that contains a link asking users to download an application to avail Income Tax Refund or KYC benefits with the name of Income Tax Department or reputed Banks, Beware!

CyberPeace Foundation and Autobot Infosec Private Limited along with the academic partners under CyberPeace Center of Excellence (CCoE) recently conducted five different studies on phishing campaigns that have been circulating on the internet by using misleading tactics to convince users to install malicious applications on their devices. The first campaign impersonates the Income Tax Department, while the rest of the campaigns impersonate ICICI Bank, State Bank of India, IDFC Bank and Axis bank respectively. The phishing campaigns aim to trick users into divulging their personal and financial information.

After a detailed study, the research team found that:

• All campaigns appear to be an offer from reputed entities, however hosted on third-party domains instead of the official website of the Income Tax Department or the respective Banks, raising suspicion.
• The applications ask several access permissions of the device. Moreover some of them seek users to provide full control of the device. Allowing such access permission could result in a complete compromise of the system, including access to sensitive information such as microphone recordings, camera footage, text messages, contacts, pictures, videos, and even banking applications.
• Cybercriminals created malicious applications using icons that closely resemble those of legitimate entities with the intention of enticing users into downloading the malicious applications.
• The applications collect user’s personal and banking information. Getting into this type of trap could lead users to face significant financial losses.
• While investigating the impersonated Income Tax Department’s application, the Research team identified the application sends http traffic to a remote server which acts as a Command and Control (CnC/C2) for the application.
• Customers who desire to avail benefits or refunds from respective banks, download relevant apps, believing that the chosen app will assist them. However, they are not always aware that the app may be fraudulent.

“The Research highlights the importance of being vigilant while browsing the internet and not falling prey to such phishing attacks. It is crucial to be cautious when clicking on links or downloading attachments from unknown sources, as they may contain malware that can harm the device or compromise the data.” spokesperson, CyberPeace added.

In addition to this in an earlier report released in last month, the same research team had drawn attention to the WhatsApp messages masquerading as an offer from Tanishq Jewellers with links luring unsuspecting users with the promise of free valentine’s day  presents making the rounds on the app.

CyberPeace Advisory:

• The Research team recommends that people should avoid opening such messages sent via social platforms. One must always think before clicking on such links, or downloading any attachments from unauthorised sources.
• Downloading any application from any third party sources instead of the official app store should be avoided. This will greatly reduce the risk of downloading a malicious app, as official app stores have strict guidelines for app developers and review each app before it gets published on the store.
• Even if you download the application from an authorised source, check the app’s permissions before you install it. Some malicious apps may request access to sensitive information or resources on your device. If an app is asking for too many permissions, it’s best to avoid it.
• Keep your device and the app-store app up to date. This will ensure that you have the latest security updates and bug fixes.
• Falling into such a trap could result in a complete compromise of the system, including access to sensitive information such as microphone recordings, camera footage, text messages, contacts, pictures, videos, and even banking applications and could lead users to financial loss.
• Do not share confidential details like credentials, banking information with such types of Phishing scams.
• Never share or forward fake messages containing links on any social platform without proper verification.

Source : https://www.aninews.in/news/business/business/alert-cybercriminals-target-taxpayers-and-banking-customers-with-phishing-campaign-and-malicious-application20230303182938/

Executive Summary:

A photo that has gone viral on social media alleges that the Indian company Patanjali founded by Yoga Guru Baba Ramdev is selling a product called “Recipe Mix for Beef Biryani”. The image incorporates Ramdev’s name in its promotional package. However, upon looking into the matter, CyberPeace Research Team revealed that the viral image is not genuine. The original image was altered and it has been wrongly claimed which does not even exist. Patanjali is an Indian brand designed for vegetarians and an intervention of Ayurveda. For that reason, the image in context is fake and misleading.

‍

Claims:

An image circulating on social media shows Patanjali selling "Recipe Mix for Beef Biryani”.

‍

Fact Check:

Upon receiving the viral image, the CyberPeace Research Team immediately conducted an in-depth investigation. A reverse image search revealed that the viral image was taken from an unrelated context and digitally altered to be associated with the fabricated packaging of "National Recipe Mix for Biryani". 

The analysis of the image confirmed signs of manipulation. Patanjali, a well-established Indian brand known for its vegetarian products, has no record of producing or promoting a product called “Recipe mix for Beef Biryani”. We also found a similar image with the product specified as “National Biryani” in another online store.

Comparing both photos, we found that there are several differences.

Further examination of Patanjali's product catalog and public information verified that this viral image is part of a deliberate attempt to spread misinformation, likely to damage the reputation of the brand and its founder. The entire claim is based on a falsified image aimed at provoking controversy, and therefore, is categorically false.

Conclusions:

The viral image associating Patanjali and Baba Ramdev with "Recipe mix for Beef Biryani" is entirely fake. This image was deliberately manipulated to spread false information and damage the brand’s reputation. Social media users are encouraged to fact-check before sharing any such claims, as the spread of misinformation can have significant consequences. The CyberPeace Research Team emphasizes the importance of verifying information before circulating it to avoid spreading false narratives.

• Claim: Patanjali and Baba Ramdev endorse "Recipe mix for Beef Biryani"
• Claimed on: X
• Fact Check: Fake & Misleading

‍

Introduction

Misinformation spreads faster than a pimple before your best friend's wedding, and these viral skincare hacks on social media can do more harm than good if smeared on without a second thought. The unverified skin care tips, exaggerated results, and product endorsements lacking proper dermatological backing can often lead to breakouts and serious damage. 

The Allure and Risks of Online Skincare Trends

In the age of social media, beauty advice is easily accessible, but not all trending skincare hacks are beneficial. Influencers lacking professional dermatological knowledge often endorse "medical grade" skincare products, which may not be suitable for all skin types. The viral DIY skincare hacks, such as natural remedies like multani mitti (Fuller's earth), have found a new audience online. However, suppose such skincare tips are approached without due care and caution regarding their suitability for different skin types, or without the proper formulation of ingredients. In that case, they can result in skin problems. It is crucial to approach online skincare advice with a critical eye, as not all trends are backed by scientific research. 

CyberPeace Recommendations 

1. Influencer Responsibility and Ethical Endorsements in Skincare

Influencers play a crucial role in shaping public perception in the skincare and lifestyle industries. However, they must exercise due diligence before endorsing skincare products or practices, as misinformation can lead to financial loss and health consequences. Influencers should only promote products they have personally tested or vetted by dermatologists or skincare professionals. They should also research the brand's credibility, check ingredients for safety, and understand the product's target audience.

2. Strengthening Digital Literacy in Skincare Spaces

CyberPeace highlights that improving digital literacy is one of the best strategies to stop the spread of false information about skincare. Users nowadays, particularly young people, are continuously exposed to a deluge of wellness and beauty-related content. Many people are duped by overstated claims, pseudoscientific cures, and influencer-driven marketing masquerading as sound advice if they lack the necessary digital literacy. We recommend supporting digital literacy initiatives that teach users how to evaluate sources, think critically, and comprehend how algorithms promote content. Long-term impact is thought to be achieved through influencer partnerships, gamified learning modules, and community workshops that promote media literacy.

3. Recommendation for Users to Prioritise Research and Critical Thinking

Users should prioritise research and critical thinking when engaging with skincare content online. It's crucial to distinguish between valid advice and misinformation. Thorough research, including expert reviews, ingredient checks, and scientific sources, is essential. Questioning endorsements and relying on trusted platforms and dermatologists can help ensure a skincare routine based on sound practices.

4. Mandating Transparency from Influencers and Brands

Enforcing stronger transparency laws for influencers and skincare companies is a key suggestion. Social media influencers frequently neglect to reveal sponsored collaborations or paid advertisements, giving followers the impression that the skincare advice is based on the creators' own experience and objective judgment. This dishonest practice frequently promotes goods with little to no scientific support and feeds false information. The social media companies need to be proactive in identifying and removing content that violates disclosure and advertising guidelines.

5. Creating a Verified Registry for Skincare Professionals

Increasing the voices of real experts is one of the most important strategies to build credibility and trust online. The establishment of a publicly available, validated registry of certified dermatologists, cosmetologists, and skincare scientists is suggested by cybersecurity experts and medical professionals. These experts could then receive a "verified expert" badge from social media companies, making it easier for users to discern between content created by unqualified people and genuine, evidence-based advice. Algorithms that promote such verified content would inevitably limit the dissemination of false information.

6. Enforcing Platform Accountability and Reporting System

There needs to be platform-level accountability and safeguard mechanisms in case of any false information about skincare. Platforms should monitor repeat offenders and implement a tiered penalty system that includes content removal and temporary or permanent bans on such malicious user profiles.

References

• https://brandequity.economictimes.indiatimes.com/amp/news/advertising/clinikally-takes-on-digital-misinformation-of-skincare-trends-in-new-ad/120485282

‍