AI was likely used: ESET researchers also spotted something unusual in the malware’s internals. Some traces suggested generative AI may have played a role in its development.Specifically, the injected malicious code contains emoji markers in debug logs, something more commonly associated with AI-generated output than human-written malware. The researchers noted that this isn’t definitive proof but aligns with a broader trend of attackers using large language models to accelerate malware creation.Android presently has some protection against this attack vector in the form of security alerts. “The victim needs to manually install a trojanized version of HandyPay, since the app is only available outside Google Play,” the researchers said. “When a user taps the download app button in their browser, Android automatically blocks the install and shows a prompt asking them to allow installation from this source.”For the attack to be successful, the user then needs to tap Settings in the prompt, enable “Allow from this source,” and return to installing the app, a process quite common with third-party app installation these days. Nothing particularly suspicious stands out in the “allow download” workflow to protect against this threat.ESET shared a list of indicators in a dedicated GitHub repository, which included files, hashes, network indicators, and MITRE ATT&CK maps to support detection efforts.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4161983/nfc-tap-to-pay-gets-tapped-by-hackers.html
