Dieselgate, but for trains – some heavyweight hardware hacking

[this is an English translation of the original article in Polish, we occasionally publish the best cyber stories from Poland in English]

A train manufactured by a Polish company suddenly broke down during maintenance. The experts were helpless – the train was fine, it just wouldn’t run. In a desperate last gasp, the Dragon Sector team was called in to help, and its members found wonders the train engineers had never dreamed of. Continue reading “Dieselgate, but for trains – some heavyweight hardware hacking”

A History of a Hack

Anakata in the Court Room (source: Aftonbladet)

On 20 May 2013, the trial of Gottfrid Svartholm a.k.a. anakata, co-founder of TPB, commenced in Stockholm. Yet, he was not accused of any copyright infringement but of serious hackings. What he was accused of and how the police picked up his trail?

Continue reading “A History of a Hack”

Watch out for a cunning attack on Polish Internet users

Recently, we had a chance to help a user who received a suspicious message. Unlike thousands of other Internet users, instead of clicking links indiscriminately, he followed his hunch and called us. It turned out that he had experienced an unknown type of attack.

Continue reading “Watch out for a cunning attack on Polish Internet users”

Multiple bank accounts robbed by thieves using an innovative service of a mobile phone operator

In June and July of 2015, the thieves stole several hundred thousand zlotys (at least 100k EUR) from accounts of the bank customers. The affected customers had one thing in common – they had a phone in Play network (a Polish mobile operator) and received a series of text messages with codes to authorize non-commissioned transfers.

Continue reading “Multiple bank accounts robbed by thieves using an innovative service of a mobile phone operator”

Banking trojan, Gmail webinject, SMS message and malicious APK – all in one attack scenario

As many banks use SMS 2FA for transfer authorization, malware authors are constantly looking for new opportunities to take over control of PC infection victims’ smartphones. We have identified a new attack scenario that involves both PC and mobile devices infection by leveraging trust people have in Google services. Continue reading “Banking trojan, Gmail webinject, SMS message and malicious APK – all in one attack scenario”