{Disarmed} The 11 techniques with which they steal the private data of your Xiaomi mobile
"Increasingly sophisticated techniques", informs the Bank of Spain itself in the face of constant fraud derived from messages that you have surely received during the last year . It is even resorting to fake fingerprints printed on silicone.
Luckily, most of the company's mobiles already have a pre-installed antivirus . It is important to make effective use of it, keep the applications updated and not be fooled: the best way to combat these fraud techniques begins with understanding them . These are the eleven most common techniques used by cybercriminals to steal data from your Xiaomi, Redmi or POCO.
SIM-swapping
It is becoming more and more common to use our smartphone as a link for two-step verification . It is convenient and fast, since a simple code generated on the spot protects while being easy to understand.
But this model is not infallible against the duplication of the SIM card , which only seeks to seize the original user's line to request data, change passwords and control all the services associated with said terminal.
With a cloned SIM, another user can receive these verification messages and take advantage of this to hijack the WhatsApp account or, for example, validate one of those pre-approved loans or zero out the credit card in a matter of hours.
smishing
This attack is but one of many social engineering strategies out there. The word derives from a contraction between SMS and fishing . Old text messages are more alive than ever, but for all the wrong reasons.
If the first hardware and software hacks were nothing more than reverse engineering exploits to learn how something worked and alter it, social engineering seeks to feed on people's fear, harassment, bewilderment or simple doubt in order to profit from it.
The formula is increasingly complex: attackers impersonate people in authority, companies or organizations, provide some true data along with some false and redirect to fraudulent portals or simply collect data to exploit them.
SMS Spoofing
Another form of spam and even more complex social engineering, since communication models are used on which some data is changed. A message alert may appear to come from SHEIN, Uber or TikTok and be a scammer tool.
Fraudulent messages that imitate logistics companies, indicating a parcel or order number that could not be delivered would be a good example: "New voice message", "Your verification code is [link]", "This is your pick to pick up the order".
The latest model of messages imitate being sent by Caixabank, Banco Santander or BBVA and inform that our account has been closed or blocked due to security updates . Curious irony, since it is easy to fall into the trap in a simple message thread and end up revealing our true data so that the account is compromised.
Many of these messages slip through as official, since they previously know the financial institution with which you work. The URL and extension of the link you are directed to or possible misspellings are key indicators to detect these scams.
Vishing
Vishing is just another model of social engineering through phone calls. Less used —because it is more invasive— but no less effective for that, cybercriminals begin by informing you of an account blockage, of the need to check some data "for security" or similar techniques that lead to the theft of your real data.
phishing
Phishing is the general definition of all social engineering that consists of identity theft, either from a user to a bank or from a bank to the user.
Of course, phishing in recent years is more complex and may simply be trying to collect data for a future intrusion, or effectively direct us to some server that automatically downloads a malware-infected attachment and thus leave our site. Xiaomi smartphone completely compromised.
Cryptocurrency mining
Using the computing power of your Xiaomi, Redmi or POCO to mine some cryptocurrency is wrong. But for applications like Crackonosh and BluStealer to install a keylogger to steal data from our service logins and then sell it to third parties is worse.
Why? The first attack only slows down the performance of the terminal, the second ends up turning the smartphone into a bot from which the cybercriminal accesses any service and hijacks it , from the Netflix account to the bank account. If you start getting more spam than you count, someone may have leaked your data.
Adware and fleeceware
Adware is the general version of the above: if fake applications are dangerous but relatively easy to detect with minimal experience, adware is more complicated, as it can even be hosted on legal , well-known applications or even on some in use , previously installed.
On the other hand, many of the free applications that we find on portals are nothing more than fleeceware , that is, tools to collect all possible information and then require some type of subscription , monthly or annual fee. Others even have a fixed fee from the moment you download the installation file.
It is not necessary that it be large amounts, but when you try to uninstall it, it will ask you to pay to do so. And it is at the time of paying that they take control of our bank details, as it is carried out through an unencrypted payment gateway.
Sextortion (and other forms of digital extortion)
A few years ago, Varenyky became famous, a virus that sneaked in from a SPAM message, hijacked part of the mobile information, took screenshots of the content you saw and could even record you through a simple granting of permissions in an app .
This spambot used the free software FFmpeg for this, and the consequence came later, when you began to receive blackmail messages indicating that the most private and thorny searches would be broadcast in public, unless you paid. This is a form, like so many others, of digital sextortion and extortion.
malware and viruses
Spyware ( spyware ), banking Trojans, malware downloaders or classic viruses that only seek to corrupt data —that is, to do damage, without the need for indirect profit—, etc.: there is an entire ecosystem of tools to harm your mobile.
Malware does not play guessing games, but attacks by brute force, in a more or less sophisticated way, installing small exploits or simply infecting previously installed applications whose security holes will be exploited.
Ransomware
This form of vulnerability, an old acquaintance that became immensely popular due to WannaCry — a program that globally attacked thousands of computers simultaneously — is more alive than ever in the middle of 2022.
Although not exactly a computer virus, these cryptoworms infect and hijack computers using numerical encryption. Then, through a switch , the hijacker can release your mobile, or use it as a node to block others.
The result? If you want to use your Xiaomi again and, more importantly, protect and not see the private data inside it revealed, you must undertake an economic rescue. Cybercriminals often demand these payments in cryptocurrencies : there are hundreds of cryptocurrencies that are virtually impossible to trace, even create ad hoc wallets, so the formula still works.
-
The news The 11 techniques with which they steal the private data of your Xiaomi mobile was originally published in xiaomist by Isra Fdez .
Comments
Post a Comment