Kaspersky Global Research and Analysis Team (GReAT) said the threat actors primarily target users from Brazil; nevertheless, Kaspersky experts don’t rule out that users from other countries may also face this threat.

The Trojan employs a Monero cryptocurrency miner and additionally installs a BTMOB remote administration tool (RAT) on the infected devices.

To maintain its persistence, BeatBanker uses an uncommon mechanism involving a nearly inaudible looped audio file.

“At first we saw BeatBanker being distributed under the guise of a public services app; it installed a banking Trojan in addition to a cryptocurrency miner. However, our recent detection efforts uncovered a new campaign with another BeatBanker variant that deploys the BTMOB RAT instead of the banker module. The attackers appear to be using a fresh lure with the Starlink app to reach more victims from different countries. Therefore, it is important for users to stay vigilant and use advanced solutions to protect their smartphones,” comments Fabio Assolini, head of the Americas & Europe units at Kaspersky GReAT, in a statement available to Techeconomy.

Initial vector of infection

Kaspersky experts believe that cybercriminals distribute a fake Starlink application containing the BeatBanker Trojan through phishing pages that mimic the Google Play Store. After execution on a compromised device, the Trojan displays a user interface that also mimics Google Play. Cybercriminals trick victims into granting installation permissions, thus allowing the download of additional hidden malicious payloads.

Crypto mining and BTMOB RAT module

When a user clicks UPDATE on the fake Google Play page, a Monero cryptocurrency miner deploys. BeatBanker monitors battery percentage and the temperature of an infected smartphone, as well as user activity after which a hidden cryptocurrency miner is started or stopped.

The Android Trojan also installs a BTMOB RAT on the compromised device. BTMOB enables full remote control and is sold as Malware-as-a-Service.

It is capable of automatic granting of permissions, hide system notifications and has mechanisms designed to capture screen lock credentials, including PINs, patterns and passwords on compromised devices.

The malware also gives cybercriminals access to the front and rear cameras, GPS location monitoring and constant collection of sensitive data.

To ensure persistence and hinder uninstallation, BeatBanker maintains a fixed notification in the foreground and activates a foreground service with silent media playback. This tactic is designed to prevent the operating system from removing the malicious process.

To stay protected from mobile threats, Kaspersky recommends the following:

• Download apps only from official app stores for smartphones, such as Apple App Store and Google Play, but remember that even downloading apps from official stores is not always risk-free.
• Always check app reviews, only use links from official websites and install reliable security software, like Kaspersky Premium, that can detect and block malicious activity if an app turns out to be fraudulent.
• Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.
• Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.

The synergy between a tech mindset, a deep understanding of technology and innovation, and a cybersecurity mindset, focused on protecting data and systems from malicious actors, can enhance individuals’ abilities to navigate the complex cybersecurity landscape.

However, while these synergies offer numerous benefits, they also have inherent risks that must be carefully managed.

This piece explores the essential elements of a tech and cybersecurity mindset, examines the dangers associated with their synergies, and provides strategies for mitigating these risks to promote a balanced and practical approach to cybersecurity.

What are the essential attitudes in the digital age that comprise a tech mindset? How does this mindset contribute to navigating the complex cybersecurity landscape?

Dive into exploring these fundamental questions to uncover the interconnected nature of technology and cybersecurity in safeguarding against evolving cyber threats. In the ever-evolving landscape of the digital age, a tech mindset is essential for individuals to survive and thrive. This mindset encompasses crucial elements shaping one’s approach to technology and innovation.

First, adaptability is key – the willingness to embrace new technologies and acquire new skills is vital to staying relevant in the fast-paced tech industry.

Equally important is the ability to tackle challenges with a problem-solving mindset, encouraging creativity and out-of-the-box thinking to overcome obstacles.

Collaboration is another cornerstone of a tech mindset, emphasising the importance of working effectively with others towards common goals and fostering communication and idea-sharing.

In today’s data-driven world, the ability to analyse and interpret data is paramount, requiring individuals to think critically and make informed decisions based on insights drawn from data.

Moreover, a commitment to continuous learning is crucial in the tech sphere, where innovation is constant, necessitating continuous professional development to stay abreast of industry trends.

Lastly, ethical considerations are integral to a tech mindset, as individuals must navigate the moral implications of their work, including issues of privacy, security, and accessibility.

By embodying adaptability, creativity, collaboration, data proficiency, continuous learning, and ethical awareness, individuals can flourish in the digital age, making significant contributions to the ever-evolving tech industry.

How can one cultivate the appropriate Cybersecurity Mindset in the evolving Digital Age? Developing the right cybersecurity mindset in the digital age requires awareness, education, and proactive behaviour. Here are some strategies to help foster a strong cybersecurity mindset:

1. Education and training

Providing employees and individuals with cybersecurity training and education is essential in developing a cybersecurity mindset.

This includes understanding the various threats, the importance of cybersecurity measures and best practices for staying safe online.

2. Awareness of risks

Encouraging individuals to be aware of the risks associated with using technology and the internet is crucial. This includes recognising phishing emails, malware, social engineering tactics and other common cybersecurity threats.

3. Use of strong passwords and secure authentication

Encouraging the use of strong, unique passwords for each online account and enabling multi-factor authentication can significantly enhance cybersecurity. Individuals should also be mindful of password hygiene and regularly update their passwords.

4. Regular software updates

Keeping operating systems, software and applications up to date with the latest security patches is essential in protecting against vulnerabilities and exploits. Encouraging individuals to enable automatic updates can help ensure that their devices are secure.

5. Data protection and privacy

Emphasising the importance of protecting personal and sensitive information online is crucial in developing a cybersecurity mindset. This includes understanding data privacy laws, being cautious about sharing personal information online and using encryption tools when transmitting sensitive data.

6. Incident response and reporting

Encouraging individuals to report any cybersecurity incidents or suspicious activities can help prevent further damage and protect others from falling victim to similar attacks. An apparent incident response plan can help individuals know what to do during a cybersecurity breach.

7. Security culture

Fostering a security-first culture within organisations and communities can help create a collective cybersecurity mindset. This involves promoting cybersecurity awareness, sharing best practices and encouraging collaboration to address security threats effectively.

By implementing these strategies and promoting a cybersecurity-conscious culture, individuals can develop a strong cybersecurity mindset in the digital age and protect themselves and their organisations from cyber threats.

What are the most accessible synergies between the essential elements of a tech mindset in the digital age and the strategies behind developing the right Cybersecurity Mindset in the Digital Age? Let’s delve into these synergies with some winning examples.

The essential elements of a tech mindset in the digital age, such as adaptability, curiosity, problem-solving skills, and a willingness to learn, are closely linked to developing the right cybersecurity mindset.

By fostering these attitudes and combining them with strategies for building a strong cybersecurity posture, individuals can effectively protect themselves and their organisations from cyber threats. Here are some examples of how these synergies can be realised:

1. Adaptability: A tech mindset that embraces change and new technologies is essential for staying ahead of continually evolving cyber threats. Individuals who are adaptable are more likely to adopt new security measures and practices to mitigate emerging threats. For example, IT professionals who continuously update their skills and knowledge in cybersecurity tools and techniques can better defend against evolving cyber-attacks.

2. Curiosity: A curious mindset drives individuals to seek out answers, explore new technologies, and understand how systems work. In cybersecurity, an inquisitive mindset can lead individuals to investigate potential security vulnerabilities, conduct penetration testing, and think like a hacker to anticipate possible attacks. For instance, ethical hackers use their curiosity to identify system weaknesses and help organisations strengthen their security defences.

3. Problem-solving skills: In cybersecurity, individuals need to analyse complex threats, identify vulnerabilities, and develop effective solutions. A tech mindset that emphasises problem-solving can help individuals think critically and creatively when responding to security incidents. For example, cybersecurity analysts use their problem-solving skills to investigate security breaches, identify the root cause of incidents, and implement corrective actions to prevent future attacks.

4. Continuous learning: In the fast-paced world of cybersecurity, a commitment to continuous learning is crucial for staying updated on the latest threats, tools, and techniques. Individuals with a tech mindset that values lifelong learning are more likely to seek out training opportunities, certifications, and conferences to enhance their cybersecurity knowledge. For instance, attending cybersecurity conferences, workshops, and webinars can help professionals stay informed about emerging threats and best practices in the industry.

By integrating these essential elements of a tech mindset with strategies for developing a cybersecurity mindset, individuals can create a holistic approach to cybersecurity that emphasises proactive protection, critical thinking, and ongoing education.

This synergy enables individuals to adapt to the ever-changing cybersecurity landscape, address complex security challenges, and safeguard their digital assets.

Have potential dangers been identified with these synergies, and what would be the most effective approach in mitigating these risks, considering the issues, thought processes, and possible solutions? While the synergies between a tech mindset and a cybersecurity mindset can enhance individuals’ abilities to protect against cyber threats, there are also potential dangers associated with these synergies.

Some of the risks include overconfidence, tunnel vision, and burnout. To mitigate these risks and ensure a balanced approach to cybersecurity, individuals should adopt a holistic security approach, engage in continuous training and awareness, promote collaboration and knowledge-sharing, and prioritise self-care.

By recognising these potential dangers and implementing appropriate strategies, individuals can effectively protect themselves and their organisations from cyber threats while maintaining a sustainable approach to cybersecurity.

Understandingly, while synergies between a tech mindset and a cybersecurity mindset can be beneficial in enhancing individuals’ abilities to protect against cyber threats, there are also potential dangers associated with these synergies. Some of the risks include:

1. Overconfidence: A strong tech and cybersecurity mindset can lead individuals to believe they are invulnerable to cyber-attacks. This overconfidence may result in a lack of vigilance and adherence to best practices, making them more susceptible to security breaches.

2. Tunnel vision: Focusing too much on technical aspects of cybersecurity may lead individuals to overlook other crucial elements, such as social engineering or human error, that can pose significant risks. Ignoring these factors can create blind spots in one’s security strategy.

3. Burnout: The fast-paced nature of the tech industry and cybersecurity field can lead to burnout for individuals constantly learning, adapting, and dealing with security incidents. Overworking oneself in pursuit of staying ahead of threats can negatively impact mental health and overall well-being.

To mitigate these risks and ensure a balanced approach to cybersecurity, individuals should consider the following strategies:

1. Holistic security approach: Instead of solely focusing on technical solutions, individuals should adopt a holistic approach to cybersecurity that includes educating users about security best practices, implementing strong policies and procedures, and establishing a resilient incident response plan.

2. Continuous training and awareness: Regular training and awareness programs can help individuals stay informed about the latest cyber threats and security trends. This will enable them to effectively adapt their security strategies to address emerging risks.

3. Collaboration and knowledge-sharing: Encouraging collaboration among colleagues, industry peers, and security professionals can help individuals gain diverse perspectives, share best practices, and stay updated on the latest cybersecurity developments. This can enhance their overall security posture and help them address vulnerabilities from multiple angles.

4. Self-care: Individuals must prioritise their well-being and practice self-care to prevent burnout. Taking breaks, setting boundaries, and seeking support when needed can help individuals maintain a healthy work-life balance while staying vigilant against cyber threats.

By recognising the potential dangers associated with synergies between a tech mindset and a cybersecurity mindset and implementing strategies to mitigate these risks, individuals can effectively protect themselves and their organisations from cyber threats while maintaining a sustainable approach to cybersecurity.

In conclusion, the intersection of a tech mindset and a cybersecurity mindset presents a powerful opportunity for individuals to strengthen their defences against evolving cyber threats.

By leveraging their technical expertise and security awareness, individuals can develop a comprehensive approach to cybersecurity that addresses both technological vulnerabilities and human factors.

However, it is crucial to be mindful of the potential pitfalls associated with these synergies, such as overconfidence, tunnel vision, and burnout.

By adopting a holistic security approach, prioritising continuous training and awareness, fostering collaboration, and practising self-care, individuals can effectively mitigate these risks and maintain a sustainable cybersecurity strategy.

Ultimately, striking a balance between innovation and security is key to navigating the digital landscape safely and responsibly in the digital age.

[Featured Image Credit]

This record-setting release of passwords was sourced from decades of data breaches and has the potential to be exploited in future attacks.

The database, named “rockyou2024.txt,” reportedly contains nearly 10 billion unique passwords, collected from thousands of data leaks.

This massive compilation surpasses the previous record holder RockYou2021 by adding 1.5 billion new passwords.

In response, Kaspersky’s experts have issued practical guidance to help users protect themselves in the aftermath of the extensive data compromise:

• Check the breach impact

When a data breach occurs, the first thing a user is advised to do is to check whether their data has been affected.

Modern security solutions, such as Kaspersky Premium, enable the detection of leaked data and provide alerts to enhance security measures if necessary. As well as internal services, there are some public sources that could help to detect whether personal data has been leaked or not. 

• Change your passwords as soon as possible

In the event of a data breach, it is essential to change your passwords immediately and consider all other sites where the same password is being used.

New passwords should be unique for each account, be at least 8 characters long, combine letters with numbers and symbols. In order to check whether a combination is strong enough, a password checker can be employed.

• Block and reissue your bank card, if necessary

If payment data was stored by a service that experienced a data breach, it is best to block and reissue a card for added security.

Usually reissuing a bank card doesn’t take too much time and effort, therefore preventing a greater inconvenience.

• Install a reliable password manager

A tool like this creates strong passwords and stores them securely in an encrypted vault. Besides, it is enabled to monitor data leaks and check if user’s passwords were compromised.

• Don’t forget about two-factor authentication

A recent survey by Kaspersky revealed how easily compromised accounts can be without 2FA and strong passwords.

To protect an account from unauthorised access, it is highly recommended to set up 2FA. This can be accomplished by receiving a confirmation via SMS, email, or using an authentication app or password manager that generates one-time codes.

• Securely close unused accounts

If there are no plans to continue using a service after a data leak, it is advisable to delete the account and request the complete removal of all collected data by contacting technical support or the address in the Privacy Policy.

This step, often outlined in the “Your Rights” section of legitimate services, can also reveal the extent of data exposure.

• Share only the essential minimum of personal information online

As massive service leaks are not uncommon, it is recommended to minimise information provided to a service.

When you register, using a main email address is unnecessary: auto-substitution can be used instead. Additionally, if not required, omit the real name and residence address.

This shift comes after extensive collaboration with industry leaders such as FIDO Alliance, Apple, and Microsoft.

Passkeys represent an approach to accessing apps and websites, offering a more secure and user-friendly alternative to passwords. Users can employ passkeys through biometric sensors like fingerprints or facial recognition, PINs, or patterns. 

Eliminating the need to remember intricate passwords, passkeys enhance both ease of use and security, liberating users from the common pitfalls associated with traditional login methods.

Phishing-Resistant Authentication

Unlike passwords, passkeys are resistant to online threats like phishing attempts, making them a robust solution for safeguarding user accounts. This resilience arises from the dual components of passkeys: one part resides on the app or website’s server, while the other is stored securely on the user’s device. This architecture ensures that even in the event of a server breach, unauthorized access remains nearly impossible without physical access to the user’s device.

Google has been at the forefront of advocating for passkeys as a secure alternative to passwords. Since its introduction, passkeys have gained widespread approval, with 64% of users finding them more convenient than traditional login methods. 

Google is actively encouraging all users to adopt passkeys as their primary sign-in option, emphasizing the significant time saved—passkey login is 40% faster than password-based login.

As passkeys become the default sign-in method for Google Account holders, the era of passwords may be drawing to a close. 

Simplifying authentication processes and enhancing security, passkeys represent a step towards a safer digital future.

So, the next time you sign in to your Google Account, expect to encounter prompts guiding you to create and use passkeys, ensuring your online experiences are secure, seamless, and hassle-free. 

With approximately 2.93 billion monthly active users as of the first quarter of 2022, Facebook is the most used online social network in the world. It has also become a huge destination for hackers to launch attacks. Users who do not often change their Facebook passwords risk being hacked.  

A check by TechEconomy on Google shows that the key phrase “how to change Facebook password” records over 10,000 average monthly searches in Nigeria. There are other related search phrases that also amount to the same number of searches. These figures indicate that Facebook users are constantly searching to see how to beef up their security online. 

​Updating and periodically changing your Facebook password ​makes it more complicated for any hacker who is trying to log in. Cybersecurity experts have always advised Facebook users to change their passwords at intervals. 

In January 2022, it was reported that the private and personal information of over 1.5 billion Facebook users was allegedly being sold on a popular hacking-related forum. The exposure of this data becomes a target for cybercriminals globally. 

​Any hacker with the right tools can hack a Facebook account, but it’s solely dependent on how secure the person makes, their account in the settings.

​Sometimes, it might just take ​just a few seconds ​to hack into someone’s account. A hacker might just pretend to be “Facebook Support” and get ​any user to give ​their​ password, or allow a remote session.

​Although Facebook has been providing updates to make the platform more ​secure, there are still plenty of users ​who do apply measures. They keep defaulting, using the same password for everything, and falling for obvious scams.

If there were no​ security ​flaws​ on your end as a user, it will​ take forever, for hackers to break into your Facebook account.​ But when you default by giving away too much information, you are open to being hacked.

Jay​ ​McQuiggan who leads security awareness at KnowBe4,​ noted ​”the most dangerous information that you can put out there relates to password reset questions​.​ So things like mother’s maiden name, schools, street, etc.

“Also, it’s essential to realize that information that people post may target those around them.​ ​So parents posting excessive information about their children can be used against their children as opposed to the parents.”

He said: “Any information publicly posted can be used by criminals.

“Even seemingly trivial information can be put together to build a better picture of the victim.”

How ​To ​Reset ​Y​our Facebook ​Password ​On ​A computer 

Once logged in, click the dropdown tab icon in the top right corner

Click “Settings” from the “Settings & Privacy” tab

Select “Security and Login” 

Select “Edit” next to “change password” 

Type your current password followed by your new password 

Select “Save Changes”

How to ​R​eset ​Y​our Facebook ​P​assword ​On Facebook iOS ​App

Open the Facebook app and tap the icon displaying three stacked horizontal lines in the bottom right 

Tap the settings tab and choose “Settings & privacy” 

Select “Security and Login” then select “Change password.” 

Enter your current password, then enter your new password twice 

Tap “Save changes” 

How ​T​o ​R​eset ​Y​our Facebook ​P​assword ​O​n​ ​Facebook Android ​A​pp 

Open the Facebook Android app and tap the icon displaying three stacked horizontal lines in the top right corner

Tap the settings tab and choose “Settings & Privacy”

Select “Security and Login” then select “Change password.” 

Enter your current password, then enter your new password twice 

Tap “Save changes” 

In the case of tighter security measures, two-factor authentication is also available to use. The more expansive your digital footprint is, the more you have a lot of passwords to remember.

Sometimes these passwords are hard to remember, and many users are guilty of reusing one particular password on different accounts. 

Security experts recommend that users create strong passwords and change them periodically to ensure security.

According to findings, 81% of all hacking-based security breaches can be traced back to poor passwords. 

So, the latest information is that the Fast Identity Online (FIDO) Alliance will replace the use of passwords.

FIDO is an open authentication standard that allows any service provider to leverage existing technologies for passwordless. 

With this emerging technology, users can log into apps and social media accounts using the same fast authentication method they used to unlock their phones. 

It’s designed to let websites and apps offer secure sign-ins to users across a range of device platforms. The protocol is already supported on a range of apps and websites, and Apple, Google, and Microsoft have been building them into their own services. 

However, up until now, users will continue to sign in to a website or app with every device individually before they can go passwordless in the future. 

In a recent blog post shared by Apple, password-only authentication is “one of the biggest security problems on the web”. 

Apple also claims the standard will protect against phishing scams, making them supposedly safer than a traditional password or one-time code sent to your inbox. 

According to  Alex Simons, corporate vice president for Identity Program Management at Microsoft, the complete shift to a passwordless world will begin with consumers making it a natural part of their lives. 

“Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” 

“By working together as a community across platforms, we can, at last, achieve this vision and make significant progress toward eliminating passwords. 

We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”