White Papers & Advisories
Combating the Risk of Rogue Mobile Trading Apps in India’s Financial Sector
11 PAGES

Combating the Risk of Rogue Mobile Trading Apps in India’s Financial Sector

Cybercriminals are leveraging rogue mobile trading applications to conduct large-scale fraud, targeting investors, brokerage firms, financial institutions, and trading platforms in India. These malicious apps exploit trust by impersonating legitimate trading platforms, financial services, and stock exchanges to steal funds, exfiltrate sensitive data, and manipulate financial transactions.

The adversary groups behind these attacks employ advanced techniques, including malicious APK injection, DNS spoofing, credential harvesting, API abuse, and financial fraud automation. This advisory provides a technical and strategic response framework for organizations impacted by rogue mobile trading apps.

Download now

Thank you for getting in touch!

We have received your message and would like to thank you for writing to us.

One of our colleagues will get back in touch with you soon! Have a great day!
Download
Oops! Something went wrong while submitting the form.

Related White Papers & Advisories

WHITE PAPER
11 PAGES

Combating the Risk of Rogue Mobile Trading Apps in India’s Financial Sector

Cybercriminals are leveraging rogue mobile trading applications to conduct large-scale fraud, targeting investors, brokerage firms, financial institutions, and trading platforms in India. These malicious apps exploit trust by impersonating legitimate trading platforms, financial services, and stock exchanges to steal funds, exfiltrate sensitive data, and manipulate financial transactions.
ADVISORY
4 Pages

Fortinet Firewall Exploits: CVE-2024-55591, CVE-2022-40684 & More

Cybersecurity researchers have identified an extensive campaign targeting Fortinet FortiGate firewall devices with public-facing management interfaces. This ongoing campaign represents a serious security risk to organizations relying on these devices for critical network functions. The malicious activity began in mid-November 2024 and involves exploiting a zero-day vulnerability (CVE-2024-55591) to gain unauthorized administrative access, modify configurations, and establish persistent infiltration via SSL VPN connections. Additionally, the legacy vulnerability CVE-2022-40684 has resurfaced, leading to catastrophic data leaks, further amplifying risks.
ADVISORY
2 Pages

Automattic Blocks WP Engine's Access to WordPress Resources, Increasing Security Risks Due to Potential Missed Updates

On September 25, 2024, Automattic, the company behind WordPress, blocked WP Engine's access to key WordPress resources, affecting numerous users who depend on WP Engine’s platform for website hosting and management. The incident stems from a policy dispute between the two companies, which could result in disruptions for WP Engine customers, particularly those relying on essential updates and resources directly from WordPress.org.‍
info@nstcyber.ai
San Jose CA, USA
Bangalore, India
Dubai, UAE

Platform

Continuous Monitoring
AI/ML Assisted Discovery & Validation
Automated Assessments
Prioritized Risk Identification
Swift Threat Detection and Response
Cyber Threat Informed Defense (CTID)
Compliance Assurance

Products

Continuous Threat Exposure Management
Vendor Security Management

Use Cases

Assess Your Security Posture
Eliminate Attack Vectors
Evaluate Vendors and Partners
Meet Compliance

Company

About NST Cyber
NST Cyber Partner Program
Careers

Resources

Blogs
Videos
White Papers & Advisories
© 2024 NST Cyber Inc. All Rights Reserved.
Privacy Policy