A threat has been uncovered that launches surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable feature of the threat is an Android malware that collects all two-factor authentication (2FA) security codes sent to devices, identifies Telegram credentials and launches Google account phishing attacks.
Once victims download the app, the backdoor steals SMS messages and bypasses 2FA by forwarding all SMS messages containing 2FA codes to an attacker-controlled phone number.
It was also identified that the attackers used phishing pages impersonating Telegram. A Telegram bot was sending phishing messages warning recipients that they were making improper use of Telegram’s services, and that their account would be blocked if they do not enter the phishing link.
A significantly unique feature of the Helix22 SDK, is that even if user credentials are stolen or intercepted, the data still cannot be accessed unless on another Helix22 device. Therefore, for unintended cyber attackers to see the data, they would have to have an authorized terminal or device. Even, if the case arose whereby an unauthorized user had device access, no data can be further copied, transmitted, printed, saved or downloaded.
Helix22 delivers all this security assurance very confidently due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your firms data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if credentials are stolen the data cannot be exfiltrated. This means that all data is 100% protected regardless of the type of attack.
Another substantial advantage of Helix22, is that it protects all data whether at rest, in use or in transit. Telegram for example, only encrypts data while in transit. Therefore, it is useless for internal IT security or Artificial Intelligence or Machine Learning experimentation.
We can make this claim as the tech engineers at BLAKFX invented and patented a genuine user2user (U2U) encryption. We manage data security and transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when an app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data.
In this protocol, we are truly a “zero-knowledge” server so your private communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all your partner firms be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
Our founders also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. Helix22 is several generations enhanced since then.
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
Helix22 installs with just 5 lines of code.
We have developed our data security products for the future in all of our engineering.
We like to refer to Helix22 as “22nd Century Data Security.”
To read more about this topic, click here
If you are interested in the technical analysis, click here