Search This Blog

Showing posts with label Software. Show all posts

BIND Updates Patch High-Severity Flaws

The Internet Systems Consortium (ISC) announced this week the availability of patches for six remotely exploitable vulnerabilities in the widely used BIND DNS software. 

Four of the fixed security vulnerabilities have a severity rating of 'high.' All four have the potential to cause a denial-of-service (DoS) condition. The first of these is CVE-2022-2906, which affects "key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions," according to ISC's advisory. 

A remote attacker could use the flaw to gradually deplete available memory, resulting in a crash. Because the attacker could exploit the vulnerability again after restarting, "there is the potential for service denial," according to ISC.

The second flaw, tracked as CVE-2022-3080, may cause the BIND 9 resolver to crash under certain conditions when crafted queries are sent to the resolver. According to ISC, CVE-2022-38177 is a memory leak issue in the DNSSEC verification code for the ECDSA algorithm that can be triggered by a signature length mismatch.

“By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources,” ISC explains.

CVE-2022-38178, a memory leak affecting the DNSSEC verification code for the EdDSA algorithm that can be triggered by malformed ECDSA signatures, is the fourth high-severity bug addressed in BIND 9. BIND 9.18 (stable branch), BIND 9.19 (development version), and BIND 9.16 all received updates (Extended Support Version). As per ISC, no public exploits targeting these vulnerabilities are known.

The US Cybersecurity and Infrastructure Security Agency (CISA) urged users and administrators on Thursday to review ISC's advisories for these four security holes and apply the available patches as soon as possible.

Experts Discovered TeslaGun Panel Used by TA505 to Manage its ServHelper Backdoor

 

Cybersecurity researchers have revealed details about a previously unknown software control panel used by TA505, a financially motivated threat group. 

"The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."

TA505, also known as Evil Corp, Gold Drake, Dudear, Indrik Spider, and SectorJ04, is an aggressive Russian cybercrime syndicate that is responsible for the infamous Dridex banking trojan and has been connected to a number of ransomware campaigns in recent years. It's also linked to the Raspberry Robin attacks, which first surfaced in September 2021, with similarities discovered between the malware and Dridex. Other malware families linked with the group include FlawedAmmyy, the Neutrino botnet, and ServHelper, a backdoor capable of downloading FlawedGrace, a remote access trojan.

The adversary is said to use the TeslaGun control panel to manage the ServHelper implant, acting as a command-and-control (C2) framework to commandeer the compromised machines. Furthermore, the panel allows attackers to issue commands and send a single command to all victim devices in go or configure the panel so that a predefined command is automatically executed when a new victim is added to the panel.

Aside from the panel, threat actors have been observed using a remote desktop protocol (RDP) tool to connect to the targeted systems via RDP tunnels.

"The TeslaGun panel has a pragmatic, minimalist design. The main dashboard only contains infected victim data, a generic comment section for each victim, and several options for filtering victim records," the researchers said.

According to PRODAFT's analysis of TeslaGun victim data, the group's phishing and targeted campaigns have reached at least 8,160 people July 2020. A majority of those victims are located in the U.S. (3,667), followed by Russia (647), Brazil (483), Romania (444), and the U.K. (359).

"It is clear that TA505 is actively looking for online banking or retail users, including crypto-wallets and e-commerce accounts," the researchers noted, citing comments made by the adversarial group in the TeslaGun panel.

The findings also arrive as the US Department of Health and Human Services (HHS) issued a warning about the group's significant threats to the health sector, including data exfiltration attacks aimed at stealing intellectual property and ransomware operations.

The agency's Health Sector Cybersecurity Coordination Center (HC3) said in an advisory published late last month, "Evil Corp has a wide set of highly-capable tools at their disposal. These are developed and maintained in-house, but are often used in conjunction with commodity malware, living-off-the-land techniques and common security tools that were designed for legitimate and lawful security assessments."

Feds, npm Issue Supply Chain Security Alert to Avoid Another SolarWinds

 

The lessons learned from the SolarWinds software supply chain attack were turned into tangible guidance this week when the United States Cybersecurity and Infrastructure Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) released a joint best practises framework for developers to prevent future supply chain attacks.

In addition to the recommendations from the US government, developers received npm Best Practices from the Open Source Security Foundation in order to establish supply chain security open-source best practices.

"The developer holds a critical responsibility to the security of our software," the agencies said about the publication, titled Securing the Software Supply Chain for Developers. "As ESF examined the events that led up to the SolarWinds attack, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer."

Meanwhile, OpenSSF announced that the npm code repository has grown to encompass 2.1 million packages.

Developers like Michael Burch, director of application security for Security Journey, praise the industry's proactive framework, but Burch adds that it is now up to the cybersecurity sector to put these guidelines into action, particularly a recommendation to implement software bills of materials (SBOMs).

Burch  concluded, "What we need now is the AppSec community to come together on the back of this guidance, and create a standard format and implementation for SBOMs to boost software supply chain security." 

Nitrokod Crypto Miner Infected 111K+ Users with Replica of Popular Software

 

Nitrokod, a Turkish-speaking entity, has been linked to an ongoing cryptocurrency mining campaign that involves imitating a desktop application for Google Translate in order to infect over 111,000 victims in 11 countries since 2019. 

Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News, "The malicious tools can be used by anyone. They can be found by a simple web search, downloaded from a link, and installation is a simple double-click." 

The victims come from the United Kingdom, the United States, Sri Lanka, Greece, Israel, Germany, Turkey, Cyprus, Australia, Mongolia, and Poland. The campaign involves the distribution of malware via free software hosted on popular websites such as Softpedia and Uptodown. 

To evade detection, the malware postpones execution for weeks and distinguishes its malicious activity from the downloaded fake software. Following the installation of the infected program, an update executable is deployed to the disc, launching a four-stage attack sequence with each dropper paving for the next, until the actual malware is dropped in the seventh stage.

When the malware is executed, a connection is established to a remote command-and-control (C2) server to retrieve a configuration file to begin the coin mining activity.

The free fake software offered by the Nitrokod campaign is for services that do not have an official desktop version, such as Yandex Translate, Microsoft Translate, YouTube Music, MP3 Download Manager, and Pc Auto Shutdown.

Furthermore, the malware is dropped nearly a month after the initial infection, by which time the forensic trail has been erased, making it difficult to deconstruct the attack and detect it back to the installer.

Horowitz concluded, "What's most interesting to me is the fact that the malicious software is so popular, yet went under the radar for so long. The attacker can easily choose to alter the final payload of the attack, changing it from a crypto miner to, say, ransomware or banking trojan."

Facebook Ads Push Android Adware, Installed 7M Times on Google Play Store

 

Several adware programmes marketed aggressively on Facebook as system cleansers and optimizers for Android devices have accumulated millions of downloads from the Google Play store. 

The applications lack all of the advertised functionality and push adverts while attempting to stay on the device for as long as possible. To avoid deletion, the applications regularly change their icons and names, posing as Settings or the Play Store itself. 

Adware applications make use of the Android component Contact Provider, which allows them to transport data between the device and web services. Because the subsystem is contacted whenever a new programme is installed, the adware might exploit it to start the ad-serving process. It may appear to the user that the advertising is being pushed by the legitimate app they installed. 

McAfee researchers found the adware applications. They point out that customers do not need to activate them after installation to see the advertising because the adware runs automatically without user intervention. The first thing these intrusive apps do is set up a permanent service for displaying adverts. If the process is "killed" (terminated), it instantly restarts. 

This video demonstrates how the adware's name and icon change automatically and how ad-serving occurs without user intervention. 

According to McAfee's analysis, consumers are persuaded to believe the adware applications because they see a Play Store link on Facebook, leaving little room for uncertainty. As a result, exceptionally high download counts for the specific type of apps have emerged, as shown below:
  • Junk Cleaner, cn.junk.clean.plp, 1M+ downloads
  • EasyCleaner, com.easy.clean.ipz, 100K+ downloads
  • Power Doctor, com.power.doctor.mnb, 500K+ downloads
  • Super Clean, com.super.clean.zaz, 500K+ downloads
  • Full Clean -Clean Cache, org.stemp.fll.clean, 1M+ downloads
  • Fingertip Cleaner, com.fingertip.clean.cvb, 500K+ downloads
  • Quick Cleaner, org.qck.cle.oyo, 1M+ downloads
  • Keep Clean, org.clean.sys.lunch, 1M+ downloads
  • Windy Clean, in.phone.clean.www, 500K+ downloads
  • Carpet Clean, og.crp.cln.zda, 100K+ downloads
  • Cool Clean, syn.clean.cool.zbc, 500K+ downloads
  • Strong Clean, in.memory.sys.clean, 500K+ downloads
  • Meteor Clean, org.ssl.wind.clean, 100K+ downloads
The majority of impacted users are from South Korea, Japan, and Brazil, however, the adware has regrettably spread globally. The adware applications have been removed from the Google Play Store. Users who installed them, on the other hand, must manually delete them from the device.

Despite their limited advantages, system cleansers and optimizers are popular software categories. Cybercriminals know that many people would attempt such methods to extend the life of their gadgets, thus they disguise dangerous software as such.

SonicWall: Patch Critical SQL Injection Flaw Immediately

 

SonicWall, a security firm, issued patches to fix a severe SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products. 

SonicWall patched a significant SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products, identified as CVE-2022-22280 (CVSS score 9.4). 

“Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem.” reads the advisory published by the company. 

According to SonicWall experts, adding a Web Application Firewall that can identify and stop SQLi assaults can considerably lower the risk of exploitation. Hatlab DBappSecurity's H4lo and Catalpa identified the issue. The following is a list of fixed software: 
Product  and Fixed Version 
  • GMS: 9.3.1-SP2-Hotfix-2 
  • Analytics: 2.5.0.3-2520-Hotfix1 
Organizations are advised to upgrade to the above version as soon as possible. 

“There is no workaround available for this vulnerability,” SonicWall said. “However, the likelihood of exploitation may be significantly reduced by incorporating a Web Application Firewall (WAF) to block SQLi attempts.”

Tor Browser 11.5 Adds Censorship Detection & Circumvention

 

Tor Project's flagship anonymizing browser has been upgraded to make it simpler for users to avoid government attempts to prohibit its usage in various locations. According to the non-profit organisation that controls the open source software, Tor Browser 11.5 would change the user experience of connecting to Tor from strongly censored locations. 

It replaces a "manual and confusing procedure" in which users have to maintain their own Tor Network settings to figure out how to utilise a bridge to unblock Tor in their location. Because various bridge settings may be required in different countries, the Tor Project stated that the manual effort placed an undue hardship on restricted users. 

Connection Assist is its answer, and it will automatically apply the bridge configuration that should perform best in a user's exact location. China, Russia, Belarus, and Turkmenistan are among the countries that have blocked the Tor Network. Volunteers from these and other impacted nations are encouraged to apply to be alpha testers so that their feedback may be shared with the community. 

The Tor Project has revised its Tor Network settings to improve the user experience for people who still want to manually configure their software. There is also a new HTTPS-only default option for users, which protects consumers by encrypting communication between their system and the web servers it communicates with. 

“This change will help protect our users from SSL stripping attacks by malicious exit relays, and strongly reduces the incentive to spin up exit relays for man-in-the-middle attacks in the first place,” it stated. 

Although the Tor Browser is often linked with illicit black web browsing, it is also a useful tool for activists, journalists, dissidents, and NGO workers working under harsh government regimes.

This Banking Trojan is Targeting Users of Spanish Financial Services

 

A previously unreported Android banking trojan targeting users of the Spanish financial services business BBVA has been spotted in the wild. 

The malware, named 'Revive' by Italian cybersecurity firm Cleafy and believed to be in its early stages of development, was first discovered on June 15, 2022, and propagated via phishing operations. 

"The name Revive has been chosen since one of the functionality of the malware (called by the [threat actors] precisely 'revive') is restarting in case the malware stops working," Cleafy researchers Federico Valentini and Francesco Iubatti said in a Monday write-up. 

Downloadable from malicious phishing websites ("bbva.appsecureguide[.]com" or "bbva.european2fa[.]com"), the malware impersonates the bank's two-factor authentication (2FA) app as a bait to mislead users into installing the software and is reported to be inspired by open-source spyware dubbed Teardroid, with the authors altering the original source code to integrate new features.

In contrast to other banking malware that are known to target a wide range of financial apps, Revive is targeted for a single target, in this case, the BBVA bank. However, it is similar to its competitors in that it uses Android's accessibility services API to achieve its operational goals. 

Revive is primarily designed to gather the bank's login credentials via lookalike websites and allow account takeover attacks. It also has a keylogger module to record keystrokes and the ability to intercept SMS messages sent by the bank, particularly one-time passwords and two-factor authentication codes. 

"When the victim opens the malicious app for the first time, Revive asks to accept two permissions related to the SMS and phone calls. After that, a clone page (of the targeted bank) appears to the user and if the login credentials are inserted, they are sent to the [command-and-control server] of the TAs," the researchers further stated.

The findings emphasise the importance of exercising caution while installing software from unknown third-party sources.

This Malware is Spreading Via Fake Cracks

 

An updated sample of the CopperStealer malware has been detected, infecting devices via websites providing fraudulent cracks for applications and other software.

Cyber attackers employ these bogus apps to perform a range of assaults. The hackers in this assault operation took advantage of the desire for cracks by releasing a phoney cracked programme that actually contained malware. 

The infection starts with a website or Telegram channel offering/presenting false cracks for downloading and installing the needed cracks. The downloaded archive files include a password-protected text file and another encrypted archive. 

The decrypted archive displays the executable files when the password specified in the text file is typed. There are two files in this sample: CopperStealer and VidarStealer. 

What are the impacts of Copper Stealer and Vidar Stealer on the systems? 

CopperStealer and Vidar stealer can cause many system infections, major privacy problems, financial losses, and identity theft. 
  • CopperStealer: The primary function of CopperStealer is to steal stored login information - usernames and passwords - as well as internet cookies from certain browsers. Mostly focuses on the login details for business-oriented Facebook and Instagram accounts. CopperStealer variants also seek login credentials for platforms and services such as Twitter, Tumblr, Apple, Amazon, Bing, and Apple. The malware can steal Facebook-related credentials from browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, and Yandex.
  • Vidar stealer: The most common ways for this malware to propagate are through pirated software and targeted phishing efforts. Vidar stealer is capable of stealing credit cards, usernames, passwords, data, and screenshots of the user's desktop. The malware steals data from a range of browsers and other system apps. It can also steal cryptocurrency wallets such as Bitcoin and Ethereum. 
Safety first

Attackers can utilise data stealers like CopperStealer to steal sensitive information for more illegal reasons. Users can stay secure by taking the following precautions: 
  • Downloading cracks from third-party websites should be avoided. 
  • Keep the systems up to date with the newest patches. 
  • It is highly advised that security detection and prevention technologies be enabled to safeguard systems from attacks.

Commercial Third Party Code Sources Pose Security Risks

 

Despite the fact that the use of third-party code in IoT projects has increased by 17 percent in the last five years, according to VDC Research, only 56 percent of OEMs have structured security testing policies. Meanwhile, 73.6 percent of respondents said protection was essential, very important, or critical to current projects when asked how important, very important, or critical it was. 

For years, the rate of required innovation outpaced the rate of resource growth within production and quality assurance organizations, making it difficult to keep up organically. With organizations no longer able to focus their code development strategy on custom code, using content from other sources has become more important. 

Because of the possible consequences for corporate harm, liability, and brand reputation loss, protection has become a pervasive and paramount concern in the software supply chain. 

“With more complex software supply chains becoming the norm, organizations are leaning on these third party assets to accelerate their internal software development, which creates security blind spots,” said Chris Rommel, EVP, IoT & Industrial Technology for VDC Research. “With standards such as IEC 62443 requiring increased security of IoT devices, new testing capabilities are needed to address these software creation changes to ensure code quality and minimize risk.” 

GrammaTech, a provider of application security testing tools, launched a new approach in 2020 aimed at exposing vulnerabilities in third-party code used in the production of custom applications. It was called CodeSentry, and it used binary software composition analysis (SCA) to create the code and find any bugs it might have. 

"Using third-party components, rather than building applications from scratch, is an accepted practice for accelerating time to market, and is fueling a massive growth in reusable code," said Mike Dager, CEO of GrammaTech, in a statement. "Most organizations now recognize the security risks that third-party code poses to their applications and business, and the need for software composition analysis provided by CodeSentry, which inspects binaries for unmatched precision."

“Commercial third party code, which is the fastest-growing component software within the IoT market, can contain both proprietary and open source components,” said Andy Meyer, CMO for GrammaTech.

Python Package Index Removed 3,653 Noxious Packages after a Vulnerability

 


The Python Package Index, otherwise called PyPI, has eliminated 3,653 noxious packages uploaded days after a security vulnerability in the utilization of private and public registries was highlighted. The Python Package Index is the official third-party software repository for Python. It is analogous to CPAN, the repository for Perl. Some package managers, including pip, use PyPI as the default source for packages and their dependencies. More than 235,000 Python packages can be accessed through PyPI. 

Python developers use PyPI to add software libraries composed by different developers in their own ventures. Other programming languages implement similar package management systems, all of which request some degree of trust. Developers are frequently encouraged to audit any code they import from an external library however that advice isn't constantly followed. Package management systems like npm, PyPI, and RubyGems have all had to eliminate sabotaged packages as of recent years. Malware creators have discovered that in the event that they can get their code included in well-known libraries or applications, they get free dissemination and trust they haven't acquired. 

A month ago, security researcher Alex Birsan showed that it is so easy to exploit these systems through a type of typosquatting that misused the interplay between public and private package registries. The downpour of vindictive Python packages over the previous week included unauthorized versions of projects like CuPy, an implementation of NumPy-compatible multi-dimensional array on CUDA, Nvidia's parallel computing platform. 

In a GitHub issued post, Kenichi Maehashi, a project maintainer, relates how cupy-cuda112 (CuPy worked for CUDA 11.2) was uploaded on February 25, 2021, then detected and eliminated a day later. Python has a policy for managing such a thing. On Monday, Ee W. Durbin III, director of infrastructure at the Python Foundation, said the large number of culpable packages had been taken out but expressed hesitance to boycott the account responsible because the account holder could simply register for another account. 

The name utilized by the malware writer, "RemindSupplyChainRisks," gives off an impression of being an attempt to call attention to an aspect of software distribution that most developers already understand is fraught with potential problems.

Miscreants Scamming Users into Buying Antivirus Software


Some independent security software affiliates are scamming people by sending emails with the false message that their antivirus is expiring and renew their license, whereby if the user does so, they can earn a commission. A software affiliate program is a marketing technique in which the affiliate recommends the software to customers or visitors and earns a commission on each purchase. Now, these programs have strict rules and guidelines to protect their software and customers from false advertising and being tricked into buying.


BleepingComputer discovered this scam last week when two of their seniors reported it. The mails tell the users that their Norton and McAfee antivirus software is expiring, the very day and to renew their license. The scam starts with emails containing a subject similar to "WARNING: Anti-Virus Can Expire " Sun, 26 Apr 2020", which includes a link stating, "Your Protection Can Expire TODAY!", writes BleepingComputer in their blog. If the link in the mail is clicked, it takes the user DigitalRiver affiliate network, and after dropping a tracking cookie, redirects the user to the purchase page of Norton or McAfee antivirus. If it goes smoothly and the user purchased the software, the affiliate party would get a $10 commission or 20% of the total sale. For this particular scam, they earned around $10 per transaction.

How to protect yourself from these scams 

Most antivirus usually notifies their customers of the expiry date via a notification from the software. If that's the case, you can rest assure that it is legitimate and go ahead with the renewal. But unfortunately, some companies email their users to remind the customer about the expiring article. A simple way to check their authenticity is to look for the name of your antivirus.

Since these rogue fake mails are sent in bulk they probably don't know which software you're using. The next step is to open your antivirus software and check when the software is expiring. Even if it is expiring, it's better to renew it from their website then to rely on these links from the mail.

Tor Browser Bug Executes Uncalled for JavaScript Codes!


The well-known Tor is allegedly experiencing some kind of bug in its mechanism. It has hence warned the users to stay vigilant as regards to the “Tor Browser Bug”, which runs JavaScript codes on various unexpected sites.

Tor (originally Team Onion Router) is a free and open-source software which chiefly works on allowing anonymous communication to users.

Reportedly, the team has been working on a solution and would roll it out as soon as it is done, but there isn’t a particular time to expect it.

One of the most critical features for the security of the Tor Browser Bundle (TBB) happens to be the ability to block the code execution of the JavaScript, mention sources.

TBB is a browser that has a set of superior privacy features majorly for concealing real IP addresses to maintain the anonymity of online users and their devices’ locations.

Owing to these features, the browser has become a go-to for the working people, especially the journalists, citizens of repressive countries and people with political agendas because after all, it is a great instrument to dodge online censorship and firewalls.

People who are against the anonymity of the users and just can’t let things be, have in the past tried several times to expose Tor Browser users’ actual IP addresses via exploits that functioned on JavaScript code.

Sources cite that while few attempts of the better nature have been successfully employed to track down criminals, others were pretty strangely executed.

And then recently, a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.

It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.

As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.

Researchers And Army Join Hands to Protect the Military’s AI Systems


As an initiative to provide protection to the military's artificial intelligence systems from cyber-attacks, researchers from Delhi University and the Army have joined hands, as per a recent Army news release. 

As the Army increasingly utilizes AI frameworks to identify dangers, the Army Research Office is investing in more security. This move was a very calculated one in fact as it drew reference from the NYU supported CSAW HackML competition in 2019 where one of the many major goals was to develop such a software that would prevent cyber attackers from hacking into the facial and object recognition software the military uses to further train its AI.

MaryAnne Fields, program manager for the ARO's intelligent systems, said in a statement, "Object recognition is a key component of future intelligent systems, and the Army must safeguard these systems from cyber-attack. This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data used to train the object recognition system is subtly altered to give incorrect answers."


This image demonstrates how an object, like the hat in this series of photos, can be used by a hacker to corrupt data training an AI system in facial and object recognition.

The news release clearly laid accentuation on a very few important facts like, “The hackers could create a trigger, like a hat or flower, to corrupt images being used to train the AI system and the system would then learn incorrect labels and create models that make the wrong predictions of what an image contains.” 

The winners of the HackML competition, Duke University researchers Yukan Yang and Ximing Qiao, created a program that can 'flag and discover potential triggers'. And later added in a news release, "To identify a backdoor trigger, you must essentially find out three unknown variables: which class the trigger was injected into, where the attacker placed the trigger and what the trigger looks like," 

And now the Army will only require a program that can 'neutralize the trigger', however, Qiao said it ought to be "simple:" they'll just need to retrain the AI model to ignore it. 

And lastly, the software's advancement is said to have been financed by a Short-Term Innovative Research that grants researchers up to $60,000 for their nine months of work.

An App Which Could Have Meant For Any Woman to Be a Victim of Revenge Porn Taken Down By the Developers



An app created solely for "entertainment" a couple of months back, won attention as well as criticism. It professed to have the option to take off the clothes from pictures of women to make counterfeit nudes which implied that any woman could be a victim of revenge porn.

Saying that the world was not prepared for it the app developers have now removed the software from the web and wrote a message on their Twitter feed saying, "The probability that people will misuse it is too high, we don't want to make money this way."

Likewise ensuring that that there would be no different variants of it accessible and subsequently withdrawing the privilege of any other person to utilize it, they have also made sure that any individual who purchased the application would get refund too.

The program was accessible in two forms - a free one that put enormous watermarks over made pictures and a paid rendition that put a little "fake" stamp on one corner.

Katelyn Bowden,  founder of anti-revenge porn campaign group Badass, called the application "terrifying".

"Now anyone could find themselves a victim of revenge porn, without ever having taken a nude photo, this tech should not be available to the public, “she says.

The program apparently utilizes artificial intelligence based neural networks to remove clothing from the images of women to deliver realistic naked shots.

The technology is said to be similar to that used to make the so-called deepfakes, which could create pornographic clips of celebrities.