Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Trojan
Android Malware Ransomeware Trojan

An Experimental Form of Android Malware Delivers a Banking Trojan, a Keylogger and Ransomware




An experimental form of Android malware, which was first considered to be an updated version of Lokibot, is known to convey a banking Trojan, a keylogger and ransomware to those most likely to succumb to it.

It is said to contain a couple of new features that the specialists are naming it as a yet another type of malware - MysteryBot.

The MysteryBot and the LokiBot are referred to share the same command as well as the control server which in this way shows an already established strong link between these two types of malware, with the potential that they've been produced by the same attacker.

"The enhanced overlay attacks also running on the latest Android versions combined with advanced keylogging and the potential under-development features will allow MysteryBot to harvest a broad set of personal identifiable information in order to perform fraud," wrote researchers.

While the MysteryBot is well equipped for performing various pernicious exercises, like making a phone call, stealing contact information, forwarding the incoming calls to another device, setting the keylogger, it is also capable of encoding the files possessed by the device and erases all contact information on the device.

It has the ability to effectively target Android versions 7 and 8 utilizing overlay screens intended to look like genuine bank websites, while numerous other Android malware families are focusing on attacking the older variants of the Google operating system.

Is additionally said to use a somewhat complex keylogging functionality that was never known and it supposedly employees two other banking Trojan's keylogging Module (CryEye and Anubis) to abuse the Android Accessibility service.

Be that as it may, notwithstanding a portion of the abilities of MysteryBot presently being underdeveloped, the malware is as yet a potential danger.


MysteryBot isn't at present widespread and is still being worked on, however it is recommended that the users ought to be careful about any applications they download which requests an over the top number of authorizations.

Read more »

US warns of new North Korean malware




Just days after the successful historic summit between the United States President Donald Trump and North Korean dictator Kim Jong Un, The US Department of Homeland Security and Federal Bureau of Investigation (FBI) has warned about a malicious cyber activity by the North Korean government hackers.


Analysts of DHS-FBI has released a report on the malware, dubbed Typeframe, software used by the North Korean government to damage or disable computers and computer systems.

“These files have the capability to download and install malware, install a proxy and remote access Trojans, connect to command and control servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections."

"The intent of sharing this information is to enable network defenders to identify and reduce exposure to North Korean government cyber activity," the report added.


Before this also, US has blamed Nort Korea for spreading a malware that targeted major nations.


“Since June 2017, DHS and the FBI have publicly released 11 national cyber awareness products associated with North Korean government malicious cyber activity; four joint Technical Alerts (TA) and seven joint Malware Analysis Reports (MAR),” a DHS spokesperson told CNN.

“DHS pursues a model of ‘collective defence’ in cybersecurity, meaning government and industry take collaborative, tangible actions together to mitigate threats and reduce the most serious, enduring and collective strategic cyber risks to the United States and to our international partners,” the spokesperson said.

Read more »

Malware threat for Syscoin users

The hackers have no dearth of malwares to strike these days. A new malware, of late, has posed no less threat for the Syscoin developers and users alike forcing the cyber security experts to come out with a slew of care and caution to counter the threat.

The security experts who claimed to have detected the
Trojan:Win32/Feury.B!cl, said with the help of the malicious malware, the hackers, very recently got the details of the GitHub account of the Syscoin cryptocurrency. Then it was put in the replaced  official Windows client much to the major concern of the developers and users.

A detail study suggests a malware in the infected Syscoin Windows client which helps the hackers to steal passwords and wallet privacy forcing the velopers to keep the users on maximum alert. The security researchers have maintained that those who have downloaded the version from June 9 to June 13 this year, run the risk of the impending danger. The malware in question might infect the system at any moment.

The hackers have only targetted the Syscoin Windows client by tampering it and they are understood to have been trying to mint Syscoin cryptocurrency putting in place the  Syscoin clients which keeps running on an operating  system. The entire piece of system surfaced acting on the messages the Syscoin experts received from the users.

In a number of messages, the Syscoin team of experts got to know the disturbing facts that the Windows Defender SmartScreen which marked the download of the windows client was infected by a malware. Unless a slew of cautions and cares are maintained, the malware would leave millions of Syscoin users in high and dry.

An updated study by the Syscoin team suggests that the hackers managed to compromise a GitHub account belonging to the developers. Then the team was quick to keep aside the malware and prepared a slew of measures for the users to ensure that their devices and system are left untouched.

The team which deals in the revolutionary cryptocurrencies, has asked all users to ascertain the installation dates with right-click on syscoin-qt.exe in C:\Users[USERNAME]\AppData\Roaming\SyscoinCore. They, further, have the option  to flip through the list mode to modify the date in a note. Another option, the users can avail of: Starting from Settings->Apps and prepare the installation date in a note.

Those who installed or modified the mechanism from June 9 to June 13 this year, should have back up of the crucial data and wallets in a separate system before allowing an anti virus scanner to operate in the device. This, say the experts, the best possible way to keep the impending threat at bay.

The Syscoin users need to change the passwords entered from the moment the devices were left infected. The password needs to be changed from another device which would ensure safety of the system.

The Syscoin team, moreover, has asked the wallet holders to generate new wallets from another computing system if the wallets with funds  unencrypted remained unlocked in the infection period.  The Syscoin users who downloaded the client during this period in question need to delete these before downloading a uninfected version afresh.
Read more »
Mobile Application Hacking.
Android Malware Banking Trojans Mobile Application Hacking.

Quick Heal detects 2 banking Trojans targeting Indian Android users


IT company Quick Heal on Tuesday warned that two new banking trojans (malware designed to steal financial data) targeting Android are hitting users in India to access confidential data.

The Trojans, named “Android.Marcher.C" and "Android.Asacub.T", operate by exploiting user behaviour of android mobile users and imitating notifications from leading banking and finance apps in India as well as popular social apps such as WhatsApp, Facebook, Twitter, Instagram, and Skype.

The trojans mask themselves by using misleading icons and names to trick users. “Android.Marcher.C" uses a fake Adobe Flash Player icon and "Android.Asacub.T" mimics an android update icon and the name “update”.

The malwares work by forcing the users into allowing special privileges to the app by clicking “Activate” after it is installed in the device.

Image credits: Quick Heal
Once the malware has this access, it is able to trick sensitive information from the user such as banking credentials, passwords, card details, etc. whenever the user opens one of the apps the trojan is designed to imitate. This is done by displaying a fake window asking for the credit/debit card number of the user without which, the user is unable to access the app.

Sanjay Katkar, Co-founder and CTO of Quick Heal Technologies Limited, said, "Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users."

He also said the company has detected three other similar malware in less than six months and that it seems like hackers are now targeting mobile users as they are “far more vulnerable to sophisticated phishing attacks”.

Android users are advised to practice caution when downloading apps and to only download them from trusted sources. Always verify app permissions and install a reliable mobile security app.

Read more »
uber
AI CNN uber

Uber Working with AI to Determine the Probability of Drunken Passengers



Recently according to CNN, the Uber Innovation Inc. documented a patent for a machine learning application that could precisely foresee a user's condition of sobriety and caution the driver with this information. Because apparently Uber is taking a shot at innovating a technology that could decide exactly just how drunken passengers are when requesting for a ride.

The patent application depicts artificial intelligence that figures out how passengers commonly utilize the Uber application, so it can better spot uncommon behaviour in light of the fact that, various Uber drivers have been physically assaulted by passengers as of late, a significant number of whom were inebriated.

The application's algorithms measure various factors that indicate that the passengers are most likely inebriated it incorporates typos, walking speed, how correctly the passengers press in-app buttons, and the amount of time it takes to arrange a ride. Somebody messing up most words, swaying side-to-side and taking at most 15 minutes to arrange for a ride late on Saturdays.

Uber's patent says that it could, possibly, utilize the innovation to deny rides to users in light of their current state, or maybe coordinate them with different drivers with pertinent abilities and training.

The application is said to likewise increase the wellbeing for both the rider as well as the driver.

As per an ongoing CNN investigation, no less than 103 Uber drivers have been blamed for sexually assaulting or abusing passengers in just the previous four years. Now, while the application won't stop the ruthless idea of a few people, it can definitely help in accurately recognizing disabled people so they can be placed with trusted drivers or those with experience in commuting inebriated passengers.

Read more »

Apple to patch iPhone vulnerability used by law enforcement






Apple Inc. said they are working on a new security feature that could make it  harder for  law enforcement agencies to retrieve data from iPhone's during investigations.

The new software feature, named USB Restricted Mode will  disable the phone's USB port from being used for anything other than charging an hour after the device has been locked. This would prevent hackers,  police and other officials from accessing the data on the iPhone via its  iPhone via its Lightning port an hour after a phone is last unlocked.

"We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data," Apple said in a statement.

"We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs."

The new update has ignited tensions between law enforcement agencies and Apple. In 2016, the U.S. Justice Department had a rift with Apple when the company refused to unloack a mass shooter's iPhone to retrieve a data.

 If any agency wants to gain access to an iPhone, there are very few options left with them, even if they have a warrant.  As the data in the iPhone is encrypted, it cannot be pulled out without cooperation from the company or the phone's owner.

“If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” said Chuck Cohen, head of Indiana State Police task force on internet crimes against children.



Read more »

Cyber cell arrests man for hacking, blackmailing several women

A city businessman fell victim to ‘Man In Middle Attack’ — a type of hacking — on May 26 and Rs 2.90 crore was syphoned off from his account to another within minutes without his permission. Thanks to the city cybercrime cell’s quick action, the money was retrieved from a bank in China.

The account is registered in the name of a fraudster who operates primarily as an email hacker.

The businessman approached police on May 26 with his complaint application, stating that he had entered into an agreement with a Chinese firm on April 27 and had placed an order to procure machinery from the company. The firm had demanded some advance from him and he was in touch with its officials through emails.

Man in the middle method of cyber attack involves a hacker who secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

During their investigation, the cyber cell found that the man had hacked into the social media accounts of six other women in the city and blackmailed them. The accused reportedly threatened the women of posting morphed illicit images of them on their social media accounts.

A team headed by deputy commissioner of police (cyber & economics) Sudhir Hiremath and inspectors Jayram Paigude and Manisha Zende acted promptly in the case and managed to recover the lost money. No case was registered, though.

Police inspector of the cyber crime cell, Manisha Zende, told Mirror, “A very renowned company from Hinjawadi, which makes headlights for various vehicles, had been engaged in an email conversation with a China-based company for ordering raw materials on April 27 this year. The deal had been finalised between finance and purchase officials on both sides. The Chinese company had sent an email to the Indian company in which they had requested the transfer of an advance amount and had also asked that the rest of the money be sent across after the delivery.”

The man arrested was identified as Krushna Baliram Fadd, a resident of Jagdish Khanawalkar chawl in Panvel region of Raigad.
Read more »

Amazon Fire TV and Fire TV sticks affected by Android malware

You could be in trouble if you've downloaded any apps that allow you to watch pirated TV shows and movies to your Fire TV stick.

Be careful what you side-load on your Amazon Fire TV and Fire TV Stick, as there’s a new strain of malware going around that can affect Amazon’s products even though the app isn’t exactly tailored for these devices. Several users of the Android-based streaming devices are reporting the presence of a new app that has not been voluntarily downloaded by them.

The Android malware is called ADB.Miner. It is reported to jump on to Fire TV devices through sideloaded apps. It is recommended to disable ADB Debugging.

As per reports, this malware uses devices to mine cryptocurrency and holds the potential of spreading to other Android-powered products running on the same network.

The purpose of the virus app is quite simple: to turn gadgets into cryptocurrency miners. I’m sure you’ve heard of this type of malware before, as it targets plenty of other platforms. But yes, it’s 2018, and your TV can get a virus now because we live in the future.

The malware installs itself as an app called "Test" under the fairly innocuous package name of "com.google.time.timer." The app is nowhere to be found on the store and does not get removed from the system despite repeated attempts at uninstalling it. Even restoring the devices has resulted in a negative effect for the original poster.

It’s pretty easy to tell whether your Amazon Android device is infected. When the miner is active, it’ll use up the product’s processing resources, which means your Fire TV experience will grind to a halt.

If you notice devices slow, videos stop suddenly, or if you see a notification pop-up on-screen saying "Test" along with the Green Android robot icon, it's likely that you have been affected. But if you've never fiddled with the developer options on your Fire TV stick, you should be safe.
Read more »

A malware turns your computer into spying video camera



The cyber security Researchers at  ESET have discovered a versatile spyware called InvisiMole  that has been active for the past five years. 

 The company’s security products  recently spotted an advanced cyberespionage software that targets Windows PCs in Russian and the Ukraine for nation-state hacking or financially motivated cyber-attacks. 

The malicious code can turn victim’s camera, record videos, and take pictures without even being caught. 
 Apart from spying, the malware could also be used for inspecting the PC for system information, running services, active processes, networking information, scanning wireless networks, tracking geolocation, monitoring specific drives, etc. These activities could be easily performed using component modules — RC2FM and RC2CL.

The spyware  has a  modular architecture that starts working with a DLL wrapper.  After using the DLL wrapper it make makes use of two other feature-rich backdoor modules at the same time which increases its capability to tunnel deep into machines. 

“Common backdoors often support commands such as file system operations, file execution, registry key manipulation or remote shell activation,” ESET researchers said. “This spyware supports all of these instructions and a whole lot more – its 84 commands provide the attackers with all they need to look at their victims more closely.”


According to the researchers the malware remained unnoticed for so long because of its low-infection rate and high sophistication. 

“The campaign is highly targeted – no wonder the malware has a low infection ratio, with only a few dozen computers being affected.”
Read more »

US imposes sanctions over Russian military, intelligence hacking



The United States Treasury Department imposed sanctions on five Russian companies and three individuals for allegedly supporting the country's  military and intelligence services to conduct cyber attacks againt the U.S and its allies.

“The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities,” Treasury Secretary Steven Mnuchin said in a statement.

“The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB [Federal Security Service] and therefore jeopardize the safety and security of the United States and our allies,” Mnuchin said.

The companies and individuals who are facing sanctions will be banned from any kind of transactions involving the US financial system.

This decision is aftermath  reaction  of many Russia-based cyberattacks that had hit the country, and the world worst. It is believed that Russian hackers were behind  the VPNFilter malware that infected more than half a million routers worldwide, power outages in Ukraine and a ransomware attack that the US government called the "most destructive cyberattack in history."

The three cybersecurity companies which have been sanctioned include Kvant Scientific Research Institute, Divetechnoservices (provides underwater equipment and diving systems to Russian agencies), Digital Security, ERPScan and Embedi. However, the latter two are not based in Russia, but, the department said they're owned by Russia-based Digital Security.

 Embedi's marketing head,  Alex Kruglov,  said they are unsure why their company was added in list sanctioned list, and denied working for the Russian government.

"We never worked with Russian government and any government at all," Kruglov said in an email. He said the company isn't clear on what they'll do in their next steps.

The three Russians who worked with Divetechnoservices have also been sanctioned: Aleksandr Lvovich Tribun, Oleg Sergeyevich Chirikov and Vladimir Yakovlevich Kaganskiy.

“Today’s action also targets the Russian government’s underwater capabilities,”Mnuchin said. “Russia has been active in tracking undersea communication cables, which carry the bulk of the world’s telecommunications data.”

Read more »

Stuffed cloudpets vulnerable to hacking, few retailers stop selling

Who would have thought hacking is a constraint to only accounts, banks and emails. Today, stuffed pets are being hacked and used for criminal activity. According to reports, around 800,000 accounts relating to the soft toys were recently hacked with data leaked on the internet.

Some of the nation’s largest retailers, including Amazon, Walmart and eBay, stopped selling a stuffed children’s toy this week because of concerns the devices could be easily hacked.

A study conducted by researchers found that cloudpets are hackable with many having already been hacked. Some of these toys work on Bluetooth technology and others on WiFi technology, which renders them vulnerable to being used as a listening device if exploited. Security researchers demonstrated the Bluetooth-enabled devices could be hijacked and turned into a listening device.

An audit was conducted by Mozilla Firefox that highlights that these vulnerabilities are still being widely exploited. Based on this and many other sources, popular retailers have ceased in selling stuffed cloudpets that work on Bluetooth and WiFi.

A bunch of retailers, including Amazon, Target, and Walmart, pulled their listings for a line of smartphone-connected stuffed animals called CloudPets this week after they were found to be storing kids’ voice recordings online without any security measures, among other issues. The news offers them good optics, but the reality is that this security revelation came about in February 2017: it took the massive retailers over a year to remove the stuffed animals, during which time they likely sold at least some of their inventory.

The toy’s removal only happened after the Electronic Frontier Foundation wrote a letter this week to Walmart, Target, and Amazon requesting that the CloudPet listings be taken down. The organization writes that it also urges the stores to “consider putting in place new or improved systems to ensure that products you stock, especially those that collect the information of children, have basic practices in place to respect the trust that consumers place in them.”
Read more »
Subscribe to: Comments (Atom)