Alerts

url: http://www.securitynewspaper.com/2018/09/05/payment-card-data-stealing-malware-campaign-affects-dozens-of-websites-each-day/

 

It has been recommended to block Magento e-commerce software; otherwise the details of your card will end up in Moscow.

Over the last six months more than 7k e-commerce websites have been infected with malicious JavaScript designed to collect payment cards details from users as they concretize their online orders.

An ethical hacking expert based in Holland has said so, mentioning that this software to steal data of payment cards that communicates with a domain hosted in Moscow, magentocore[dot]net, is used to infect between 50 and 60 e-commerce sites every day.

“The list of victims includes multi-million dollar companies listed on the stock market, suggesting that the operators of this malware campaign get significant revenues”, mentions the specialist on his blog, pointing out that the malicious code is designed to work with Magento’s legitimate e-commerce software, although the real victims are eventually customers, who suffer from identity and payment cards data theft.

Magento, which Adobe Systems planned to acquire since last May, is one of the most widely used e-commerce platforms. So, it may not be a surprise that the software has become a favourite target of payment card thieves, who have taken advantage of the sometimes unsafe configurations of users or have used brute force attacks to gain access to the software.

According to ethical hacking specialists, the payment card industry continues to fight to prevent criminals from extracting the details of the cards and using them in fraudulent schemes. One way to use the stolen information is in the so-called card-no-present transactions. Australia, for example, has seen a 14% annual increase in this type of practice.

While the main goal of the cybercriminals is usually the theft of payment card data, costumer personal data would also be at stake. This has implications for compliance with the General Data Protection Regulation, the strict privacy regime in Europe, where allegations of non-compliance have increased to 400%.

For ethical hacking specialists from the International Institute of Cyber Security, whoever is behind this malware campaign must be generating great profits. Based on his analyses, the ethical hacking expert has found 7.3k online stores that have been hacked in the last six months. And since 2015, the specialist has identified at least 20k websites that have been infected by this malicious JavaScript at least once.

In addition, websites are not rehabilitated quickly after an infection, the average recovery time is a few weeks, but it can be said that at least 1450 online stores have hosted this parasite over the past six months.

URL:https://bgr.com/2018/09/03/android-unlock-pattern-hack-sonarsnoop-malware-attack-explained/

 

New research from researchers in Sweden and the UK reveals that hackers would be able to steal the unlock pattern of your Android phone by turning the device into an improvised sonar system. Using the speakers and microphones in a handset, the sonar would be able to pick up the movements of fingers against the screen and determine possible patterns that could unlock the phone.

The technique is named SonarSnoop, ZDNetreports,and uses FingerIO (seen in the video below) as the primary source of inspiration. FingerIO is a smartwatch interaction model published back in March 2016, which proposes the use of a sonar-like system to pick up hand gestures and translate them into actions on the screen.

 

SonarSnoop, meanwhile, is the malicious version of FingerIO, but you shouldn’t panic over it. Using this method, hackers would be able to reduce the number of possible unlock patterns by 70% thanks to the machine learning algorithms built into the attack. But deploying the attack in the real world isn’t terribly realistic in this day and age.

As it stands right now, you shouldn’t even rely on unlock patterns to protect your phone. Most Android phones ship with fingerprint sensors, which are a lot more secure than pattern unlocks. If you use an older device, you might want to set up a strong passcode rather than an unlock pattern, even if the latter feels more convenient. Also, you can set up your phone to wipe all data after a number of failed unlock attempts. Finally, make sure your Android gadget runs the latest software available for it, especially when it comes to security patches.

If you do use an old Android phone that lacks a fingerprint sensor and you like unlock patterns, then make sure you don’t install Android apps from unknown sources. Stick to the Google Play store to avoid installing malware. For SonarSnoop to work, a malware app would have to be installed on the phone. And if hackers get you to install malware on your device, they may be able to spy on your every move without even having to steal your unlock pattern.

The research also applies to other kinds of devices that have microphones and speakers, however, so SonarSnoop-like hacks might be used for other purposes than to steal an unlock pattern of an Android phone.

Researchers at Check Point have figured out the encryption method used by RansomWarrior. The Ransomware was developed in India.

The ransomware has targeted Windows users, the payload is delivered as an executable under file name “A Big Present.exe”  if the application is executed it will encrypt files with a .THBEC extension. The victims are given a link to the dark web website that takes payments in Bitcoin.

The Ransomware offers the victims to decrypt two files for free, however if the victims don’t pay the ransom they will not get the rest of their files back. The ransomware cheekily has a sentence saying that the police can’t help you.

How Did The Researchers Break the Encryption?

Researchers at Check Point found the malware was developed by some inexperienced hackers, the company was able to retrieve decryption keys from the malware. Check Point succeeded due to the weak encryption used by the ransomware. The Ransomware used only 1000 hard-coded keys within the RansomWarrior binary code.

The Key’s index is saved in the victim’s machine which is providing the means to unlock the files. The Researchers were able to create a decryption tool to retrieve the files of any user who might have been affected by the RansomWarrior. Most of the ransomware authors have been deploying mass spam messages to affect the entire networks.

Why Ransomware Became famous?

Some Ransomware products have made over $6 Million by just following a targeted campaign. However many have seen a move away from ransomware with a new focus on Cryptocurrency mining.

url: http://www.securitynewspaper.com/2018/09/04/microsoft-launches-cumulative-windows-10-updates/

 

Updates were issued as KB4346783and KB4343893

 

Less than a month ago, Microsoft released its update patches for August. Today, the company has launched another set of cumulative Windows 10 updates that contain fixes for problems that were presented with previous update patches.

Ethical hacking specialists mention that the company is launching these patches with improvements and fixes not related to the system security. Systems running Windows 10 April 2018 (version 1803) and Windows 10 Fall creators Update (version 1709) versions will be receiving the new patches with general bug fixes.

According to the changelog, the update fixes a variety of problems in Windows 10. To install the latest patch on your system, open Settings and navigate to Update and security-> Windows update and select Search for updates. If you prefer, you can download and install updates manually.

Update for Windows 10 April 2018 Update

If you are currently using Windows 10 April 2018 Update, you will need to install the KB4346783 patch. This patch advances the Windows Update PC from April 10, 2018 to compilation 17134.254 and you can download them through Windows Update or Microsoft Update Catalog. Among the problems that these updates patch addresses are:

  • Solution to a problem in Microsoft Foundation Class applications that can cause applications to flash.
  • Solution to a problem where touch and mouse events were handled differently in Windows Presentation Foundation (WPF) applications that have a transparent overlay window.
  • Solution to a problem that causes the registration or renewal of the computer certificate to fail with an “Access denied” error after installing the April 2018 update.

Update for Windows 10 Fall Creators Update

Ethical hacking experts mention that users working with Windows 10 Fall Creators Update will receive the KB4343893 update package. The update includes fixes such as:

  • Solution to a problem in Microsoft Foundation Class (MFC) applications that can cause applications to flash.
  • Solution to a problem that causes win32kfull. SYS to stop working.
  • Solution to a problem that caused users to press Ctrl+ALT+DELETE twice to exit assigned access mode when automatic authentication was enabled.
  • Solution to a problem that makes Microsoft Edge stop working.

Ethical hacking specialists from the International Institute of Cyber Security mention the importance of keeping your computer running Windows 10 updated, so recommend that you install the corresponding patch as soon as possible, but if you want to delay the update, you can go to Settings and modify the active hours and restart and download options for the update.

Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign.

Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording phone calls, and monitoring text messages, secretly stealing photos and videos, and collecting location data—all without users’ knowledge.

The strain of Triout-based spyware apps was first spotted by the security researchers at Bitdefender on May 15 when a sample of the malware was uploaded to VirusTotal by somebody located in Russia, but most of the scans came from Israel.

In a white paper (PDF) published Monday, Bitdefender researcher said the malware sample analyzed by them was packaged inside a malicious version of an Android app which was available on Google Play in 2016 but has since been removed.

The malware is extremely stealthy, as the repackaged version of the Android app kept the appearance and feel of the original app and function exactly like it—in this case, the researcher analyzed an adult app called ‘Sex Game’— to trick its victims.

However, in reality, the app contains a malicious Triout payload that has powerful surveillance capabilities which steal data on users and sends it back to an attacker-controlled command and control (C&C) server.

According to the researcher, Triout can perform many spying operations once it compromises a system, including:

  • Recording every phone call, saving it in the form of a media file, and then sending it together with the caller id to a remote C&C server.
  • Logging every incoming SMS message to the remote C&C server.
  • Sending all call logs (with name, number, date, type, and duration) to the C&C server.
  • Sending every picture and video to the attackers whenever the user snaps a photo or record video, either with the front or rear camera.
  • Capability to hide itself on the infected device.

But despite the powerful capabilities of the malware, the researchers found that the malware does not use obfuscation, which helped the researchers get full access to its source code by merely unpacking the APK file—suggesting the malware is a work-in-progress.

Although the researchers were unable to find how this repackaged version of the legitimate app was being distributed and how many times it was successfully installed, they believe the malicious app was delivered to victims either by third-party app stores or by other attacker-controlled domains likely used to host the malware.

The analyzed Triout sample was still signed with an authentic Google Debug Certificate.

At the time, no evidence points towards the attackers, or to determine who they are and where they are from, but what’s clear is one thing that the attackers are highly skilled and full of resources to develop a sophisticated form of a spyware framework.

The best way to protect yourself from avoiding falling victims to such malicious apps is to always download apps from trusted sources, like Google Play Store, and stick only to verified developers.

Also, most important, think twice before granting any app permission to read your messages, access your call logs, your GPS coordinates, and any other data obtained via the Android’s sensors.

 

url:https://thehackernews.com/2018/08/android-malware-spyware.html