Showing posts with label HackNeWs. Show all posts
Showing posts with label HackNeWs. Show all posts

Wednesday 26 April 2017

New Android Malware Infected 2 Million Google Play Store Users So Must Read And Check Your Phone

1 comment
Thanks To THN
Initially thought to be 600,000 users, the number of Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million.

Yes, about 2 Million Android users have fallen victim to malware hidden in over 40 fake companion guide apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store, according to security researchers from Check Point.

Dubbed FalseGuide by the Check Point researchers, the malware creates a "silent botnet out of the infected devices" to deliver fraudulent mobile adware and generate ad revenue for cybercriminals.

Nearly 2 Million Android Users Infected!

While initially it was believed that the oldest instance of FalseGuide was uploaded to the Google Play in February and made its way onto over 600,000 devices within two months, further in-depth analysis by researchers revealed more infected apps which date back to November 2016.
"Since April 24, when the article below was first published, Check Point researchers learned that the FalseGuide attack is far more extensive than originally understood," Check Point researchers wrote in a blog post.
"The apps were uploaded to the app store [Google Play Store] as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads."

Russian connection with FalseGuide

Check Point researchers discovered five additional apps containing the FalseGuide malware on Google Play Store, developed by "Anatoly Khmelenko" (translated from Russian Анатолий Хмеленко).

Also, the first batch of malicious apps was submitted under the Russian names of two fake developers, Sergei Vernik and Nikolai Zalupkin, which suggests the malware is of Russian origin.

FalseGuide attempts to turn infected devices into a botnet that could allow its operator to control the devices without the knowledge of the device owners.

Here's How FalseGuide Works:


While downloading to the victim's phone, FalseGuide requests administrative permissions to the device in an attempt to avoid being deleted by the user.

The malware then registers itself with Firebase Cloud Messaging – a cross-platform messaging service that allows app developers to send messages and notifications.

Once subscribed to this service, FalseGuide can allow the attackers to send messages containing links to additional malware and install them to the infected device, enabling attackers to display illegitimate pop-up ads out of context and generate revenue.

Depending on their objectives, the attackers could also inject highly malicious code into an infected device to root it, conduct a Distributed Denial of Service (DDoS) attack, or even penetrate private networks.

Google Removed the Malware hidden Apps, but are you Clean?

Check Point has provided a full list of malicious apps hiding FalseGuide, which posed as guides for FIFA Mobile, Criminal Case, Super Mario, Subway Surfers, Pokemon Go, Lego Nexo Knights, Lego City My City, Ninjago Tournament, Rolling Sky, Amaz3ing Spider-Man, Drift Zone 2, Dream League Soccer, and many more.

Check Point researchers notified Google about FalseGuide in February, after which the company silently removed the malware apps from the Play Store.

But despite being removed, the malicious apps are likely still active on a number of devices, leaving Android users open to cyber attacks.
"Mobile botnets are a growing trend since early last year, growing in both sophistication and reach," CheckPoint said. "This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code."

How to Protect yourself against such Malware

There are standard protection measures you need to follow to remain unaffected:

  • Always download apps which are from trusted and verified developers and stick to trusted sources, like Google play Store and the Apple App Store.
  • Always verify app permissions before installing apps. If any app is asking more than what it is meant for, just do not install it.
  • Keep a good antivirus app on your device that can detect and block such malware before it can infect your device. Always keep the app up-to-date.
  • Do not download apps from third party source. Although in this case, the app is being distributed through the official Play Store, most often such malware are distributed via untrusted third-party app stores.
  • Avoid unknown and unsecured Wi-Fi hotspots and Keep your Wi-Fi turned OFF when not in use.
  • Be careful which apps you give administrative rights to. Admin rights are powerful and can give an app full control of your device.
  • Never click on links in SMS or MMS sent to your mobile phone. Even if the email looks legit, go directly to the website of origin and verify any possible updates.
Read More

Friday 21 April 2017

एआर चश्में से अगले 50 सालों में सब कुछ बदल जाएगा दुनिया में / Virtual World ?

1 comment

अभी तक सिर्फ कल्पना होती रही है कि काश कोई ऐसी चीज आएं जिसे पहनकर जो मन में सोचे वो हो जाएं। माना कि ये नामुमकिन है लेकिन कुछ इसी तरह से जुडी हुई तकनीक जल्द ही दुनिया में आने वाली है। और ऐसा करने जा रही है फेसबुक। जी हां, फेसबुक ऐसी टेक्नोलॉजी पर काम कर रही है जिससे सिर्फ अपने दिमाग में सोचने से ही वो सब कुछ आपके सामने कम्प्यूटर पर टाइप हो जाएगा। इसे साइलेंट कम्युनिकेशन नाम दिया गया है!

पेश किया एआर चश्मा

रिपोटर्स के मुताबिक, फेसबुक के स्वामित्व वाली कंपनी ओकुलस रिसर्च के प्रमुख वैज्ञानिक माइकल अब्रैश ने एआर चश्मा पेश किया, जिसे लगाने के बाद वास्तविक दुनिया की डिजिटल जानकारी मिल जाती हैं। इस मौके पर अब्रैश ने कहा कि ये चश्मा अगले 50 वर्षो में टेक्नोलाॅजी की दुनिया में एक महान परिवर्तनकारी होगा। इससे चश्में को पहनकर ही आप अपना हर कार्य पूरा कर सकोगे।

स्मार्टफोन की जगह हम स्टाइलिश चश्मा पहनेंगे

इस मौके पर अब्रैश ने कहा कि मैं भविष्यवाणी करता हूं कि हर जगह स्टाइलिश स्मार्टफोन ले जाने की जगह, हम स्टाइलिश चश्मा पहनाएंगे, और सब कुछ के बीच की पेशकश करेंगे और हम उन्हें पूरे दिन पहनेंगे और हमारे जीवन के लगभग सभी पहलुओं में उनका उपयोग करेंगे। एआर और वीआर के बीच का अंतर गायब हो जाएगा। असली और आभासी दुनिया हमारी जरूरतों के अनुसार पूरे दिन मिश्रण और मैच करेगी। आगामी बीस से 30 सालों में ऐसा संभव हो सकता है। और उसके बाद पूरी दुनिया में एक नया परिवर्तन देखने को मिलेगा।

क्रांतिकारी टेक्नोलॉजी से भरा होगा भविष्य

वही दूसरी तरफ फेसबुक के वाइस प्रेसिडेंट ऑफ इंजीनियरिंग एंड हेड ऑफ सीक्रेटिव ने बताया कि भविष्य क्रांतिकारी टेक्नोलॉजी से भरा हुआ है, जो हमें बिना टाइप किए लोगों से संवाद करने में सक्षम बनाएगी। फेसबुक में 60 लोगों की एक टीम इंसानी दिमाग द्वारा संचालित होने वाले कंप्यूटर इंटरफेस पर काम कर रही है।

100 शब्द प्रति मिनट की स्पीड से होगी टाइपिंग

यह सिस्टम यूजर की तंत्रिका गतिविधि को डीकोड कर 100 शब्द प्रति मिनट की स्पीड से टाइपिंग करने में सक्षम होगा। हम स्मार्टफोन पर जिस स्पीड से टाइप करते हैं, इससे पांच गुना तेजी से टाइप हो सकेगा। फेसबुक का कहना है कि यह टेक्नोलॉजी कम्युनिकेशन डिसऑर्डर की समस्या से जूझने वाले लोगों के लिए सहायक होगी।

Dosto agar aapko post achi lagi ho to comment Jarur kare....
Read More

Friday 14 April 2017

Android Trojan Targeting Over 420 Banks So Beware And Must Read

1 comment
android banking malware
Thanx To THN
Do you like watching funny videos online ?

I love watching funny videos clips online, and this is one of the best things that people can do in their spare time.

But, beware if you have installed a funny video app from Google Play Store.

A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as Funny Videos 2017, on Google Play Store.

Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world.

This newly discovered banking Trojan works like any other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app's code.

Dubbed BankBot, the banking trojan targets customers of more than 420 banks around the world, including Citibank, ING, and some new Dutch banks, like ABN, Rabobank, ASN, Regiobank, and Binck, among many others.

How Android Banking Trojan Works

In a nutshell, BankBot is mobile banking malware that looks like a simple app and once installed, allows users to watch funny videos, but in the background, the app can intercept SMS and display overlays to steal banking information.

Mobile banking trojan often disguises itself as a plugin app, like Flash, or an adult content app, but this app made its way to Google Play Store by disguising itself as any other regular Android app.

Google has removed this malicious app from its Play Store after receiving the report from the researcher, but this does not mean that more such apps do not exist there with different names.

"Another problem is that Google [Play Store] mainly relies on automated scanning without a full understanding of the current obfuscation vectors resulting in banking malware on the Google Play Store." researcher told The Hacker News.
Once downloaded, the app persistently requests administrative rights, and if granted, the banking malware can control everything that's happening on an infected smartphone.

The BankBot springs into action when the victim opens any of the mobile apps from a pre-configured list of 425 banking apps. A complete list of banks a BankBot variant is currently imitating can be found on the blog post published by the researcher.

Once one of the listed apps is opened, BankBot immediately displays an overlay, which is a page on the top of legitimate mobile banking app and tricks Android users entering their banking credentials into the overlay, just like a phishing attack.

This will not only sends your banking credentials to your bank’s servers but also sends your financial credentials to the server controlled by fraudsters.

This social engineering technique is often used by financially motivated criminals to deceive users into giving up their personal details and sensitive banking information to fraudsters.

How to protect yourself?

There are standard protection measures you need to follow to remain unaffected:

  • Install a good antivirus app that can detect and block such malware before it can infect your device. Always keep the app up-to-date.
  • Always stick to trusted sources, like Google play Store and the Apple App Store, and verify app permissions before installing apps. If any app is asking more than what it is meant for, just do not install it.
  • Do not download apps from third party source. Although in this case, the app is being distributed through the official Play Store, most often such malware are distributed via untrusted third-party app stores.
  • Avoid unknown and unsecured Wi-Fi hotspots and Keep your Wi-Fi turned OFF when not in use.
  • Be careful which apps you give administrative rights to. Admin rights are powerful and can give an app full control of your device.
  • Never click on links in SMS or MMS sent to your mobile phone. Even if the email looks legit, go directly to the website of origin and verify any possible updates.

Read More

Wednesday 5 April 2017

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Leave a Comment
Less than a week after Apple released iOS 10.3 with over 100 bug fixes and security enhancements; the company has just pushed an emergency patch update – iOS 10.3.1 – to addresses a few critical vulnerabilities, one of which could allow hackers to "execute arbitrary code on the Wi-Fi chip."

The vulnerability, identified as CVE-2017-6975, was discovered by Google's Project Zero staffer Gal Beniamini, who noted on Twitter that more information about the flaw would be provided tomorrow.

Apple also did not provide any technical details on the flaw, but urged Apple iPhone, iPad and iPod Touch users to update their devices as soon a possible.

Apple describes the issue as a stack buffer overflow vulnerability, which the company addressed by improving the input validation.

A stack buffer overflow flaw occurs when the execution stack grows beyond the memory that is reserved for it, allowing hackers to execute malicious code remotely.

The flaw allows an attacker, within range, to execute malicious code on the phone's Wi-Fi chip.

The vulnerability appears to affect iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation, and later devices running the iOS 10.3 operating system.

It's worth mentioning that iPhone 5 and iPhone 5C were Apple's last iPhone handsets to have a 32-bit processor with Apple A6 system on a chip. Since iPhone 5S has a 64-bit processor, it is not affected by the issue.

With iOS 10.3 release, an over-the-air download for 32-bit Apple devices wasn't available. This has also being changed with iOS 10.3.1 update, which brings back support for iPhone 5 and 5C as well as the fourth-generation iPad -- the only remaining 32-bit Apple devices.

The iOS 10.3.1 update can be downloaded over-the-air via Settings → General → Software Update on your iOS device.

Apple users running iOS 10.3 should be able to see the iOS 10.3.1 update, so press on the "Download and Install" button to install the update.

Read More

Monday 3 April 2017

Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub

1 comment
Thanx To THN
Microsoft has announced to shut down CodePlex -- its website for hosting repositories of open-source software projects -- on December 15, 2017.

Launched in 2006, CodePlex was one of the Microsoft's biggest steps towards the world of open source community -- where any programmer, anywhere can share the code for their software or download and tweak the code to their liking.

However, Microsoft says that the service has dramatically fallen in usage and that fewer than 350 projects seeing a source code commit over the last 30 days, pointing to GitHub as the "de-facto place for open source sharing."

GitHub – 'Facebook for Programmers'

In a blog post published Friday, Microsoft Corporate VP Brian Harry wrote that the shutdown of CodePlex is because the open source community has almost entirely moved over to GitHub, which provides similar functionality for sharing code that people can collaborate on.

"Over the years, we have seen a lot of amazing options come and go but at this point, GitHub is the de-facto place for open source sharing, and most open source projects have migrated there," says Harry.
According to the company, Github has become the "Facebook for programmers," so "it's time to say goodbye to CodePlex."

For now, Microsoft has disabled the ability to create new projects on CodePlex, and in October the site will be turned into a read-only archive.

The complete shutdown comes on December 15 this year, at which point the CodePlex website will be archived indefinitely.
"You will also be able to download an archive file with your project contents, all in common, transferable formats like Markdown and JSON," Harry writes.

"Where possible, we will put in place redirects so that existing URLs work, or at least redirect you to the project's new homepage on the archive. And, the archive will respect your "I've moved" setting, if you used it, to direct users to the current home of your project."

Migrate your Code and Related Projects to GitHub

Harry also points out that many of Microsoft's open source software projects have already found their way to GitHub and the company is actively recommending people to do so.

The company is itself using GitHub to host open-source software projects such as PowerShell, .NET and its Chakra JavaScript engine.

Microsoft is making the process of migration easier for its users. Microsoft has teamed up with GitHub to create a "streamlined" migration tool to help developers shift their code and related content over to GitHub.

Since a release date of the migration tool is not yet known, users can check out the guide on CodePlex for any help with migrating to GitHub.
Read More

Sunday 2 April 2017

Email Scam Targets Github Developers with Dimnie Trojan

1 comment
Thanx To THN
Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan.

Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit architectures, download additional malware on infected systems, and self-destruct when ordered to.

The malware has largely flown under the radar for the past three years – Thanks to its stealthy command and control methods.
The threat was discovered in the mid of January this year when it was targeting multiple owners of Github repositories via phishing emails, but cyber-security firm Palo Alto, who reported the campaign on Tuesday, says the attacks started a few weeks before.

Here's How the Attack Works:

The attack starts by spamming the email inboxes of active GitHub users with booby-trapped job offers. The messages used in this campaign attempt to trick the victims into running an attached malicious .doc file.

The doc file contains embedded macro code, which if allowed, executes a PowerShell command to download and install the Dimnie trojan – malware that can be controlled remotely, enabling attackers to hijack infected PCs and install additional malware.

Dimnie is not new; it first appeared in early 2014, but the use of stealthy command and control (C&C) methods in the new version of the Dimnie malware helped the threat remain unnoticed until this year.

Dimnie's Stealthy Features let it went Undetected for 3 Years

This new iteration has the ability to hide its malicious traffic under fake domains and DNS requests. To camouflage its connection, Dimnie uses HTTP Proxy requests that appear to be sent to Google-owned domains, but it's actually talking to an address controlled by the attackers, which has nothing to do with Google.
For more stealthiness, the malware encrypts all of its modules during transit, and once they are received and decrypted on the targeted computer, they are never written to or executed on its hard drive.

Instead, Dimnie injects them directly into the memory of core Windows processes, which then execute in the OS memory itself, without leaving its traces on the user's disks. This lets Dimnie operators inject their malicious module into the process of any legit application.
Since the malware hides its communications behind regular traffic and executes in the OS memory, Palo researchers unable to speculate the attackers behind the latest phishing email campaign or their exact motivations to target open-source developers.

However, gaining access to computers belonging to owners of private GitHub repositories gives attackers a way to access the source code of the application they manage for their organizations, which let the attackers gain access to the internal networks of various organizations.
Read More

Tuesday 28 March 2017

If You Are A Iphone User And Using iCloud So Beware - Must Read (Hax4Us)

1 comment
Hax4Us HackNeWs
If you use iCloud to sync your Apple devices, your private data may be at risk of getting exposed or deleted by April 7th.

It has been found that a mischievous group of hackers claiming to have access to over 300 million iCloud accounts is threatening Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in crypto-currency or $100,000 worth of iTunes gift cards.

The hacking group, who identified themselves as 'Turkish Crime Family,' has demanded a ransom to be paid in Bitcoin or Ethereum, another popular crypto-currency.

The screenshots of email exchange indicate that when Apple security team asked for a sample list of hacked account to verify the claims, the group only provided a YouTube video demonstrating access to one of the allegedly hacked accounts and remotely wiping all content from the device.

Thanx To THN
However, the story seems inconsistent, as on its Twitter account, the group claims to have access to 200 million iCloud accounts, while in one of the emails, it says to access 300 million Apple email accounts and in another, the number gets almost double to 559 million.

At this time, it is very difficult for even Apple to verify the claims. However, the company has warned the group saying that it does not reward cyber criminals for breaking the law and asking them to remove the video as it was "seeking unwanted attention."

The hacking group has given Apple a deadline until April 7 to pay up the ransom. Unless its demands are met, the group are going to start remotely wiping victim's Apple devices and reset iCloud accounts.

How to Protect Your iCloud Account From Hackers

Whether the claims and threat are real or not, but if hackers gain access to your iCloud account, they could easily download all your photos and other private data.

In order to keep your iCloud account safe from hackers, Apple users are advised to change their iCloud passwords immediately and enable two-step authentication to add an extra layer of security to your account.
Read More