In late June, the Trend Micro security researchers were able to find an information stealing malware named RETADUP. As per further research, it was found that RETADUP was accompanied by an even more dangerous malware that targets Android devices. This Android malware has been named GhostCtrl as it can take control over your Android smartphone. This malware is based on the popular RAT (Remote Access Trojan) OmniRAT, which has the power to remotely control machines running Windows, Linux, and macOS. Like many other Android malware, GhostCtrl also hides behind the curtains and masquerades as popular apps like WhatsApp, MMS, Pokemon Go, etc. The main APK of the malware has backdoor functions, which are named com.android.engine to mislead the users. After connecting to Control &
A few days ago I told you about the CopyCat malware for Android smartphone that infected about 14 million devices and the malware authors earned about $1.5 million via fraudulent ads. Now, the security researchers at Palo Alto Network have identified a malware that has the power to hack 40 or more social media accounts. Before going ahead and tell you the details of the malware, let me inform you that this malware, called SpyDealer, affects only the Android versions between 4.4 KitKat and 2.2 Froyo. These users account for about 25% of the total Android users, i.e., 500 million. What does SpyDealer malware do? SpyDealer has advanced capabilities like exfiltrating data private data from more than 40 popular apps. The list of the targeted apps includes the following: WeChat, Face...
Dark Web is the part of the world wide web which is beyond the reach of normal search engines and is accessible with the help of specific tools like the Tor Browser. The dark web has a lot of shady and illegal stuff. But what’s shadier is a fake Tor browser that’s being promoted among the users in the form of YouTube videos. The fake Tor Browser was spotted last week by Lawrence Abrams of Bleeping Computer. The said YouTube videos are tutorials to teach users about buying stuff from a Dark Web marketplace known as The Rodeo. Fake Tor Connection The only way you can relate the imposter web browser to Rodeo is that it carries the name in the title bar. After further digging, it was found that the software carries Tor’s UI and houses .NET code under the hood. Most of the options and b
Since early 2017, whistleblower website WikiLeaks has been publishing secret CIA documents and the malware used by them to take control of all sort of electronic devices. In the ongoing Vault 7 series, WikiLeaks has recently published documents from CIA contractor Raytheon Blackbird Technologies. The leaked documents were submitted to the CIA between 21st Nov 2014 and 11th Sep 2015. The documents submitted by Raytheon contained proof-of-concept assessments for malware attack vectors. It should be noted that Raytheon acted as a technology scout for CIA’s Remote Development Branch (RDB). The scout made recommendations to the CIA teams for further research and malware development. So, without further delay, let’s tell you about the 5 CIA-Raytheon malware described in the leaked d
According to a blog post published by Check Point security, a subtitle file could be modified to create a new attack vector and compromise the devices such as PCs, mobile devices, TVs, etc running vulnerable media players. Once compromised, the attacker can perform remote code execution, steal data, use the device as a pawn in a DDoS attack, and more. The researchers say, delivering a cyber attack when subtitles are loaded onto a media players is a “completely overlooked technique”. Most of the people download subtitles files from repositories on the web without giving a second thought, treating them as no more than innocent text files. The researchers say that attackers can upload a malicious subtitle on a repository and manipulate the rankings to put their results on the top. Th
As we continue to spend more and more hours online, we must up our security game and make sure that we don’t end up losing our data and credentials. However, the reality is grim. Be it the rising threat of ransomware or increasing data theft, the irresponsible security practices of the users are responsible to a great extent. By exploiting the inattentiveness of the users, a new kind of phishing attack is expanding its web to target Facebook users. So, let’s tell you about this attack in detail. What is URL Padding phishing? The notorious hackers have found a new way to fool the users by creating fake and believable URLs. Focused on mobile devices, which have narrow URL bars, the hackers are using real domains within a larger URL. They are padding the larger URL with hyphens to hide t
Researchers at McAfee and FireEye have disclosed another case of email-based hacking methods which can be used to compromise a fully updated and patched Windows operating system, even Windows 10. The attack vector lies in the form of an unpatched zero-day bug present in all the running versions of Microsoft Office. The root cause lies in an important Office feature known as Object Linking and Embedding (OLE). It allows applications to embed and link to documents and objects. According to the researchers, a victim opening a suspicious Word file – embedded with an OLE2link object – in an email would trigger winword.exe to initiate an HTTP request to the attacker’s remote server. This results in the download of a malicious .hta file (HTML Application executable) on the victim’s
Punycode is a method of depicting Unicode using the limited character subset of ASCII which is used for internet host names. It makes it possible to register domain names with foreign characters. For example, the domain name “xn--s7y.co” is same as “短.co”. Using the same, a security researcher has shown the proof-of-concept of a scary attack. While the whole concept of the attack is very old, it has recently surfaced to the current versions of browsers like Google Chrome, Mozilla Firefox, and Opera. These browsers show unicode characters in domain names as normal characters, which makes it impossible to notice the notorious domains. Due to this, it’s possible to register domains like “xn--pple-43d.com”, which is equivalent to “аpple.com,” the Chinese security researcher Xudong Zh