The Hacker News

Caphaw Banking Malware Distributed via YouTube Ads

mardi 25 février 2014 à 11:20

More than one billion of unique visitor spend about 6 billion hours on YouTube to watch videos, according to monthly YouTube Stats. Security researchers from Bromium Labs recently found that YouTube advertising network has been abused by rogue advertisers to distribute malware.

YouTube In-Stream Ads were redirecting users to malicious websites, hosting the 'Styx Exploit Kit' and was exploiting client side vulnerabilities by drive-by-download attack to infect users' computer with Caphaw Banking Trojan.

The Exploitation process relied upon a Java vulnerability (CVE-2013-2460) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit.

"We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures." researchers said.

Further investigation has revealed that the banking malware uses Domain Generation Algorithm (DGA) for communicating with Command and Control server (C&C). The C&C panel of this Trojan seems to be hosted somewhere in Europe and the case is still under investigation. Caphaw Banking Malware has been marked as malicious by a number of anti-virus companies.

How many users had become victim of this attack is yet a question. Google has taken down the malvertisment campaign and is beefing up internal procedures to prevent such events from occurring again.

Oracle has already patched the respective Java vulnerability last year, So users are advised to keep their Java software up-to-date and install latest Security updates of the softwares and operating system.

First Tor-Based Android Malware Spotted in the Wild

mardi 25 février 2014 à 09:13

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing.

The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.

Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted the world's first Tor-Based Malware for Android Operating system.

The Android Malware dubbed as 'Backdoor.AndroidOS.Torec.a', using Tor hidden service protocol for stealth communication with Command-and-Control servers.

Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called 'Orbot', thus eliminating the threat of the botnet being detected and blocked by law enforcement authorities, although often it's not clear how many devices has been infected by this malware till now.

The Trojan is capable of intercepting and stealing incoming SMS, can make USSD requests, stealing device information including 'the phone number, country, IMEI, model, version of OS', can retrieve the list of installed applications on the mobile device, and also can send SMSs to a specified number.

Kaspersky didn't mention particularly that the malware is focused on stealing banking information or not, but the popularity of Android OS is kept motivating cyber criminals to develop far more advanced Android malware with more stealthy and anti-reverse methods.

Here are some things you can do to dramatically reduce the risk of malware infections on your Android phone:

Install apps from official Android Market instead of third-party app stores or websites.
Before installing any apps, check the publisher and app reviews.
Pay attention to app permissions during the installation.
Install Antivirus and Firewall apps.

World’s largest Bitcoin exchange Mt. Gox Shuts Down; CEO quits Bitcoin Foundation

mardi 25 février 2014 à 07:53

World’s largest Bitcoin exchange Mt. Gox has shut down its website, withdrawal system, deleted its Twitter feed and halted all trading systems after it detected "unusual activity."

The Bitcoin Foundation, a Bitcoin advocacy group, confirmed that Mark Karpeles, the chief executive of Tokyo-based Mt. Gox bitcoin exchange has resigned from the board of the Bitcoin Foundation. This comes just days after the exchange gave an update regarding the technical issues.

Last week, Mt. Gox said a technical glitch that had forced the exchange to suspend bitcoin withdrawals for a week. They discovered the transaction falsification glitch and same flaw alleged to have been used to steal all of the bitcoins worth about $2.7 million from Silk Road 2.0.

Later, some sources close to the matter have confirmed that more than 700,000 bitcoins are indeed missing from MtGox records, in a 'slow-leak' hack that went on for years. The repeated technical glitches over the past several months caused the Shut down of the biggest Bitcoin Industry.

Bitcoin companies 'Coinbase, Blockchain.info, Circle, Kraken, Bitstamp, and BTC China' have issued a joint statement regarding MtGox.

"This tragic violation of the trust of users of Mt.Gox was the result of one company’s abhorrent actions and does not reflect the resilience or value of bitcoin and the digital currency industry. There are hundreds of trustworthy and responsible companies involved in bitcoin. These companies will continue to build the future of money by making bitcoin more secure and easy to use for consumers and merchants." "We strongly believe in transparent, thoughtful, and comprehensive consumer protection measures. We pledge to lead the way."

MtGox has also deleted its entire Twitter feed, which is nearly unprecedented. Late last week, Bitcoin prices dropped to the lowest they have been since June, by $300 and currently, the value on MtGox is swinging between $300 and $500.

Silent Circle's Blackphone - Privacy and Security Focused Smartphone for $629

lundi 24 février 2014 à 18:11

Silent Circle's BLACKPHONE - A Privacy and Security Focused Smartphone now available for pre-order for about $629.

Earlier this year encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone announced a privacy-focused encrypted Smartphone called 'Blackphone' and today the company has revealed it as 'Mobile World Congress' in Barcelona.

The Blackphone titled as, “world’s first Smartphone which places privacy and control directly in the hands of its users,” has a fully customized version customized version of Android called PrivatOS and pre-installed with lots of privacy-enabled applications, is now available for pre-order for about $629.

Silent Circle was co-founded by a respected Cryptographer Phil Zimmermann, best known as the creator of Pretty Good Privacy (PGP), which is a widely used email encryption software.

The Blackphone handsets main focus is keeping all of your data secure, and to stop government agencies snooping on your communications. Blackphone will come with a set of application developed by Silent Circle, including Silent Phone, Silent Text, and Silent Contacts as well as other features for firewall and remote wipe when required.

Silent Circle's Blackphone - Privacy and Security Focused Smartphone available at $629

Blackphone also has a 'Kismet Smart Wi-Fi Manager' to improve the security device on public networks, and also provides the private web browsing and secure file-sharing options. The Android-based Blackphone is powered by a quad-core 2 GHz processor, 2GB of RAM, 16GB of onboard storage and support for LTE networks.

The Blackphone also comes with SpiderOak, which provides 5GB of encrypted data backup, and Virtual Private Network from Disconnect.me.

But if you think 'Blackphone' is a shield against the NSA or other intelligence agencies Blackphone, then you should know this - Blackphone cannot mask metadata entirely from NSA. No piece of man-made technology is entirely hack-proof.

Mike Janke, co-founder and CEO of Silent Circle told Mashable, "If you are on the terrorist wanted list or a criminal, intelligence services will get into your device... There's no such thing as 100% secure phone."

The Blackphone’s main security feature is voice and text encryption, not about hiding metadata which is related to a communication data such as date, time, location and identity of the users.

Hacking Team sold Spyware to 21 Countries; Targeting Journalists and Human Right Activists

lundi 24 février 2014 à 13:46

Spying on the world by injecting sophisticated backdoors in software, systems, and mobile phones, leads to violation of the Privacy and Security of every individual. Yes, we are talking about Surveillance, but this time not about NSA.

Instead, Countries including some with poor human-rights records and a much less technically advanced nation are the likely culprits, as they apparently used commercial spyware in making surveillance capabilities that once were the exclusive expertise of the known spy agencies, such as National Security Agency (NSA) and GCHQ.

Citizen lab, a nonprofit research lab has found traces of a remote hacking tool in 21 countries, developed by Hacking Team, including Ethiopia, Sudan, Azerbaijan and Saudi Arabia, which the team had already denied back in 2013.

Hacking Team, also known as HT S.r.l, is an Italian company, which is known for its powerful surveillance software, Remote Code System (RCS) that it sells to Governments and law enforcement agencies.

Senior Counsel of Hacking Team, Eric Rabe stated that the company does not provide its products to 'repressive regimes.'

"On the issue of repressive regimes, Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the EU, the US, NATO, and similar international organizations or any “repressive regime."

Remote Control System (RCS) is a malware, can be defined as 'instrument of crime', infects computers and Smartphones in order to enable covert surveillance. The company claims that its Trojan once installed in the victims’ computer, can intercept encrypted communication, including emails and Skype voice calls. Furthermore, RCS can turn on a device’s webcam and microphone to spy on the user without their knowledge.

The Team prominently advertises that their RCS spyware is "untraceable" to a specific government operator and can be installed remotely. They say that it can scale up to monitor "hundreds of thousands of targets" and is capable of being deployed to Apple, Android, Symbian, and Blackberry mobile devices.

"Hacking Team has made a number of statements that seem intended to reassure the public, as well as potential regulators, that they conduct effective due diligence and self-regulation regarding their clients, and the human rights impact of their products," the Citizen Lab researchers report on Monday. "They also market their RCS product as untraceable. Our research suggests that both of these claims ring hollow."

The researchers at Citizen Lab have found traces of Remote Control System (RCS) by mapping the spyware's network of proxy servers, which the Hacking Team claims that RCS is "untraceable."

"Our research reveals that the RCS collection infrastructure uses a proxy-chaining technique, roughly analogous to that used by general-purpose anonymity solutions like Tor, in that multiple hops are used to anonymize the destination of information," reads the report. "Despite this technique, we are still able to map out many of these chains and their endpoints using a specialized analysis." Citizen Lab researchers explained.

On the basis of tracing endpoints of Hacking Team proxy chains, the researchers suspected that the agencies of 21 Governments are current or former Clients of RCS, and the country names are Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, Uzbekistan, including Italy which is the homeland of the Hacking Team.

The Governments are targeting for political advantage, including the US-based news Organization, rather than using it for legitimate law enforcement operations.

According to researchers at Citizen Lab, The No.1 suspect is Ethiopian Government, that used the hacking tool created by Hacking Team to carry out the spying operation against the Ethiopian journalists in the United States and Europe.

Hacking Team to Citizen Lab:

“We have established an outside panel of technical experts and legal advisors, unique in our industry that reviews potential sales. This panel reports directly to the board of directors regarding proposed sales.”

However The FBI, which investigates Computer crimes, declined to comment on the Citizen Lab report, but an activist at the Electronic Frontier Foundation (EFF) and an expert in surveillance technology, Eva Galperin said that:

"If the Ethiopian government is not a Hacking Team customer, then I would sure like to know how their tools wound up being used to spy on Ethiopian journalists."