Beware of ‘GhostTeam’ Android malware that steals Facebook passwords using Google Play apps
More than 50 Android applications on Google’s official Play Store marketplace have been found to house malicious code which hackers could use to steal Facebook passwords. When the victim opens Google Play or Facebook, it displays an alert urging them to install the booby-trapped app and grant it administrator permissions. Cryptocurrency bouncing back after 48 hours of ‘carnage’ Read more The developers of the malware, also codenamed GhostTeam due to the name appearing in the code, designed it to “aggressively” display pop-up advertising on an infected device’s home screen. The malicious code injected in the WebView client will steal the email and password used to log in to the Facebook app, which it sends to the command and control server. While we haven’t seen active cybercriminal campaigns that use the stolen Facebook credentials so far, it’s not far-fetched to think they would,” Sun wrote. The firm advises Android users to ensure they have the latest security patches installed and to always check app reviews. Sun explained: “Once the user opens the Facebook app, a dialogue will prompt him/her to verify the account. Dubbed ‘GhostTeam’ by cybersecurity company Trend Micro, the code is a form of adware that was caught targeting users across India, Indonesia, Brazil, Vietnam and the Philippines. The use of video downloaders as social engineering hooks — enticing users with features that allow them to download videos for offline viewing — concurs with our detections for GhostTeam. The apps pose as a utility (flashlight, QR code scanner, compass) and device performance-boosting apps (file transfer, cleaner) and more notably, social media video downloaders,” explained mobile threat analyst, Kevin Sun, in a blog post-Thursday 18 January.
OnePlus hacked: Nearly 40,000 users’ payment card details stolen in major security breach
OnePlus has confirmed it suffered a major data breach potentially compromising the payment card details of up to 40,000 customers. The company said users who paid with a previously saved credit card on file, PayPal or the “Credit card via PayPal” methods “should not be affected” by the intrusion. Customers who entered their credit card details on OnePlus’ website between mid-November, 2017 and 11 January 2018 may have been affected by the breach. The disclosure comes several days after reports of credit card fraud began popping up earlier this month after users’ purchased OnePlus products from the official OnePlus. The company temporarily shut down credit card payments for its online store last week and launched an investigation into the “serious issue” with the assistance of a third-party security firm. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. Customers have been advised to check their payment card statements for any potentially suspicious activity. Only potentially affected users have received a notification email regarding the breach and have been offered a year of credit monitoring. Compromised data includes customers’ credit card numbers, expiry dates and security codes. It added that customers card details are never processed or stored on the OnePlus.net site.”It is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers.”
Liverpool hacker jailed for cyber attacks on Google and Skype
A 21-year-old computer hacker from the UK who made more than $700,000 (£505,000, €571,000) selling malware on the dark web has been jailed after being found guilty of multiple cybercrime charges. Alex Bessell, 21, who attacked websites with a ‘zombie’ computer army has been jailed for two years West Midlands Police “This is one of the most significant cybercrime prosecutions we’ve seen: he was offering an online service for anyone wanting to carry out a web attack,” Rocu’s DC Mark Bird said. Bessell was jailed for two years at Birmingham Crown Court for 10 offences, including unauthorised access to computers, impairing the operation of computers, supplying malware and money laundering. Beware of ‘GhostTeam’ Android malware that steals Facebook passwords Investigators said Bessell used the hijacked computers to launch distributed-denial-of-service (DDoS) attacks and crash websites by bombarding them with traffic. Alex Bessell, from Liverpool, used a zombie army of 9,083 computers to launch more than 100 attacks on firms including Google, Skype and Pokémon, police said Thursday (18 January. Online, he sold remote hacking tools, botnet tools, booter access software and other malware variants, according to the West Midlands Police. Anyone who is using their technical expertise for sinister motives needs to sit up and take notice of this sentence – because they face a very real risk of being jailed. In the past, we have seen hackers escape with suspended prison sentences or even community orders but courts are increasingly switching onto the damage cyber crooks can wreak. They simply needed to pick a piece of malware, pay the fee, and Bessell would do the rest. It meant anyone who had a grudge against an individual or company, or who simply wanted to conduct a cyber attack, didn’t need the technical know-how themselves,” he continued.”They simply needed to pick a piece of malware, pay the fee, and Bessell would do the rest.
Massive data breach hits Norway and over 3 million people’s healthcare data feared stolen by hackers
A massive trove of Norway’s healthcare data may have been stolen by unknown hacker(s), which could likely impact almost half of the nation’s population. A healthcare organisation in Norway, Health South-East RHF, which manages hospitals in the nation’s southeast region and reportedly serves around 2. Health South-East RHF said that Norway’s CERT department for its healthcare sector alerted the firm about having detected “abnormal activity” in the region’s computer network, which revealed “burglaries in computer systems. The director of Norway’s ministry of healthcare, Bjørn Guldvog, deemed the data breach as serious, adding that the authorities are taking measures to ensure that any fallout caused by the breach is limited. There is close dialogue with the hospitals about this and there is so far no evidence that the burglary has had consequences for patient treatment, patient safety or patient data has been overlooked, but it is too early to conclude,” CEO of Health South East RHF, Cathrine M Lofthus, said in a statement. It still remains unknown as to whether hackers were able to successfully access and exfiltrate data and if so, how many people may have been impacted by the breach. The group added that the hack is suspected to be the work of an “advanced and professional” hacker. 9 million people, announced the data breach earlier in January. We are working to acquire knowledge of all aspects,” director of the Norwegian security agency, National Security Authority (NSM), Kjetil Nilsen, told a local newspaper. However, Guldvog refrained from mentioning what measures had been taken to deal with the breach.
This Chrome and Firefox extensions can hijack browsers, spy on you and are almost impossible to remove
Uber says security bug that let hackers bypass two-factor authentication wasn’t ‘particularly severe’
A security researcher uncovered a bug in Uber’s two-factor authentication system that could have potentially allowed hackers to bypass it and hack into users’ accounts. However, Uber said the bug reported by Saini was “not a bypass” and was “likely caused by the security team’s ongoing testing to evaluate and refine the effectiveness of different techniques” to secure user accounts. In correspondence with Saini regarding the report, Uber Security Engineering Manager Rob Fletcher reportedly wrote: “This isn’t a particularly severe report and is likely expected behaviour. He also told Saini that Uber currently only uses two-factor authentication “when certain requests are deemed suspicious” and is “not an account-wide setting used on every device. Uber spokesperson Melanie Ensign told ZDNet: “We’ve been testing different solutions since we received a lot of user complaints about requiring 2FA on [an Uber web address which we are redacting per our decision to not reveal specifics of the bug] when people are trying to report a lost or stolen phone and can’t receive a code on that device. Saini said Uber marked his bug report as “informative”, which means it contains “useful information but did warrant an immediate action or fix. Lindsey Glovin, Uber’s bug bounty program manager, also responded to Saini’s bug report saying the company “received several reports” on the issue over the past few months and called it a “known temporary tradeoff while we continue to test alternatives. Uber uses two-factor authentication by sending a code via text message to the user’s device to verify their identity. The bug could potentially allow a malicious hacker to sign into a person’s account using their email address and corresponding password and bypass the 2FA system without having to plug in a security code.
Hackers using PDF versions of the controversial Trump book Fire and Fury to spread malware
Hackers are looking to exploit the hype surrounding Michael Wolff’s new book, Fire and Fury: Inside the Trump White House, to spread malicious malware, security researchers have reportedly found. While digital versions sold by official eBook retailers such as Amazon and Apple among others are not affected, free and unauthorised copies of the book found on torrenting sites and floating around social media may be infected with this malicious software, the Daily Beast noted. President Trump has also slammed Fire and Fury along with its author Wolff in numerous tweets referring to it as a “fake book. Hackers are looking to tap into the hype surrounding Fire and Fury by lacing pirated versions with malware REUTERS/Phil Noble. It is very difficult to determine if a PDF is unsafe unless the user is able to analyse the file with the tools normally used by malware analysts,” Giovanni Vigna, co-founder and CTO at security firm Lastline told IBTimes UK. The book features some provocative excerpts and anecdotes about Trump and close aides, including multiple quotes attributed to Trump’s former chief strategist, Steve Bannon. This is why the users should use anti-malware tools for every document they open. Molsner highlighted the malware in a tweet on Friday, saying: “Sometimes we come across strange malware. Kaspersky Labs researcher Michael Molsner first highlighted a piece of malware found on a pirated version of the controversial tell-all on US President Donald Trump and his presidency that has been making waves in Washington. This compromised PDF version of the book also had just 237 pages, rather than 328 pages in the official version.
Intel warns customers not to use its faulty Meltdown and Spectre patches – here’s why
Intel is warning customers, computer makers and cloud providers to avoid installing its Spectre and Meltdown patches — designed to address two high-profile security flaws in its chips — after it found the patches were not behaving as expected. The company said it has identified the root cause of the “reboot issue” affecting its Haswell and Broadwell processors that first popped up earlier this month, and is working towards deploying a solution that patches the exploits without causing any other unexpected issues. We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behaviours,” executive vice president Navin Shenoy said in a statement on the chipmaker’s website. Intel’s decision to pause its updates comes amid criticism from security and technical experts over tech companies’ approach to dealing with and patching Spectre and Meltdown. In recent weeks, technology giants have scrambled to address and issue fixes for the critical Meltdown and Spectre design flaws after researchers found the critical flaws exist in Intel, ARM and AMD chips built in the past two decades. This week, Linux creator Linus Torvalds blasted the Meltdown and Spectre patches issued by Intel as “complete and utter garbage. Earlier this month, Microsoft also suspended its patches for computers with AMD chips after users reported seeing the dreaded “Blue Screen of Death” and were unable to reboot their device after installing the updates. Intel disclosed that the patches were causing devices to reboot unexpectedly among other “unpredictable” behaviour. The updates include security measures to protect devices and users against the critical Meltdown and Spectre vulnerabilities that came to light earlier this year.
These Tinder security flaws could let malicious hackers spy on your swipes, photos and matches
Security researchers have discovered two disturbing vulnerabilities in Tinder’s popular dating app that could let malicious attackers spy on your photos, swipes and matches. By carefully analysing the predictable HTTPS response size, researchers also found it is possible for an attacker to decode encryption signatures and figure out a Tinder user’s every move on the app. The Tinder API uses HTTPS connections and sends encrypted packets from the server based on each action made by the user such as swiping right on a profile they liked, swiping left on one they passed up on or “super liking” with an upward swipe. While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app,” Checkmarx said. The security firm built a proof-of-concept app named TinderDrift (as seen in the video embedded below) to demonstrate how they were able to reconstruct a Tinder user’s entire session on their laptop if that person was on the same public Wi-Fi network. However, researchers found that these encrypted responses have a set length making it easier for an observant attacker to decipher what action a user has taken. By exploiting both these flaws, an attacker located in a public space with open Wi-Fi such as an airport or cafe could potentially analyse and collect sensitive information about any Tinder user connected to the same network and follow how they are using it in real time. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other types of malicious content,” Checkmarx said in a report.
DU law centre website hacked by Bangladeshi hackers
Students of Delhi University’s Law Centre II on Friday woke up to a message from Bangladesh cyber hackers that their college website fell prey to a cyber attack, warning the admin to secure it. The message left by “cyber terminator army” explicitly warns the admin of unguarded website of law faculty centre. “Hey admin, your system is not secure. If you do not patch, we will again arrive. We are Bangladeshi,” the message read. The hacking appears to have have been carried out from Bangladesh, as claimed by the hackers. While the hacking does not present a serious threat to DU, the website remained under hacker’s control until Friday afternoon. The attack was carried out with an intent not to cause any serious damage to law faculty’s website. “Hacking is primarily done to send out a message by hackers as we have seen in the past when cyber hackers from Pakistan hacked our country’s government website to leave messages about Kashmir. This time, however, no threat has been issued against our country. It could be viewed as a warning to the admin,” said Kislay Chaudhary, chairman of NGO Indian Cyber Army. Dr V K Ahuja, in-charge of Law Centre II confirmed the cyber attack on department’s webpage.