Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Kemoge Malware Menacing Android Phones

October 20, 2015 by  
Filed under Computing

Comments Off on Kemoge Malware Menacing Android Phones

Smartphone owners running Google’s Android operating system in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.

Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores.

“This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat,” wrote Yulong Zhang, a staff research scientist with FireEye.

Whomever created Kemoge repackaged legitimate apps with the malware and then promoted them on websites and through in-app ads to persuade people to download them.

Zhang listed a dozed affected apps: Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, Shareit, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enhancer and Light Browser.

Third-party apps stores are considered risky places to download Android apps, as hackers frequently upload malicious apps to them. Google performs a security check on apps in its Play store, although harmful ones occasionally sneak in.

Kemoge not only displays unwanted ads, but it’s also loaded with eight root exploits that target a wide range of Android devices, Zhang wrote. A successful attack using those exploits means an attacker would have complete control over the device.

Kemoge will collect a device’s IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers, information on storage and apps, and send the information to a remote server.

That command-and-control server was still running, Zhang wrote. An analysis of traffic exchanged between an infected device and the server showed Kemoge also tries to uninstall antivirus apps.

FireEye came across an app called Shareit in Google’s Play store that was signed by the same digital certificate as the malicious one found on the third-party source.

The Google Play version of ShareIt did not have the eight root exploits or contact the command-and-control server, but it did have some of the same Kemoge code libraries. It now appears to be gone from Google Play.

Source-http://www.thegurureview.net/mobile-category/kemoge-malware-menacing-android-phones.html

Cryptolocker Infects 250K Systems

December 31, 2013 by  
Filed under Computing

Comments Off on Cryptolocker Infects 250K Systems

DELL’s security research team has revealed that a new form of ransomware, dubbed “Cryptolocker” has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins.

“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.

The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.

“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.

Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.

“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.

Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.

“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”

Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.

“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.

Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.

Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.

Source

Adobe Reader Security Issue Found

May 8, 2013 by  
Filed under Security

Comments Off on Adobe Reader Security Issue Found

McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.

“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”

The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).

McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.

This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).

McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.

The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.

“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.

“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.

“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.

Source

Adobe Flash Exploited

March 16, 2011 by  
Filed under Around The Net

Comments Off on Adobe Flash Exploited

Hackers have found a way to exploit  Adobe Flash Player by using a zero-day vulnerability by using Microsoft Excel documents that was confirmed by Adobe yesterday. Adobe representatives that they will not be able to patch Flash until next week. Therefore, if you use Flash you are on your own until next week.  Read More….