Learn “How to secure yourself from Virus & Hackers” @ 250

XMASS Gift by Hackers to Mobile Users!!!!!!!!!!

 

Types of security threats in Android OS

• internet security
• June 6, 2013
• By: David Frankk
• Subscribe

 

 

Android is known for its app store having more than 800,000 apps (both paid and free) including utility apps, games, as according to the stats of Feb 2013. Most of the apps are uploaded directly into the store making it more vulnerable to attacks on Android devices and putting the user’s privacy at stake. A report shows that 136 out of 149 known threats for mobile accounts to Android while iOS and Windows remains threat-free.
Android is the largest market share holder with 52% of global smartphone subscriber-base and having widest range of mobile device platforms hosting this OS. Android also holds the largest app-store in terms of number of applications available to its users with more than 800,000 apps in Google Play, its app store. A recent study described the popularity of Android with having more than 48 billion app downloads from Google Play. However, another research conducted by F-secure labs states that prevalence of malware on various smartphone OSs is concentrated on Android as compared to other OSs.

© 2013 Nokia© 2013 Microsoft Corporation

Location: Boston

42.358631134033 ; -71.056701660156

There was a rise of 50% of malware for Android last year and its state has only worsened since then till now, making it the most vulnerable smartphone OS of today. All of these malware affect the users in one way or the other thus causing them privacy or monetary losses. Some of the threats are discussed below:

• Premium service abusers: These types of malware take over the control of the user for managing their bills and subscribed services. Installation of these applications deliberately subscribes the user for premium services without their knowledge and eventually increases the bill. Text message sent to premium numbers could be one of the examples where extra amount is charged from the user sending the message.
• Adware: Adwares work in a similar fashion to in-app advertisement. However, they are displayed as a pop-up notification and users do not have any control on such event. Moreover, these apps de-limits the authority of user to grant permission and adwares access the personal data like contact list stored on the phone. This could hamper the privacy of the user and replicate all the data of phone on remote server, if such functionality is embedded in an adware.
• Malicious Downloaders: These kinds of malware affect the monetary control of the users and increase their bill for subscription and/or downloading of unnecessary as well as paid apps. These malwares, just like adware, do not ask for the permission from the user and silently turn on the downloading for other applications or malware which could affect the privacy as well as the bill for that duration.
• Rooters: These types of malware are rare to be found in the app store however, these are the most lethal among the all. Rooting apps allow a hacker to take over the control of the device remotely and allows them to root the device to perform any task which can be performed by the user. User loses all the manual control over the device and any overriding or prevention operation fails to roll back the device.

 

Webcam hacking exploits Chrome Inbuilt Flash player for Camjacking

Researcher Egor Homakov demonstrated the possibility of Webcam hacking exploiting Chrome Inbuilt Flash player, a flaw that represents a serious threat to privacy.

Webcam hacking, hackers are increasing their interest on millions of cams that surround us. These prying eyes are everywhere, in the street as in our home, gaming consoles, smartTV and PC are all equipped with a camera.
The impressive diffusion of mobile devices equipped with web cameras makes Webcam hacking very attractive and it is considerably a serious menace for users’ privacy, these attacks are silenced and could cause serious problems. Think for an instant of the implication related to Webcam hacking made by cybercriminals or by a government for surveillance purpose, we have seen it in the movies but today it is a reality.
Let’s start from domestic webcam, the Webcam hacking is a reality according to a recent post published by Egor Homakov that highlighted a serious flaw in Google Chrome’s integrated Flash player.
Egor Homakov demonstrated that just pressing the play button a user could authorize an attacker to access his webcam giving him the possibility to capture video and audio without getting permission.

“I’ve heard a hacker could access my webcam and watch me in front of my computer. Could this really happen?“ YES, it is possible exploiting new Flash based flaw in Google Chrome.
“This works precisely like regular clickjacking – you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you,” Homakov said.

This type of attack dubbed is known for several years as Clickjacking, a known vulnerability in Adobe Flash Player Settings Manager.
Adobe is aware of Clickjacking attacks and it resolved the flaw with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website.
Differently for Camjacking attacker could hide the Flash Player security message when the flash file is trying to access a web camera or to a microphone.
According the researcher the Webcam hacking is possible exploiting an invisible Flash element present on the page, it is enough that victim using Chrome Browser clicks on it is.

“That’s what I thought as well. written a simple page with the opacity and flash container (flash requested access to the web-camera), it was observed that 21 Firefox, Opera 12.15 or ignore transparency flash animation, or just do not handle. But IE and Chrome 27.0.1453.110 10 well treated transparency and allowed to place himself on top of the text and / or image. That, no doubt, would have gone into the hands of web designers. But to remain on its laurels were just not interested, and I started to dig deeper, taking the idea of Clickjacking attack, but to remake it to fit their needs, ie to borrow all the “useful” function for the attacker. I chose access to the webcam (of course, yet we can get access to the microphone, but it was important, then?) So, I wrote a simple USB flash drive, take a picture with the help of a web camera and sends it to the server. “

Homakov verified that Webcam hacking with Camjacking doesn’t work with semi-transparent on IE.

An Adobe security team representative has confirmed the bug related only to Flash Player for Google Chrome.
Will Google solve the problem in the seven days established for fixing the bug to its products?
But the concerns do not stop at home webcam, Craig Heffner, a former software developer with the NSA declared to have discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco Systems Inc, D-Link Corp and TRENDnet.

“It’s a significant threat,”
“Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.” said the specialist.

He announced his intention to demonstrate it during the next Black Hat hacking conference, on July in Las Vegas.
Heffner revealed that he has discovered hundreds of thousands of surveillance cameras exploitable by attackers via Internet.
This is not a movie, neither an episode of the television serie Person of Interest … This is reality and maybe the Big Brother is already exploiting it!

Zeus Trojan steals funds and recruits Money Mules

Security firm Trusteer detected a new variant of Zeus Trojan that steals funds and recruits Money Mules proposing jobs ads to the victims using Man-in-the-Browser (MitB) techniques.

Zeus Trojan is becoming even more complex, its evolution is unpredictable due to the intense activity in the underground on its source code. Various forums in the underground offer customization service to adapt the behavior of Zeus trojan to new fraud scheme. Last version of the popular Banking Trojan detected by the Trusteer security firm is not only able to steal funds from its victims but it also tries to recruit them as ‘Mules’
Security firm Trusteer revealed that a group of criminals using the popular Zeus banking Trojan has started a recruiting campaign displaying ads for job scams once victim visits a popular job site, CareerBuilder [dot] com.
The investigation conducted by Trusteer focused also on employment websites that have long been a target for cybercriminals searching for the user’s credentials through malware distribution and mule recruitment.
The Zeus Trojan found by  Trusteer uses HTML injection to advertise a mule recruitment site when a victim visits CareerBuilder [dot] com. Mules are an essential component of the scam life cycle, in particular for cash-out money, in the past recruiting web site were used by criminal organizations to recruit these figures.

“Money mules are always a scarce resource and whenever criminals do recruit them, they keep a pretty good eye on them,” he said. “At the end of the day, you really can’t cash out unless you have a mule.” Commented Etay Maor, fraud prevention solution manager with Trusteer.

Typically the criminals create a job opening for “financial managers” with possibility to earn working at home, in reality those people that respond to the announcement serve as the money laundering component for cybercrime gang. Principal employment websites are aware of this illegal practice and have created dedicated security team including anti-fraud competences. The web site used for mule recruitment is marketandtarget [dot]com as reported  in the Zeus Trojan configuration file, site that is currently down.



On the other side malware authors have refined their techniques to avoid controls operated by site managers, the last variant of The Zeus Trojan in fact implements a Man-in-the-Browser (MitB) techniques to present the victim with an advertisement for a mule recruitment site every time he visits CareerBuilder [dot] com.

Man-in-the-Browser malware are commonly used by cybercrime to steal data from victims or to redirect them to compromised web sites such as the specific case we are analyzing.

The variant of Zeus trojan using HTML inject adds data fields or to present bogus messages to redirect  the victim to a fake job offering while he is visiting legitimate employment site CareerBuilder [dot] com, in this way the victim plays redirection as a legitimate operation of the access to a job opportunity.
The availability of the source of Zeus Trojan on the black market potentially opens to an infinite number of possibilities that we will meet in the near future and represents a success for the industry of malicious software.