Breaking News »

Latest Hacking News

Malware Hits CCleaner Security App


A popular cleanup tool CCleaner, file clean-up software run by an anti-virus company Avast,  for 32-bit Windows machines has been hit by a nasty malware, which might affect more than 130 million users.

The users are advised to update their software immediately after researchers discovered criminal hackers had installed a backdoor in the tool, in order to dodge being the victim of the malware.

The malware has affected the regular and cloud-based versions of CCleaner. The infected application allows you to download other malware like ransomware or keyloggers.

Security researchers at Cisco Talos were the first one who spotted the malicious code on September 13 after CCleaner 5.33 caused Talos systems to trigger its malware protection systems, "the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers."

According to the researchers, it has 2 billion downloads and every week they are getting 5 million extra, making the threat more severe than thought.

Talos’ researchers published a blog post in which they compared this malware with NotPetya ransomware that caused havoc around the world in June this year.

Piriform—CCleaner's UK-based developer, which was acquired by Avast in July, has sought to ease concerns of the users. Paul Yung, vice president of Piriform, wrote a post: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.

"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

"Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."

Yung explains:

‘’At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing ...

Again, we would like to apologize for any inconvenience this incident could have caused to our clients; we are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products. Users of our cloud version have received an automated update. For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher, the latest version is available for download here.”

Updated versions of CCleaner and CCleaner Cloud have been released; users are advised to download the latest version of CCleaner.  

Xafecopy Trojan Steals Money From Your Phone!

(pc-Google Images)
Cyber security firm Kaspersky’s report suggests that a new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones.

The trojan enters the mobile through apps such as BatteryLife, without affecting the functioning of the mobile phone. The trojan secretly loads malicious code onto the device.

After the codes being loaded, the trojan gets activated and begins opening web pages using the Wireless Application Protocol (WAP) billing – a form of mobile payment – which adds cost directly to the phone user’s post-paid bill. The process also does not require user to register a debit or credit card or set up a username and password. The malware uses technology to bypass 'captcha' systems designed to protect users by confirming the action is being performed by a human.

Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.

How To Protect Your Phone From Xafecopy Trojan

(pc-Google Images)
The latest in the series of ransomware and malware attacks is the Xafecopy trojan, which steals money from your infected mobile phone as reported by a Russian based internet security firm Kaspersky.

Kaspersky Lab experts have uncovered this mobile malware, which targets the WAP billing payment method, stealing money from victims' mobile accounts without their knowledge.

The Xafecopy Trojan is categorised as a malware because it gets side loaded along with other useful apps and then loads malicious code onto the device. Once the app is activated, the Xafecopy malware keeps tabs on webpages via Wireless Application Protocol (WAP) billing — a form of mobile payment that charges fees directly to the user's mobile phone bill — thereby siphoning money without ever getting noticed by the victim. Because the malware works through WAP billing it requires a mobile data connection to operate and, therefore, the Trojan malware automatically disables the wireless connection.

If you notice that your smartphone turns off the wireless connection randomly, there is a need to get your phone checked.

How to protect devices from Xafecopy and other malwares 

• Prohibit the installation of apps from unknown sources. This type of Trojan can be distributed through advertisements, and with this prohibition in place, you simply will not be allowed to install them.
• Make sure to use premium Antivirus software, which also provide malware protection and internet security
• Most of the telecom operators provide the option to disable WAP billing from the backend. Get the service suspended by getting in touch with a telecom operator.

Eugene Kaspersky accepts invitation to testify to US Congress

Eugene Kaspersky, co-founder and CEO of Russian security firm Kaspersky Lab, accepted an invitation to testify U.S lawmarkers.

ABC News reported that "Kaspersky Lab" is under close scrutiny for supposed links with the Russian intelligence services.

The Kremlin considered that  the decision regarding "Kaspersky Lab" is politicized. The Press-Secretary of the President, Dmitry Peskov, explained this Company is entirely commercial, it has commercial services, and commercial services are superior competitiveness in the world.
He added that Russia will do everything possible to protect the interests of Russian companies abroad.

The Chairman of the State Duma Committee on Information Policy, Information Technologies and Communications, Leonid Levin, noted that the deletion of "Kaspersky Lab" from the GSA can be seen as new sanctions against Russian companies working abroad.  According to him, the obstacles in the distributing of modern technologies prevent the establishment of trust relationships between countries.

Later "Kaspersky lab" offered to provide information about the company's development to the American authorities, but they did not respond. Soon the Department of Homeland Security said that they concerned about requirements under Russian law, that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The Press Service of "Kaspersky Lab" answered that the US DHS did not correct understand statement about the Russian Legislation, because the information, which comes from clients "Kaspersky Lab", is protected.

The Russian Embassy in the United States regretted the latest events on its website. According to the Russian Diplomatic Mission, the decision of the US Authorities is distracting from working together to address priorities, for example, terrorism.

According to the Press Service of "Kaspersky Lab", the Company will certainly provide all the information to confirm, that the US decision has no REASON.

- Christina