Researchers detect a threat that abuses Android accessibility feature to steal data

Researchers from LookOut, a San Francisco-based mobile security company that provides security to both private and business mobile devices, have detected a malware dubbed “AndroRATIntern” that abuses the accessibility service in Android to steal sensitive data from infected smartphones.

“After discovering this threat, Lookout notified both LINE and Google. None of LINE’s systems were breached. All Lookout users are protected against this threat,” the researchers wrote in the blog.

According to the researchers, AndroRATIntern is surveillanceware developed from the AndroRAT malware toolkit. It is sold commercially as “AndroidAnalyzer”.

“The threat is notably the first piece of malware we’ve ever seen abusing the Android accessibility service to steal data,” the blog read.

According to them, the malware targets the Japanese market. It can collect a broad amount of data from infected devices, including LINE’s, which allows users to make voice and video calls and send messages and most popular communications apps in Japan, messages, contact data, call logs, SMS, audio, video, photos, SD card changes, and GPS location.

The researchers said that the AndroRATIntern must be locally installed which requires a malicious actor to have physical, unmonitored access to the target device, making it a much more targeted threat that cannot be spread by drive-by-download campaigns.

It steals SMS messages, contact data, and other files are not uncommon. However, it is difficult to steal messages from LINE as the application runs in a sandbox.

The malware bypasses the security mechanism by abusing the text-to-speech accessibility feature in Android. This feature is designed to aid visually impaired users, but the malware developers are leveraging it to capture LINE messages when they are opened by the victim.

The researcher pointed out some tips which can keep people safe:

-         - Keep a pass-code on your device. it will be significantly harder for someone to download and install anything to your phone if it’s locked
-          -Download security software that can tell you if malicious software is running on your device
  

Hackers behind Canadian security intelligence service

In less than two weeks the Canadian Security Intelligence Service (CSIS) website was temporarily down for the second  time on 29 June.

According to the CTV News reports the latest hit was a denial of service attack. Jean-Christophe de Le Rue, a spokesman for the ministry of public safety and emergency preparedness, said, that the website was temporarily offline and that "no information has been breached. We are taking cyber security very seriously."

The report said, citing sources, several attacks on many Canadian municipal and police websites has been conducted by the person behind the latest attack. A local news website reported that the responsibility for the attack was claimed by a person using the Twitter account @TWITRis4tards. However, authorities have not confirmed the identity of the hacker.

The main motive behind the attack is unknown but it is suspected that hacker tried to  drive the attention of the authorities toward Bill C-51, which gave the Canadian government power to intervene and stop "violent Islamic jihadi terrorists" supporting the Islamic State group.

Many government websites, including ServiceCanada.gc.ca and Parl.gc.ca, were attacked, for which the Anonymous group claimed responsibility. However,  sources told CTV News that this time the person was working alone, unlike previous attacks.

Plex Forum hacked, change your password now


ALERT! Internet movie and television enthusiasts, who have been using the PLEX media servers and the PLEX forums for their daily dose of entertainment, it's time to check in your private credentials. PLEX, an online movie and TV library forum has announced that their servers have been hacked on the morning of 2nd July, 2015; which has left registered email addresses, user ids and passwords vulnerable.

The company has clarified that only the accounts that have been used for accessing the services of PLEX forums have been compromised. Yet, it added that the accounts that were created through social media hyperlinks and were never used to access the forums are most probably vulnerable to data breach. The company has however stated that their has been no breach of credit card information as it is never stored in the servers.

The company after finding about the attack, sent an email to the users, requesting them to reset their passwords. The email sent by the company follows :


Dear Plex User,

Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.

If you are receiving this email, you have a forum account which is linked to a plex.tv account. The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (in technical terms, they are hashed and salted). Despite the password encryption measures, we take your privacy and security very seriously, so as a precaution, we’re requiring that you change your password.

Be sure to choose a strong password, never share it, and never re-use passwords for different accounts! Even better, use a password manager (1Password, for example) to manage a unique password for you. Access to your Plex account will be blocked until you do so.

Please follow this link to choose a new password.

We’re sorry for the inconvenience, but both your privacy and security are very important to us and we’d rather be safe than sorry!

We will post more detailed information on our blog shortly. Thanks for using Plex!
Now the question arises whether the company can strengthen the security of its servers and continue providing the services without putting the privacy of its users at stake?

Selfies to use as a password for doing online payments


You know what? Selfies, which we click mostly for posting on social networking sites, are now being using as a password for doing payments. 

MasterCard, an American multinational financial services corporation headquartered in New York, United States, is trying new facial recognition technology that would let customers verify their identity online by taking a selfie.

Mastercard’ s customers, who still use a system called SecureCode to verify their identity while shopping online, requires them to enter a password at the point of sale.

In an interview with CNN Money MasterCard executive Ajay Bhalla said that they want to identify the people for who they are not what they remember.

"We have too many passwords to remember and this creates extra problems for consumers and businesses. The new generation, this is into selfies….  I think they'll find it cool. They'll embrace it," he added.

According to a news report published on The Telegraph, in order to avoid problems like forgetting passwords, stealing or intercepting, many financial organisations and technology companies are testing biometrics as an alternative form of identification.

Like a British technology firm recently launched the world’s first emoji-only passcode, which allows people to log into their banks using four emoji characters, instead of PINs or passwords.

According to the report, during the trial period, some of the Mastercard's users or customers will be prompted to snap a photograph of their face using the Mastercard app on their smartphone at the online checkout point instead of entering password.

It is said that the app then converts the photo into 1s and 0s using facial recognition technology, and transmits it over the internet to MasterCard, which compares it with a stored code representing the cardholder's face. If the two codes match up, then the purchase will be approved.

Bhalla said that MasterCard will not be able to reconstruct the user's face from the data, and that the information will be transmitted and stored securely.

The company is currently testing the technology with 500 customers, and is planning a broader trial for later this year.

Along with the selfies, the company is experimenting with other forms of identification such as fingerprint scanning and voice recognition.

Donald Trump’s Hotels face credit card breach: Report

The Trump Hotel Collection, a chain of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, may have been the latest victim of a credit card breach, according to KrebsonSecurity.

According to a report posted on Wednesday, as per the data shared by several U.S.-based bank, the hotel collected appears to the latest victim of credit card breach.

At first when they had contacted the company regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, it refused to comment.

However, the company later issued a brief statement from Eric Trump, executive vice president of development and acquisitions.

“Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

However, it is confirmed from various sources in the financial industry, the company has little doubt that Trump properties in several U.S. locations including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York are dealing with a card breach that appears to extend back to at least February 2015.

According to the report, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments.

“Magnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash,” the report reads.

It is said that merchants that have not yet installed card readers In October 2015 and accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards.


While experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers.

Team GhostShell are back with a bang

 
They are back again after almost three years! Team GhostShell, a well-known hacking group, has returned with hacks and database leaks.

The hacking group claims to have leaked data from various websites within 24 hours.

On June 29, the team posted on twitter links to a number of Korean and Japanese websites, educational portals, university websites and travel websites which they claim to have hacked.

The posted websites and services do not appear to follow a particular trend or pattern so it is believed that the sites have been hacked.

Lee J, a security researcher, posted on Cyber War News that when he contacted TeamGhostShell, they had explained that not all data is going to be leaked from targeted sites and as an example of this got shown an exclusive set of data from an Australian cloud provider (redacted for now) which contains 1,500+ full banking information such as full names, home addresses, mobile contact numbers, contract dates and probably worst of all Tax file number (TFN). The provider has been contacted at time of publishing.

According to him, till the date, 444 different databases have been dumped from various sites and sub-domains mostly being education and government based.

“A basic scan of these sites has shown that there is a heap of accounts leaks, over 17,700 have email and password combinations as well as many other user name and password combinations as well,” he added.

“I have been told in a conversation with TeamGhostShell that they plan to leak data until they are caught,” he said.

He said that the team has added pastebin.com account with a paste titled “Dark Hacktivism- Information is everything”.

It is said that this is not the end. There are a lot more data to come over in coming days or weeks.

Fake Verification of Twitter account could lead to Phishing and Credit Card theft

The verification of somebody's account on Twitter is a pretty big deal as you as an user cannot do anything about it. It is only if you are recognizable by thousands of people that Twitter verifies your account.

The chance to get a verified account on Twitter can seem very tempting and that is how somebody operating Twitter account 'Verified6379' is scamming people into divulging their payment details.

The user which claims to be an 'Official Verification Page' of Twitter redirects you using a shortened Goo.gl URL and lands you on a page that looks like twitter.

The page then demands secure information like username, password, credit card numbers and others to verify your account.

The URL has seen over 18,000 hits over the last month.

British lady lost £50,000 in a “phishing scam”

Beware of doing any Online transaction as a lady from London has claimed that she lost £50,000, her life savings in a “phishing scam”.

According to a report published on BBC, the 59-yeat-old Vivian Gabb told in the Victoria Derbyshire’s, a British journalist and a broadcaster, was in the middle of buying a house when her email got hacked by the crooks.

She said that she was conned out of her life savings by scammers who sent her a 'phishing' email with instructions to wire the money to the “bank”.

She was unaware that every email she wrote and received was being monitored by criminals.

According to her, the criminals sent her a message disguised as a follow-up email from her solicitor and asked her to deposit nearly £50,000 into their account.

According to the news report, the Get Safe Online,  an internet safety advice website, says more than half (51%) of people in the UK have been a victim of an online crime, and 15% of people have been victims of either attempted or successful hacks of their email account.

Malwarebytes offers pirates a free one year license

Software companies have been serving the general public for years. But in this process, starts the raging war between the companies and the so-called "crackers" who try to counterfeit genuine products in order to promote piracy.

This creates a loophole in the distribution part of the products. This battle has seen some technical advancement in preventing counterfeiting of the services.

While Microsoft has implemented a product activation procedure for the Windows Operating system and its Office suite, some of the premiere gaming company have a registration process into their servers in order to activate the game, declining which the game becomes unavailable for playing. Yet, there is a continuous struggle amongst the "cracking " society to crack the softwares for free access and piracy.

While this struggle has accelerated with time, a company has finally decided to allow the vicious pirates to gain legit access to their product. Malwarebytes, a premium security firm has initiated Amnesty, a program to enable the users who have procured the serial key from piracy dealers or have downloaded it from the internet, to reissue their security key for free. This reissued key will provide the user with premium access to Malwarebytes Anti-Malware for a period of 12-months.

The company states that the internet has good pioneers as well as bad pirates. While the pioneers work hard day and night in order to provide users with state of the art services, pirates try to dupe people into buying pirated versions of Malwarebytes Anti-Malware.

"Amnesty program has initiated providing free replacement keys to the premium customers who have been facing inconvenience because of pirated keys or software abuse for Malwarebytes Anti-Malware".

To ease it up, you can start by downloading the latest version of Anti-Malware Premium(direct link to download). Once you are done with the installation, the activation setup is initiated, where you have to enter your illegal activation key and proceed. This redirects you to the dialog box which gives you the option to select "I’m not sure where I got my key, or I downloaded it from the Internet". The company then issues you with a new key along with a 12-months free premium membership.

This has been started by Malwarebytes, who are providing one of the best security suites and anti virus tools in the market.

Samsung will unblock Windows Updates “within few days”

South-Korean multinational company, Samsung will release a software patch for its PCs “within a few days” that has been disabling Windows Update.

The conglomerate company has issued a statement on Friday assuring its users that it would  correct the problem, which was initially discovered earlier this week, in the coming days.

The spokesperson of the Samsung wrote in the statement, “Samsung has a commitment to security and we continue to value our partnership with Microsoft. We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days.

“Samsung remains committed to providing a trustworthy user experience and we encourage customers with product questions or concerns to contact us directly at 1-800-SAMSUNG FREE,” the statement read.

Patrick Barker, Microsoft researcher, shared on his blog that he discovered a file named Disable_Windowsupdate.exe after assisting a user in troubleshooting his Samsung computer. With this program installed, Windows users will have to manually install Microsoft's patches to update their computers.

He found out that with Disable_Windowsupdate.exe, even if Samsung users already re-enabled the "Install updates automatically" option on Windows Update, once the computer rebooted, the program will inconveniently return the Windows system to manual updates.

The researcher then reported the flaw to Samsung's support team. However, the company explained that it had to create a program that would prevent Windows Update from overwriting Samsung's default hardware drivers such as those for its USB 3.0 ports.

The spokesperson said in the statement that in order to satisfy their consumer, they are providing option to choose if and when they want to update the Windows software on their products.

Although, it has not been disclosed that how many Samsung computers were affected by the Disable_Windowsupdate.exe, it has programmed to work on all computers with Windows XP and higher, across different language settings.

Some reports mentioned that Samsung users have been complaining about this issue since April.