Android Malware Can Spy On You Even When Your Mobile Is Off

Security researchers have unearthed a new Android Trojan that tricks victims into believing they have switched their device off while it continues "spying" on the users' activities in the background. So, next time be very sure while you turn off your Android smartphones. 

The new Android malware threat, dubbed PowerOffHijack, has been spotted and analyzed by the researchers at the security firm AVG. PowerOffHijack because the nasty malware has a very unique feature - it hijacks the shutdown process of user’s mobile phone.

MALWARE WORKS AFTER SWITCHING OFF MOBILES

When users presses the power button on their device, a fake dialog box is shown. The malware mimics the shutdown animation and the device appears to be off, but actually remains on, giving the malicious program freedom to move around on the device and steal data.

"After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on," AVG’s mobile malware research team explained in a blog post. "While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user."

HOW DOES POWEROFFHIJACK MALWARE WORKS ?

Once installed, the malware asks for root-level permissions and tampers with the 'system_server' file of the operating system to affect the shutdown process. The malware particularly hijacks the mWindowManagerFuncs interface, so that it can display a fake shutdown dialog box and animation every time the victim presses the power button.

The nasty malware is apparently being propagated via third-party online app stores, but the researchers haven't mentioned the names of the the innocent-looking apps, also they haven’t explained how the malware gains the root access of the device. The code shown by AVG appears to contact Chinese services.

USERS AND ANDROID VERSIONS INFECTED

According to the company, PowerOffHijack malware infects devices running Android versions below 5.0 (Lollipop) and requires root access to perform the tasks.

So far, PowerOffHijack malware has already infected more than 10,000 devices, mostly in China where the malware was first introduced and offered through the local, official app stores.

PowerOffHijack malware has ability to silently send lots of premium-rate text messages, make calls to expensive overseas numbers, take photos and perform many other tasks even if the phone is supposedly switched off.

EASY STEPS TO GET RID OF POWEROFFHIJACK
In order to get rid of PowerOffHijack malware, users are advised to take some simple steps:

• To restart infected device manually just take out the battery.
• Remove malicious, untrusted and useless apps from your Android device.
• Do not install apps from 3rd Party app stores.
• Make sure you have a good anti-virus installed and updated on your mobile devices. AVG antivirus product can detect PowerOffHijack malware.

source :thehackernews

Read more »

AN INDIAN RECEIVED $12,500 FOR FINDING PHOTO-DELETING BUG – FACEBOOK

The latest Facebook bug bounty went to a web developer who discovered a bug that let him delete any photo album from the network. Laxman Muthiyah an Indian received a bounty of $12,500 for reporting the album-deleting bug.After two hours, Facebook got back to Muthiyah to let him know that the bug had been fxed and offered him the bounty.The bug would target Facebook’s Graph API, which lets users delete their own photo albums by clicking “delete album.”

Once Muthiyah discovered the bug he tried deleting one of his albums and after being successful he reported it to Facebook’s technical support team.In a blogpost titled, ‘How I Hacked Your Facebook Photos’, Muthiyah has explained in detail how the bug, that can delete a Facebook user’s photos, actually works.

“Thank you for reporting this information to us. We are sending it to the appropriate product team for further investigation. We will keep you update on our progress,” Facebook wrote to Muthiyah.

IT security company Sophos also points out in its Naked Security blog, Facebook album IDs are numeric, making them easy to guess. This means an attacker could have run a script to generate random album IDs and delete entire albums without the users knowing about it.

Read more »

Russian Hackers use Windows 0-Day exploit to hack NATO, Ukraine

Russian Hackers, dubbed the "sandworm team", have been found exploiting a previously unknown vulnerability in Microsoft's Windows Operating systems, reports iSight.

The group has used this zero-day exploit to hack computers used by NATO, Ukraine Government, European Telecommunications firms, Energy sectors and US academic organization.

The attack starts with a spear-phishing email containing a malicious power point document that exploits the vulnerability and infects victims machine with a malware.

"The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files."the report reads.

".. When handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources... This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands"

The vulnerability is reportedly affecting all versions of the windows operating systems from Vista SP1 to Windows 8.1.  It also affects Windows servers 2008 and 2012
.

Read more »

Visa Wants To Track Your Smartphone to Prevent Credit Card Fraud

If you are a traveler and loves to travel then you must be annoyed of those calls you sometimes get from your bank when buying things far from home, and the most annoyed part is when the company won't approve the transaction as it fears your card was stolen.

VISA MOBILE LOCATION CONFIRMATION APP

The payment processing and credit card giant Visa has came forward to put an end to this problem by letting cardholders the chance to buy things wherever they are. The company plans to release a new location-based feature that will help cardholders to update their location via smartphone.

Starting in April, the banks will include the software application, dubbed Visa Mobile Location Confirmation, in their smartphone apps. The app will use cardholders smartphone's ability to locate itself and verify that they're near where the card is being used.

IN WAKE OF INCREASING CREDIT CARD FRAUD

The idea behind this new move is to reduce the rising incidents of credit card fraud and fraudulent transaction that are a lot higher if the transaction takes place in a different location from the phone’s actual location. The app will differentiate between an authenticate transaction and a suspicious one.

"Mobile Location Confirmation is an optional service for consumers that will be offered through participating financial institutions’ mobile banking applications," Visa said Thursday. "The service uses mobile geo-location data in real time as an additional input into Visa’s predictive fraud analytic."

THE COMPANY BEHIND

This new software is supplied by a company called Finsphere - a leader in the use of mobile data and geospatial analysis. The software will be an opt-in service, meaning that it won't work until people grant permission.

In order to set up the location tracker, Visa has collaborated with different card-issuing banks to add its software to their mobile banking apps.

HOW THE APP WORKS ?

If the cardholder opts in for the feature, over a period of time, the Visa software will plot out a cardholder’s home range with a radius of roughly 50 miles.

If that customer leaves that territory, the tracker will send that information to Visa that the customer has entered a new city or country, and the company will be less likely to flag that card for fraud alerts when purchases at different area stores are made.

The move by the payment processing giant is good enough to lower the risk of credit and debit card fraud. The loss in terms of money by credit card fraud is rising with every year. According to the latest data available from the Federal Reserve, debit card fraud cost banks $1.57 billion in 2013 and credit card fraud cost $4 billion in 2012.

Read more »

Crashing Google Email App for Android Just By Sending a Malicious Email

A vulnerability has been discovered in the wildly popular Google’s Stock Android Email App, that could be exploited by malicious attackers to remotely crash your smartphone application just by sending a specially crafted email.

A Spain security researcher, Hector Marco, successfully exploited the vulnerability on his Samsung Galaxy S4 Mini running version 4.2.2.0200 of Stock Android Email App. He said the flaw appears to affect all older versions of Stock Android Email App, though devices running 4.2.2.0400 and newer versions are not affected.

According to the researcher, when the victim receives the malicious email and tries to view it, the email app crashes. Further attempts to open the email again triggers a crash in the application before the victim can do anything.

The flaw (CVE-2015-1574) is due to incorrect handling of the Content-Disposition header. Hackers could exploit the vulnerability by sending an email with a malformed Content-Disposition header to the targeted user in order to cause email application crash.

The only way to get rid of this crash issue is to remove the malicious email from the Stock Android Email App.

"Since the application crashes immediately, [and the] easiest and straightforward way to remove [the issue] is by using other email client (or via web) from the inbox at the email server," Marco explained in ablog post. "Another way is by disabling the internet connection (Airplane mode) before launching the email reader, and then you can remove the offending email."

However, removing the malicious email from the app’s inbox is only a temporary solution because the attackers can send as many malicious email as they want, Marco noted.

For proof-of-concept (PoC) demonstration, Marco publishes a python exploit code on Tuesday, and explained how sending a specially crafted email to a targeted user can crash victim’s email application.

So far, there are no reports that Marco’s exploit also works on iOS or other platform users. But the vulnerability affects a majority of Android smartphone users as the version of Stock Email App from Google comes pre-installed on the official versions of Android.

It isn't clear whether the vulnerability has been reported to Google. Users can upgrade their email Android application to 4.2.2.0400 or higher in order to protect themselves, but only those users who have option to upgrade.

Unfortunately the upgradation is not possible in all Android versions. Marco said his current Samsung Galaxy 4 mini was fully updated and is vulnerable to this attack, because no higher versions to 4.2.2.0200 are available for his device

Read more »

Kali Linux 1.1.0 Released

On 9th February 2105, Kali 1.1.0 was released. This is the latest version so far, and has a lot of major changes. Here's what the official Kali website had to say about it. Kali 1.1.0 can be download from here.- 

After almost two years of public development (and another year behind the scenes), we are proud to announce our first point release of Kali Linux – version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid stability. For us, this is a real milestone as this release epitomizes the benefits of our move from BackTrack to Kali Linux over two years ago. As we look at a now mature Kali, we see a versatile, flexible Linux distribution, rich with useful security and penetration testing related features, running on all sorts of weird and wonderful ARM hardware. But enough talk, here are the goods:

• The new release runs a 3.18 kernel, patched for wireless injection attacks.
• Our ISO build systems are now running off live-build 4.x.
• Improved wireless driver support, due to both kernel and firmware upgrades.
• NVIDIA Optimus hardware support.
• Updated virtualbox-tool, openvm-tools and vmware-tools packages and instructions.
• A whole bunch of fixes and updates from our bug-tracker changelog.
• And most importantly, we changed grub screens and wallpapers!

DownloadorUpgradeKaliLinux1.1.0

You can expect updated VMWare and multiple ARM image releases to be posted in the Offensive Security custom Kali Linux image download page in the next few days. As usual, if you’ve already got Kali Linux installed and running, there’s no need to re-download the image as you can simply update your existing operating system using simple aptcommands:

apt-get update
apt-get dist-upgrade

Read more »

Facebook Legacy Contact — Control What Happens to Your Account When You Die

When I Die, I'd like someone to keep updating my Facebook Status, just to Freak people out, because who knew I’d have WiFi signal up there. Jokes apart, Facebook has fulfilled my this wish as well.

The social networking giant is giving its users control over what happens to their Facebook accounts when they die.

Until now, Facebook allowed people to turn the profiles of their loved one into "memorialized" accounts after Facebook verifies that person has died, meaning the account could be viewed but not be managed or edited. But Facebook is now adding a new option that users can select prior to their death: 'Legacy Contact'.

"Until now, when someone passed away, we offered a basic memorialized account which was viewable, but could not be managed by anyone," the Facebook team wrote in a blog post. "By talking to people who have experienced loss, we realized there is more we can do to support those who are grieving and those who want a say in what happens to their account after death."

The social network announced this new feature Thursday that allows Facebook users to designate a specific friend as users’ Facebook Legacy Contact who will be allowed to access their account and pin a post on their Timeline after they die.

WHAT YOUR FACEBOOK LEGACY CONTACT CAN DO ?

Your Facebook Legacy Contact won’t be able to log in as you or read your private messages, but the contact will be able to do the followings:

• Pin a post to display at the top of your memorialized Timeline (to share a final message or notification about a memorial service)
• Update your Profile Picture and Cover Photo
• Respond to new Friend Requests
• Download an archive of your photos, posts, and profile information that you shared on Facebook

HOW TO ACTIVATE 'LEGACY CONTACT' FEATURE ?

In order to choose your Facebook Legacy Contact, follow the following steps:

• Open 'Settings'
• Choose 'Security'
• Select "legacy contact" at the bottom of the page.
• Submit the name of your specific Facebook friend who will be able to control certain aspects of your page after you die.
• Choose the options you want your Facebook Legacy Contact to have.
• Finally, the system will offer an option to send a message to that person, letting them know about their important new tasks.

Alternatively, users can also let Facebook know if they'd prefer to have their account deleted after they pass away.

Facebook is rolling out these new changes in the US first, but plans to expand the changes to more regions.

Read more »

Hackers Stole $300 Million from 100 Banks Using Malware

Despite increased online and mobile banking security, banks are more often being targeted by hackers. A hacker group has infiltrated a number of banks and financial institutions in several countries, stealing hundreds of Millions of dollars in possibly the biggest bank heist the world has ever seen.

According to a report published by the New York Times on Saturday, hackers have stolen as much as $1 Billion from more than 100 banks and other financial companies in almost 30 nations, making it "the most sophisticated attack the world has seen to date."

In late 2013, banks in Russia, Japan, Europe, the United States and other countries fell victim to a massive, sophisticated malware hack that allowed the hackers to spy on bank officials in order to mimic their behavior, according to an upcoming report by Kaspersky Labs received by the NY Times.

CARBANAK BANKING MALWARE IN THE WILD

In order to infect bank staffs, the hacker group sent malicious emails to hundreds of employees at different banks. Once open, the email downloads a malware program called Carbanak, that allegedly allowed perpetrators to transfer money from the banks to fake accounts or ATMs monitored by criminals.

The exact figure of the stolen amount is unclear, though, according to the cybersecurity firm, the total theft could be more than $300 Million. Because, the hackers only swiped $10 million at a time and some banks were targeted more than once.

"This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert," Chris Doggett, manager of Kaspersky's North American office in Boston, told the Times.

However, the cyber security firm does not name the banks and financial institutions involved in the massive theft operation in its report. But, the interesting part is that no banks have come forward to reveal that they have been hacked in this largest theft.

HISTORY OF CYBER HEIST

This is not first time when hackers have made banks and financial institutions as their target. In past, they had carried out a number of bank crimes. The list is given below:

• In March, 2012 - A Russian hacker was sentenced to two years in US prison for his involvement in a global bank Million Dollar Fraud scheme that used hundreds of phony bank accounts to steal over $3 million from dozens of U.S.accounts. He was responsible for the Zeus banking malware that was used to carry out the fraud.
• In October, 2012 - FBI arrested 14 people who used cash advance kiosks at casinos located in Southern California and Nevada and robbed over $1 million from Citibank.
• In May, 2013 - A gang of cyber-criminals operating in 26 countries stole $45 Million by hacking into the database of prepaid debit cards, making it the biggest bank robbery in the history.
• In July, 2013 - A hacker group allegedly broke into the computer networks of more than a dozen of major American and International corporations and stole 160 million credit card numbers over the course of 7 years, making it the largest data theft case ever prosecuted in the U.S.
• In October, 2013 - The Dutch police arrested four people who used TorRat Malware to target two out of three major Banks in the Netherlands and stole over Millions of Dollars from Banking Accounts.

Article by : Wang Wei

source: HACKERNEWS

Read more »

DroidStealth An Android Encryption Tool with Stealth Capabilities

We all have Internet-connected smartphones in our pockets, but it’s very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what’s the use if it is cracked by hackers or law enforcement?

What if the encrypted files don’t exist in the first place for law enforcement to decrypt it? That’s the motive behindDroidStealth, a new Android encryption tool that not only protects sensitive data with obfuscation, but ​also hides its existence on your phone as if it has nothing to hide.

DroidStealth Android app has been developed by security researchers from Delft University of Technology in the Netherlands and would come as a windfall to both the privacy lovers and the cyber criminals.

STEALTH LOGIN MECHANISM

DroidStealth Android encryption tool creates a hidden folder in your phone in which it stores your all encrypted files. The app itself can be opened by simply dialing a phone number of any length which is actually a pin or by punching an invisible widget on your phone's home screen five times.

The application is developed in order to hide the existence of any protection mechanism that usually hints casual inspectors that they need to do some tampering in an attempt to gain access to users’ encrypted data.

According to developer quartet Olivier Hokke, Alex Kolpa, Joris van den Oever and Alex Walterbos of Delft University of Technology, several other disguise techniques, such as hiding the app within a flashlight program, are used to hide your private data.

"Since simply encrypting the data is not enough, our approach provides an added step of obfuscation that increases security of the data: DroidStealth hides itself," the group wrote in the paper titled, 'A Self-Compiling Android Data Obfuscation Tool' co-authored with supervisor Johan Pouwelse.

"Instead of actually calling the number, the application launches, requesting the pin code. Furthermore, DroidStealth fully intercepts the call, making sure the number never gets added to the call log."

FEATURES OF DROIDSTEALTH

Some DroidStealth Android encryption tool features are listed below:

• The app is stored in a secretive mode, and can be renamed to appear as a benign app to "hide in plain sight".
• The app doesn’t appear under the normal downloaded app list.
• The app provides notification to the user if any of the secret files are left unlocked.
• The can be kept out of the running process list when not in use.
• The app does not pop up in the recent visited list.

LIMITATIONS OF DROIDSTEALTH

In a centralized store the DroidStealth Android encryption tool would result in a possible exposure threat, so it was distributed "nomadically" as an untrusted Android application rather than from the Google Play Store which would show up in a user's list of installed apps.

Secret data files would be encrypted using Facebook's Conceal API and could not be accessed from other apps or from its original location.

DRAWBACK OF DROIDSTEALTH

This may be one of the major drawback of DroidStealth app among others, which are listed below:

• The data is encrypted and decrypted within the app.
• Uninstalling the app may lead to deletion of all the data.
• Low memory of the phone might lead to force quitting of the application and this might lead to loss of the data.
• If a user's phone gets in the hands of investigation while the app is under decode mode, then it would be difficult for them to secure the data from officials.

GET DROIDSTEALTH NOW

The developers said that the DroidStealth Android encryption tool's user interface (UI) is chosen black "in order to give users the feeling that they are indeed working in secret".

DroidStealth app is not released on Google Play, but users can get it with a untrusted APK version of the App. The APK is available as an unaligned version, while users can download the nomadic versions of the app that are available throughout the Internet.

Read more »

Caller ID Faker App - Fake a call !

Caller ID faking, as modern as it may sound, goes back a decade to when the caller IDs were first introduced. At that time, the large scale businesses equipped with the costly PRI [Primary Rate Interface] lines mainly used the process of ‘caller ID spoofing’. A unit Primary Rate Interface line granted the business organisations with almost 23 phone lines all of which could have different address numbers. In its initial stages, the process of Caller ID spoofing was basically used by these business organisations to display one main number on all the calls they make, although the calls were not being held particularly by those numbers.

With the evolution of telephones and the introduction of smart phones, the techniques of caller ID spoofing have also evolved. Faking your caller ID has been made a lot easier with the caller ID faker android app. It allows you to make unlimited anonymous calls to any desired number. You can prank your friends and family with it, without the tension of being detected, EVER! If one ever thinks they are being cheated on, they can use this app to test their partner; obtaining all the information they may need! Evidence can also be stored with this app, but that will be discussed in the later part of the prose.

The caller ID faker android app has many such attributes that push it above the other ID spoofing apps, making it a must-have on your android device. Some of these are mentioned below;

The Record Option

The app offers it as a free option to record the calls you make with your device. Everything you say, everything the other party says in the conversation, can save in your phone if you want it to. You can make prank calls and listen to them afterwards whenever you feel down or miss your friends. On a serious note, if you are actually testing your partner with this app, and they say something controversial on the phone with the ‘fake you’ then you will have that conversation on your phone as evidence to use against them in the future.Input your Desired Caller ID

Not only can you hide your personal caller ID while calling, but you can even put any number you want as the displaying caller ID. You can call a certain friend while displaying another friend’s number to spice up the prank even more. Moreover, you can keep calling a person with changed numbers every time, making the receiver of the calls extremely confused, never knowing who is actually calling them.

Voice Changeover

Just when you thought this app could not get any better, BOOM! Another option! You can change your voice entirely during or before making a call. Not only can you change the general specifics of your voice, but even shift your voice to that of the opposite gender. In this way, you can never ever be detected, confusing the person being pranked more and more!

This app is loved by many, and on their requests, new updates are being launched to improve it. If you’re the pranky kind of guy, this app will serve you best!

Read more »