WARNING — Malware Found in CamScanner Android App With 100+ Million Users

By: Swati Khandelwal

Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store.

So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store.

Unfortunately, CamScanner has recently gone rogue as researchers found a hidden Trojan Dropper module within the app that could allow remote attackers to secretly download and install malicious program on users’ Android devices without their knowledge.

However, the malicious module doesn’t actually reside in the code of CamScanner Android app itself; instead, it is part of a 3rd-party advertising library that recently was introduced in the PDF creator app.

Discovered by Kaspersky security researchers, the issue came to light after many CamScanner users spotted suspicious behavior and posted negative reviews on Google Play Store over the past few months, indicating the presence of an unwanted feature.

“It can be assumed that the reason why this malware was added was the app developers’ partnership with an unscrupulous advertiser,” the researchers said.

The analysis of the malicious Trojan Dropper module revealed that the same component was also previously observed in some apps pre-installed on Chinese smartphones.

“The module extracts and runs another malicious module from an encrypted file included in the app’s resources,” researchers warned.

 

“As a result, the owners of the module can use an infected device to their benefit in any way they see fit, from showing the victim intrusive advertising to stealing money from their mobile account by charging paid subscriptions.”

Kaspersky researchers reported its findings to Google, who promptly removed the CamScanner app from its Play Store, but they say “it looks like app developers got rid of the malicious code with the latest update of CamScanner.”

More: https://thehackernews.com/2019/08/android-camscanner-malware.html

8 Ways Hackers Monetize Stolen Data

By: Steve Zurier

Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.

We are long past the era of the 14-year old teenage hacker trying to spoof a corporate or defense network for the fun of it, just because they can. While that still happens, it’s clear that hacking has become big business.

From China allegedly stealing billions of dollars annually in intellectual property to ransomware attacks estimated to top $5 billion in 2017, data breaches and the resulting cybercrime are keeping CISO and rank-and-file security managers on their toes.

Security teams need to be aware of the full range of what hackers do with this stolen data. The crimes range from stolen IP to filing fraudulent tax rebates to the IRS to setting up a phony medical practice to steal money from Medicare and Medicaid patients and providers.

“Hackers will often start by selling data on military or government accounts,” says Mark Laliberte, an information security analyst at WatchGuard Technologies. “People are also bad at choosing passwords for individual services and often reuse passwords, which lets hackers try those passwords on the other websites their victims use.”

MORE:https://www.darkreading.com/attacks-breaches/8-ways-hackers-monetize-stolen-data———–/d/d-id/1331560

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

By: Swati Khandelwal

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication.

In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and poorly secured routers.

DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more.

Hijacking routers’ DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher—both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers.

Discovered by security researchers at Kaspersky Lab, the new malware campaign has primarily been targeting users in Asian countries, including South Korea, China Bangladesh, and Japan, since February this year.

Once modified, the rogue DNS settings configured by hackers redirect victims to fake versions of legitimate websites they try to visit and displays a pop-up warning message, which says—”To better experience the browsing, update to the latest chrome version.”

MORE: https://thehackernews.com/2018/04/android-dns-hijack-malware.html

New TeamViewer Hack Could Allow Clients to Hijack Viewers’ Computer

By: sikur

Capturar

by 

December 05, 2017

Do you have remote support software TeamViewer installed on your desktop?

If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission.

TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other’s PC over the Internet from anywhere in the world.

For a remote session to work both computers—the client (presenter) and the server (viewer)—must have the software installed, and the client has to share a secret authentication code with the person he wants to share his desktop.

However, a GitHub user named “Gellin” has disclosed a vulnerability in TeamViewer that could allow the client (sharing its desktop session) to gain control of the viewer’s computer without permission.

MORE: https://thehackernews.com/2017/12/teamviewer-hacking-tool.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

World’s Top Trading Apps Saturated with Security Flaws

By: sikur

forextr

By Phil Muncaster

27/09/2017

Some of the most popular trading apps on the planet are riddled with vulnerabilities which could allow remote attackers to hijack accounts and steal users’ money, according to new research from IOActive.

The pen testing firm decided to run the rule on 21 of the most popular mobile stock trading applications, which have millions of global users and process billions of dollars in transactions every year.

It tested 14 security controls, many of which had a high failure rate, including privacy mode (95%), SSL certificate validation (62%), secure data storage (67%), root detection (95%), sensitive data in logging console (62%) and hardcoded secrets in code (62%).

Unfortunately, 19% exposed user passwords in clear text, meaning an attacker with physical access to the device could easily log in to trade their stocks or steal money.

What’s more, nearly two-thirds (62%) sent sensitive data to log files and 67% stored that data unencrypted. This means attackers with physical access to the device could discover a user’s net worth and their investment strategy, among other things.

Two apps used unencrypted HTTP channels to transmit and receive data, while 13 of the apps that used HTTPS didn’t check the authenticity of the remote endpoint by verifying its SSL certificate. This could enable man-in-the-middle attacks designed to spy on the app and even tamper with the app data via public Wi-Fi hotspots, IOActive said.

In addition, 95% of the apps didn’t detect rooted environments on Android handsets, meaning the underlying device may be exposed to extra security risks.

MORE: https://www.infosecurity-magazine.com/news/worlds-top-trading-apps-saturated/

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Hijacked software used to target tech giants

By: sikur

_97283021_gettyimages-821213532

From BBC News

22/09/2017

Hackers who booby-trapped widely used security software also used their malware to infiltrate machines at tech firms, suggests analysis.

Evidence that other companies had been compromised came to light as Cisco researchers probed how attackers got at the popular CCleaner programme.

Millions of people downloaded a Windows version that hackers had laced with malicious code.

Cisco said the attackers were seeking valuable intellectual property.

Cleaning up

Last week CCleaner creator Piriform revealed that attackers had managed to place a hijacked copy of version 5.33 that works on Windows on some download servers. The booby-trapped code was available for about a month between August and September,

MORE: http://www.bbc.com/news/technology-41359852

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist