Someone Hijacks Botnet Network & Replaces Malware with an Antivirus

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users’ machines has now been found distributing a security software.

A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with Avira Antivirus installers.

What is Dridex Banking Trojan? How it Works?

Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again.

The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros.

Once the malicious file has been clicked, the macros download and install the main payload of the virus – the trojan program itself – from a hijacked server, which installs and runs on the victim's computer.

The Dridex trojan program then creates a keylogger on the infected machine and manipulates banking websites with the help of transparent redirects and web-injects.

This results in stealing victim's personal data like usernames and passwords, with an ultimate aim to break into bank accounts and siphon off cash.

Hacker replaces Trojan with Anti-virus

However, the recent Hack Surprises: Instead of distributing banking trojan, a portion of the Dridex botnet currently seems to be spreading legitimate copies of the free anti-virus software from Avira, as the company has announced itself.

"The content behind the malware download [link] has been replaced, it is now providing [a legitimate], up-to-date Avira web installer instead of the usual Dridex loader," explained Avira malware expert Moritz Kroll, reported Reg.

Avira believes that the white hat hacker or hackers may have hacked into a portion of infected web servers using the same flaws the malware authors used and then replaced the malicious code with the Avira installer.

So, once infected, instead of receiving Dridex malware, the victims get a valid, signed copy of Avira antivirus software.

"We still don't know exactly who is doing this with our installer and why – but we have some theories," said Kroll. "This is certainly not something we are doing ourselves."

Although the motives behind including the Avira software is still unclear, these kinds of actions are considered to be illegal in many countries, said Kroll.

What can be done to protect From Malware Attacks?

The guidance for preventing yourself from being a part of the Dridex Banking Trojan botnet is:

• Ensure you have an updated antivirus program running on your PC, which should be able to intercept the malicious attachments before they are opened.
• One of the best measures for securing your online environment is to deploy an at the network layer, which is especially useful to quickly detect malware and other threats in your network when integrated with a and SIEM (Security Intelligence and Event Monitoring) solution, such as (USM).
• Be careful of opening email attachments sent from an unknown email address, particularly (in this case) Microsoft Word and Excel files.
• Disable Macros in MS Office, or at least set the Macros to request permission before they run.

Read More

Critical Flaws Found in NETGEAR Network Management System

Netgear, one of the most popular router manufacturers, has been vulnerable to two different flaws that could allow hackers to compromise your corporate network and connected devices.

Reported critical vulnerabilities reside in the Netgear's ProSafe NMS300 Model (Network Management System) – a centralized and comprehensive management application for network administrators that enables them to discover, monitor, configure, and report on SNMP-based enterprise-class network devices.

SNMP (Simple Network Management Protocol) is a network management protocol which facilitates Netgear's ProSafe NMS300 application to gather data from various network devices such as servers, printers, hubs, switches, and routers.

Remotely collected data includes CPU load, routing tables, and network traffic statistics.

Serious Flaws in Network Management System

A joint security dug conducted by Pedro Ribeiro (Security Researcher of UK Based firm Agile Information) along with CERT Committee divulged the vulnerabilities in the web interface of the router that could allow attackers to:

• Upload and Execute any malicious file remotely (CVE-2016-1524)
• Download any file from Server (CVE-2016-1525)

Unauthorized Arbitrary File Upload Flaw: This flaw comes with the default installation of NMS300, allowing an unauthorized attacker to upload an arbitrary file and execute (Remote Code Execution) malicious code with SYSTEM privileges.

Upload location: http://:8080/fileUpload.do
Upload location: http://:8080/lib-1.0/external/flash/fileUpload.do
Execurition Location: http://:8080/null

Directory Traversal Attack: This vulnerability allows authenticated users to read and download any restricted file by manipulating ‘realName’ parameter of POST request tohttp://:8080/data/config/image.do?method=add URL.

The security vulnerabilities affect Netgear Management System NMS300, version 1.5.0.11 and earlier.

How to Protect Your Network from Hackers

Since there are no patches yet available from Netgear to fix these vulnerabilities, the only solution that network admins could implement here is strengthening the firewall policy by restricting the untrusted sources.

As threats continue to evolve and increase in volume and frequency, you can no longer rely on static network security monitoring.

Network administrators are strongly encouraged to monitor network-based services or protocols on a continuous basis using security monitoring solutions like (USM), which also includes (IDS) and  to help administrators to quickly identify and remediate threats on their network.

Netgear had not yet commented to this issue.

Read More

Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs?

Then this news would be a perfect pick for you!

What If, you can effectively carry a Linux computer in your pocket?

Hereby introducing a new Android-based Operating system named "Maru OS" that combine the mobility of a smartphone as well as the power of a desktop on a single device.

Maru OS allows you to turn your smartphone into a desktop when plugging it with an HDMI cable.

Maru custom ROM includes two operating systems:

• Android 5.1 Lollipop for mobile phones
• Debian-Linux for desktop monitor

When you connect your phone (with Maru OS installed on it) via HDMI to a monitor, it will load Debian Linux automatically on your desktop screen in less than 5 seconds.

"Your phone runs independently of your desktop so you can take a call and work on your big screen at the same time," Maru OS official website explains.

Maru is shipped with Zero Bloatware (no pre-installed apps), which facilitates lots of free space for all your apps and your phone runs fast.

Advantages of Maru OS

• Dual OS in phone
• Multi-Tasking
• Lightweight Distro Packages
• Zero Bloatware, except Google Play
• Run a web server from your pocket
• You can set up a portable development environment

And the Best One:

If by chance… your phone get disconnected from your screen, Maru OS will preserve your desktop state in the background, helping you pick up right where you left off.

This latest OS is still in beta stage and currently available only in Nexus 5 devices. We hope this limitation might disappear later on.

Read More

MIT Develops Hack-Proof RFID Chip — Here's How It Works

Do you know about RFID chips and how many you are carrying at this moment?

Today, RFID chips are built-in all sorts of items, including your credit cards, travel swipe cards, library books, grocery store cards, security tags, implanted medical records, passports and even the access cards provided by companies.

But, What actually is an RFID chip?

Radio frequency identification (RFID) is a small electronic device consisting of a chip on which data can be encoded, and an antenna used to transmit that data. It is typically used for short-distance communication of information.

However, there is concern that these RFID chips could easily be hacked, and the information on these chips could easily be stolen by hackers. After all, they don't even require physical access to these chips in order to get data from it.

The good news is:

Researchers at MIT have developed a new way that prevents RFID chips from hacking.

Although the information on RFID chip is protected with a secret cryptographic key that could thwart a casual data thief, skilled RFID hackers have repeatedly used "Side Channel Attacks" to steal information from these chips easily.

Side Channel Attacks:

The 'side-channel attacks' are designed to extract the secret cryptographic key from a system by analyzing the pattern of memory utilization or fluctuations in power usage.

However, side-channel attacks only leak a little amount of information for each repetition of a cryptographic algorithm, so a hacker need to run the attack many numbers of times to get a complete secret key.

Power Glitch Attacks:

One way to prevent side channel attacks is to rotate the private key frequently after each transaction with the help of a random-number generator, but a skilled hacker can overcome this with a so-called "Power Glitch Attack."

Repeatedly cutting the RFID chip's power just before it changes the secret cryptographic key is known as power glitch attack.

By using this method, hackers can render the above strategy ineffective and run the same side-channel attack thousands of times, with the same key, in order to get the pattern and fetch the information from the RFID chip.

Here's How MIT Hack-Proof RFID Chip Works:

The new RFID chip developed by MIT researchers and manufactured by Texas Instruments is designed to block power glitch attacks, which is virtually impossible to hack by any current means, researchers claimed.

The new hack-proof RFID chip can resist power-glitch attacks by having:

• An on-board power supply that is "virtually impossible to cut."
• Non-volatile memory cells that store computations the chip is working on, even if there's a power cut.

This results in resuming of computation once the power gets restored.

"If that computation was an update of the secret key, it would complete the update before responding to a query from the scanner," the researchers wrote in a press release. "Power-glitch attacks won't work."

To achieve this, the new chip takes advantage of a material called Ferroelectric crystals that consist of molecules arranged into a lattice form where positive and negative charges naturally separate.

Also Read: Hacker Implants NFC Chip In His Hand To Hack Android Phones

These ferroelectric crystals can operate as a capacitor for storing power, producing computer memory that retains data even when powered off.

The research team claims that if this high-security RFID chip hits mainstream adoption, it could help prevent contactless card details from being stolen, potentially preventing credit card frauds.

However, nothing is unhackable today, so calling something "hack-proof" or "virtually impossible to hack" doesn't make sense. As hackers nowadays are so skilled that even devices that are designed on the top of security features aren't immune to hacks.

However, new technologies, like this RFID chip, that take the security of users to the next level are always a good idea and importantly required to secure the world.

Read More

WhatsApp is Now Free For Lifetime

Good News for WhatsApp users!

The widely popular messaging service is going completely free. And you'll be able to use WhatsApp without paying a penny.

Old WhatsApp users might not be aware of this, but WhatsApp introduced the subscription fees for its service a few years ago, forcing new users to pay an annual 99 cents (~$1) subscription fee after the first year.

However, WhatsApp announced Monday that the Facebook-owned company is dropping its annual subscription fee to make its service free to all users.

While announcing the plan today, WhatsApp's founder Jan Koum stated that the annual subscription fee was still a barrier to some users.

"As we have grown, we have found that this approach has not worked well," WhatsApp admitted in a company blog post today. "Many WhatsApp users do not have a debit or credit card number, and they worried they'd lose access to their friends and family after their first year."

What will be WhatsApp's New Business Model?

WhatsApp categorically said the company won't be replacing the subscription fee with third-party advertisements like intrusive banner and interstitials, which nowadays is a common practice used to make free applications profitable.

Instead, the company said it will explore ways businesses can use WhatsApp to connect with individuals, and will introduce new ways for users to communicate with businesses and organisations that will pay the company to target relevant communications with customers.

For example:

• A bank could use WhatsApp paid account to communicate with its customers about recent transactions and necessary fraud warnings.
• An airline could use WhatsApp paid account to contact its passengers about a delayed schedule or cancelled flight.

It is the same approach WhatsApp parent company Facebook is using with its own Messenger application, which in last month started allowing its users to book an Uber cab directly through the Messenger app.

Read More