Tag Archives: free

Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account

Nothing comes for free, especially online.

Would you be okay with allowing a few paid services to mine cryptocurrencies using your system instead of paying the subscription fee?

Most free websites and services often rely on advertising revenue to survive, but now there is a new way to make money—using customers’ computer to generate virtual currencies.

It was found that a scheduling app,

Microsoft Won’t Patch a Severe Skype Vulnerability Anytime Soon


A serious vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could potentially allow attackers to gain full control of the host machine by granting system-level privileges to a local, unprivileged user.

The worst part is that this vulnerability will not be patched by Microsoft anytime soon.

It’s not because the flaw is unpatchable, but because fixing the vulnerability requires a significant software rewrite, which indicates that the company will need to issue an all-new version of Skype rather than just a patch.

The vulnerability has been discovered and reported to Microsoft by security researcher Stefan Kanthak and resides in Skype’s update installer, which is susceptible to Dynamic Link Libraries (DLL) hijacking.

According to the researcher, a potential attacker could exploit the “functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories.”

The exploitation of this preferential search order would allow the attacker to hijack the update process by downloading and placing a malicious version of a DLL file into a temporary folder of a Windows PC and renaming it to match a legitimate DLL that can be modified by an unprivileged user without having any special account privileges.

When Skype’s update installer tries to find the relevant DLL file, it will find the malicious DLL first, and thereby will install the malicious code.

Although Kanthak demonstrated the attack using the Windows version of Skype, he believes the same DLL hijacking method could also work against other operating systems, including Skype versions for macOS and Linux.

Kanthak informed Microsoft of the Skype vulnerability back in September, but the company told him that the patch would require the Skype update installer go through “a large code revision,” Kanthak told ZDNet.

So rather than releasing a security update, Microsoft decided to build an altogether new version of the Skype client that would address the vulnerability.

It should be noted that this vulnerability only affects the Skype for the desktop app, which uses its update installer which is vulnerable to the DLL hijacking technique. The Universal Windows Platform (UWP) app version available from the Microsoft Store for Windows 10 PCs is not affected.

The vulnerability has been rated as “medium” in severity, but Kanthak said, “the attack could be easily weaponized.” He gave two examples, which have not been released yet.

Until the company issues an all-new version of Skype client, users are advised to exercise caution and avoid clicking on attachments provided in an email. Also, make sure you run appropriate and updated anti-virus software that offers some defence against such attacks.

This is not the first time Skype has been dealing with a severe security flaw. In June 2017, a critical flaw in Skype was revealed before Microsoft released a fix for the issue that allowed hackers to crash systems and execute malicious code in them.

Last month, among several messaging applications, Skype was also dealing with a critical remote code execution vulnerability in Electron—a popular web application framework widely-used in desktop applications.

Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies


Nothing is free in this world.

If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam.

For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who uses them and not the one you desire to hack.

Now, a security researcher has spotted another hacking tool—this time a PHP script—which is freely available on multiple popular underground hacking forums and allows anyone to find vulnerable internet-connected IP Cameras running the vulnerable version of GoAhead embedded web-server.

However, after closely analysing the scanning script, Newsky Security researcher Ankit Anubhav found that the tool also contains a secret backdoor, which essentially allows its creator to “hack the hacker.

“For an attacker’s point of view, it can be very beneficial to hack a hacker,” Anubhav said.

“For example, if a script kiddie owns a botnet of 10,000 IoT and if he gets hacked, the entire botnet is now in control of the attacker who got control of the system of this script kiddie. Hence, by exploiting one device, he can add thousands of botnets to his army.”

The rise of IoT botnet and release of Mirai’s source code—the biggest IoT-based malware threat that emerged last year and took down Dyn DNS service—has encouraged criminal hackers to create their massive botnet either to launch DDoS attacks against their targets or to rent them to earn money.


As shown in the self-explanatory flowchart, this IoT scanning script works in four steps:

  • First, it scans a set of IP addresses to find GoAhead servers vulnerable to a previously disclosed authentication bypass vulnerability (CVE-2017-8225) in Wireless IP Camera (P2P) WIFI CAM devices.
  • In the background, it secretly creates a backdoor user account (username: VM | password: Meme123) on the wannabe hacker’s system, giving the attacker same privilege as root.
  • Script also extracts the IP address of the wannabe hacker, allowing script author to access the compromised systems remotely.
  • Moreover, it also runs another payload on the script kiddie’s system, eventually installing a well-known botnet, dubbed Kaiten.

This tool is another example of backdoored hacking tools increasingly being distributed at various underground forums to hack the hacker.

In September, a backdoored Cobian RAT builder kit was spotted on multiple underground hacking forums for free but was caught containing a backdoored module that aimed to provide the kit’s authors access to all of the victim’s data.

Last year, we reported about another Facebook hacking tool, dubbed Remtasu, that actually was a Windows-based Trojan with the capability to access Facebook account credentials, but of the one who uses it to hack someone else.

The bottom line: Watch out the free online stuff very carefully before using them.

Hackers Are Distributing Backdoored ‘Cobian RAT’ Hacking tool For Free


Nothing is free in this world.

If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax.

Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.

Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit’s authors access to all of the victim’s data.

Dubbed Cobian RAT, the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013.

According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the “free malware builder” is likely capable of allowing other wannabe hackers to build their own versions of the Cobian RAT with relative ease.

Once the criminals create their own version of malware using this free builder, they can then effectively distribute it via compromised websites or traditional spam campaigns to victims all over the world and is capable of recruiting affected devices into a malicious botnet.

The Cobian RAT then steals data on the compromised system, with the capability to log keystrokes, take screenshots, record audio and webcam video, install and uninstall programs, execute shell commands, use dynamic plug-ins, and manage files.

Cyber Criminals Want to Hack Wannabe Hackers

Now, if you get excited by knowing that all these capabilities offered by the original authors of the malware builder kit are free as they claim, you are mistaken.

Unfortunately, the custom RATs created using this free Cobian RAT malware builder kit has a hidden backdoor module, which silently connects to a Pastebin URL that serves as the kit authors’ command-and-control (C&C) infrastructure.

The backdoor, at any time, can be used by the original authors of the kit to issue commands to all RATs built on the top of their platform, eventually putting both wannabe hackers and compromised systems infected by them at risk.

“It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author,” Deepen Desai, senior director of security research at Zscaler, wrote in a blog post published Thursday. 

“The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators Botnet.”

The researchers also explain that the original Cobian developer is “relying on second-level operators to build the RAT payload and spread infections.”

The original author then can take full control of all the compromised systems across all the Cobian RAT botnets, thanks to the backdoor module. They can even remove the second-level operators by changing the C&C server information configured by them.

A recently observed unique Cobian RAT payload by the researchers reportedly came from a Pakistan-based defence and telecommunication solution website (that was potentially compromised) and served inside a .zip archive masquerading as an MS Excel spreadsheet.

The bottom line: Watch out the free online stuff very carefully before using them.

Powered by WPeMatico

Avira Antivirus Security – fresh interface and friendly features

Avira Antivirus Security – fresh interface and friendly features

We have just rolled out a new UI for our Antivirus app for Android. The new look gives you a faster picture of your online security – and makes it easier for you to improve it. Online security is more than keeping away from malware. It’s a full spectrum effort that encompasses privacy from trackers, secure communication […]

The post Avira Antivirus Security – fresh interface and friendly features appeared first on Avira Blog.

Read More

Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems.

Skype is a free online service that allows users to communicate with peers by voice, video, and instant messaging over the Internet. The service was acquired by Microsoft Corporation in May 2011 for US$8.5 Billion due to its worldwide popularity.

Security researcher Benjamin Kunz-Mejri from Germany-based security firm Vulnerability Lab discovered the previously unknown stack buffer overflow vulnerability, which is documented in CVE-2017-9948, in Skype Web’s messaging and call service during a team conference call.

The vulnerability is considered a high-security risk with a 7.2 CVSS score and affects Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public security disclosure published on Monday.

“The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched,” the security firm wrote.

No User Interaction Needed

What’s worst? The stack buffer overflow vulnerability doesn’t require any user interaction, and only require a low privilege Skype user account.

So, an attacker can remotely crash the application “with an unexpected exception error, to overwrite the active process registers,” or even execute malicious code on a target system running the vulnerable Skype version.

The issue resides in the way Skype uses the ‘MSFTEDIT.DLL’ file in case of a copy request on local systems.

Here’s How Attackers can Exploit this Flaw

According to the vulnerability report, attackers can craft a malicious image file and then copy and paste it from a clipboard of a computer system into a conversation window in the Skype application.

Once this image is hosted on a clipboard on both the remote and the local systems, Skype experiences a stack buffer overflow, causing errors and crashing the application, which left the door open for more exploits.

“The limitation of the transmitted size and count for images via print of the remote session clipboard has no secure limitations or restrictions. Attackers [can] crash the software with one request to overwrite the EIP register of the active software process,” researchers from Vulnerability Lab says. 

“Thus allows local or remote attackers to execute own codes on the affected and connected computer systems via the Skype software,” they added.

Proof-of-Concept Code Released

The security firm has also provided proof-of-concept (PoC) exploit code that you can use to test the flaw.

Vulnerability Lab reported the flaw to Microsoft on 16th May, and Microsoft fixed the issue and rolled out a patch on 8 June in Skype version 7.37.178.

If you are Skype user, make sure that you run the latest version of the application on your system in order to protect themselves from cyber attacks based on this vulnerability.

Powered by WPeMatico

Avast Mobile Security: Now at your fingertips, 100% free of charge

In addition to the launch of the latest and greatest version of Avast Mobile Security, we’ve also got a few more important announcements about the app. The major news is this: we’re unlocking Avast Mobile Premium for every user!

Information for current premium users

Have you subscribed to the premium version of Avast Mobile Security or Avast Anti-Theft? We have great news for you. Not only will you never have to pay for those premium features again, but we’re also transferring your license over to Avast SecureLine VPN, which protects you from network spies. Read more on our FAQ for subscribers.

News for free users

Our FAQ page provides more detailed information on how to upgrade older versions of both Avast Mobile Security and Avast Anti-Theft to complimentary premium versions.

Why download the new Avast Mobile Security?

If you haven’t already done so, now’s the time to download Avast Mobile Security. We’ve rewritten the app from scratch to bring you a simple, intuitive app that is driven by the world’s most trusted antivirus engine. Avast Mobile Security 5.0 delivers a faster performance and virus scan while consuming less of your device’s battery and resources.


  The completely free, redesigned Avast Mobile Security for Android includes the following features:

  • Leading Mobile Malware Protection: Avast Mobile Security provides users with the most advanced mobile malware protections available.
  • App Permissions: Informs the user about data that apps have access to and ad networks included within apps.
  • Wi-Fi Security: Notifies the user when connecting to an unsecure router.
  • Unlimited App Locking: Users can password protect any and all apps on a device, providing another line of defense against prying eyes.

We’ve already told you how you can become a beta tester for Avast Mobile Security. If you have any more questions about how to become a beta tester for Avast Mobile Security (or any of our other apps), check out our FAQ page.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Read More