Tag Archives: Nothing

Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account

Nothing comes for free, especially online.

Would you be okay with allowing a few paid services to mine cryptocurrencies using your system instead of paying the subscription fee?

Most free websites and services often rely on advertising revenue to survive, but now there is a new way to make money—using customers’ computer to generate virtual currencies.

It was found that a scheduling app,

Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies


Nothing is free in this world.

If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam.

For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who uses them and not the one you desire to hack.

Now, a security researcher has spotted another hacking tool—this time a PHP script—which is freely available on multiple popular underground hacking forums and allows anyone to find vulnerable internet-connected IP Cameras running the vulnerable version of GoAhead embedded web-server.

However, after closely analysing the scanning script, Newsky Security researcher Ankit Anubhav found that the tool also contains a secret backdoor, which essentially allows its creator to “hack the hacker.

“For an attacker’s point of view, it can be very beneficial to hack a hacker,” Anubhav said.

“For example, if a script kiddie owns a botnet of 10,000 IoT and if he gets hacked, the entire botnet is now in control of the attacker who got control of the system of this script kiddie. Hence, by exploiting one device, he can add thousands of botnets to his army.”

The rise of IoT botnet and release of Mirai’s source code—the biggest IoT-based malware threat that emerged last year and took down Dyn DNS service—has encouraged criminal hackers to create their massive botnet either to launch DDoS attacks against their targets or to rent them to earn money.


As shown in the self-explanatory flowchart, this IoT scanning script works in four steps:

  • First, it scans a set of IP addresses to find GoAhead servers vulnerable to a previously disclosed authentication bypass vulnerability (CVE-2017-8225) in Wireless IP Camera (P2P) WIFI CAM devices.
  • In the background, it secretly creates a backdoor user account (username: VM | password: Meme123) on the wannabe hacker’s system, giving the attacker same privilege as root.
  • Script also extracts the IP address of the wannabe hacker, allowing script author to access the compromised systems remotely.
  • Moreover, it also runs another payload on the script kiddie’s system, eventually installing a well-known botnet, dubbed Kaiten.

This tool is another example of backdoored hacking tools increasingly being distributed at various underground forums to hack the hacker.

In September, a backdoored Cobian RAT builder kit was spotted on multiple underground hacking forums for free but was caught containing a backdoored module that aimed to provide the kit’s authors access to all of the victim’s data.

Last year, we reported about another Facebook hacking tool, dubbed Remtasu, that actually was a Windows-based Trojan with the capability to access Facebook account credentials, but of the one who uses it to hack someone else.

The bottom line: Watch out the free online stuff very carefully before using them.

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust


Kaspersky Lab — We have nothing to hide!

Russia-based Antivirus firm hits back with what it calls a “comprehensive transparency initiative,” to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community.

Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor.

Earlier this month another story published by the New York Times claimed that Israeli government hackers hacked into Kaspersky’s network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky.

US officials have long been suspicious that Kaspersky antivirus firm may have ties to Russian intelligence agencies.

Back in July, the company offered to turn over the source code for the U.S. government to audit.

However, the offer did not stop U.S. Department of Homeland Security (DHS) from banning and removing Kaspersky software from all of the government computers.

In a blog post today the company published a four-point plan:

  • Kaspersky will submit its source code for independent review by internationally recognised authorities, starting in Q1 2018.
  • Kaspersky also announced an independent review of its business practices to assure the integrity of its solutions and internal processes.
  • Kaspersky will establish three transparency centres in next three years, “enabling clients, government bodies & concerned organisations to review source code, update code and threat detection rules.”
  • Kaspersky will pay up to $100,000 in bug bounty rewards for finding and reporting vulnerabilities in its products.

“With these actions, we will be able to overcome mistrust and support our commitment to protecting people in any country on our planet.” Kaspersky’s CEO Eugene said.

However, infosec experts’ twitter commentary shows that the damage has already been done.

“Code review is absolutely meaningless. All Russian intelligence need is an access to KSN, Kaspersky’s data lake which is a treasure trove of data. Even open sourcing the entire product won’t reveal or even help with revealing that.” Amit Serper, the security researcher at Cybereason, tweeted.

Now it is important to see whether these actions will be enough to restore the confidence of US government agencies in Kaspersky or the company will be forced to move its base out of Russia.

Hackers Are Distributing Backdoored ‘Cobian RAT’ Hacking tool For Free


Nothing is free in this world.

If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax.

Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.

Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit’s authors access to all of the victim’s data.

Dubbed Cobian RAT, the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013.

According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the “free malware builder” is likely capable of allowing other wannabe hackers to build their own versions of the Cobian RAT with relative ease.

Once the criminals create their own version of malware using this free builder, they can then effectively distribute it via compromised websites or traditional spam campaigns to victims all over the world and is capable of recruiting affected devices into a malicious botnet.

The Cobian RAT then steals data on the compromised system, with the capability to log keystrokes, take screenshots, record audio and webcam video, install and uninstall programs, execute shell commands, use dynamic plug-ins, and manage files.

Cyber Criminals Want to Hack Wannabe Hackers

Now, if you get excited by knowing that all these capabilities offered by the original authors of the malware builder kit are free as they claim, you are mistaken.

Unfortunately, the custom RATs created using this free Cobian RAT malware builder kit has a hidden backdoor module, which silently connects to a Pastebin URL that serves as the kit authors’ command-and-control (C&C) infrastructure.

The backdoor, at any time, can be used by the original authors of the kit to issue commands to all RATs built on the top of their platform, eventually putting both wannabe hackers and compromised systems infected by them at risk.

“It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author,” Deepen Desai, senior director of security research at Zscaler, wrote in a blog post published Thursday. 

“The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators Botnet.”

The researchers also explain that the original Cobian developer is “relying on second-level operators to build the RAT payload and spread infections.”

The original author then can take full control of all the compromised systems across all the Cobian RAT botnets, thanks to the backdoor module. They can even remove the second-level operators by changing the C&C server information configured by them.

A recently observed unique Cobian RAT payload by the researchers reportedly came from a Pakistan-based defence and telecommunication solution website (that was potentially compromised) and served inside a .zip archive masquerading as an MS Excel spreadsheet.

The bottom line: Watch out the free online stuff very carefully before using them.

Powered by WPeMatico

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking


Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don’t care to apply patches on time.

Late last year, Cisco’s Talos intelligence and research group discovered three critical remote code execution (RCE) vulnerabilities in Memcached that exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers.

Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory.

The Memcached application has been designed to speed up dynamic web applications (for example php-based websites) by reducing stress on the database that helps administrators to increase performance and scale web applications.

It’s been almost eight months since the Memcached developers have released patches for three critical RCE vulnerabilities (CVE-2016-8704, CVE-2016-8705 and CVE-2016-8706) but tens of thousands of servers running Memcached application are still vulnerable, allowing attackers to steal sensitive data remotely.

Researchers at Talos conducted Internet scans on two different occasions, one in late February and another in July, to find out how many servers are still running the vulnerable version of the Memcached application.

And the results are surprising…

Results from February Scan:
  • Total servers exposed on the Internet — 107,786
  • Servers still vulnerable — 85,121
  • Servers still vulnerable but require authentication — 23,707

And the top 5 countries with most vulnerable servers are the United States, followed by China, United Kingdom, France and Germany.

Results from July Scan:
  • Total servers exposed on the Internet — 106,001
  • servers still vulnerable — 73,403
  • Servers still vulnerable but require authentication — 18,012

After comparing results from both the Internet scans, researchers learned that only 2,958 servers found vulnerable in February scan had been patched before July scan, while the remaining are still left vulnerable to the remote hack.

Data Breach & Ransom Threats

This ignorance by organisations to apply patches on time is concerning, as Talos researchers warned that these vulnerable Memcached installations could be an easy target of ransomware attacks similar to the one that hit MongoDB databases in late December.

Although unlike MongoDB, Memcached is not a database, it “can still contain sensitive information and disruption in the service availability would certainly lead to further disruptions on dependent services.

The flaws in Memcached could allow hackers to replace cached content with their malicious one to deface the website, serve phishing pages, ransom threats, and malicious links to hijack victim’s machine, placing hundreds of millions of online users at risk.

“With the recent spate of worm attacks leveraging vulnerabilities this should be a red flag for administrators around the world,” the researchers concluded.

“If left unaddressed the vulnerabilities could be leveraged to impact organisations globally and affect business severely. It is highly recommended that these systems be patched immediately to help mitigate the risk to organisations.”

Customers and organisations are advised to apply the patch as soon as possible even to Memcached deployments in “trusted” environments, as attackers with existing access could target vulnerable servers to move laterally within those networks.

Powered by WPeMatico