A Hacker's Tool Kit - Cybercrime is growing ever more pervasive—and costly.

Cybercrime is growing ever more pervasive—and costly. According to researcher Cybersecurity Ventures, the annual cost of cybercrime globally will rise from $3 trillion in 2015 to $6 trillion in 2021. Enabling this boom are thriving marketplaces online, where hackers sell tools and services to criminals. Virtually anything is available for the right price, points out Andrei Barysevich, director of advanced collection (“a fancy name for ‘spy,’ ” he says) at threat intelligence firm Recorded Future. A former consultant for the FBI’s cybercrime team in New York, Barysevich trawled the shadiest corners of the web to compile the cybercrime shopping list above, exclusively for Fortune. In the market for some basic malware? It’ll cost you as little as $1.

Read more »

Malwarebytes Introduces Malwarebytes for Android, Featuring Proprietary Anti-Ransomware Technology

SANTA CLARA, Calif., Aug. 24, 2017 /PRNewswire/ -- Malwarebytes™, the leader in advanced malware prevention and remediation solutions, today announced the release of Malwarebytes for Android, featuring targeted defense against mobile malware, ransomware, adware, infected applications and unauthorized surveillance. Combining multiple distinct protection layers, Malwarebytes for Android is a more effective and efficient replacement for antivirus on mobile devices.

According to data collected by Malwarebytes in the first half of 2017, incidences of Android malware increased more than five percent since the start of the year. Most notably, incidents of Android ransomware increased 138 percent in Q2 2017 (April to June) over Q1 2017 (January to March) , with Jisut, SLocker and Koler ransomware collectively accounting for nearly 95 percent of these detections. While Android ransomware is growing at this rapid pace, Trojans and potentially unwanted programs remain the biggest issues for Android users. Android Trojans accounted for more than 48 percent of all Android malware detections in the first half of 2017 and PUPs accounted for 47 percent of all detections.

Malwarebytes for Android features several distinct benefits and features for users to protect against this increasingly dangerous mobile threat landscape, including:

• Anti-Malware proactively and automatically scans mobile applications, files, native memory and SD cards for malware and spyware, in addition to potentially unwanted programs and adware for removal.
• Anti-Ransomware proactively stops ransomware in its tracks with proprietary next-generation technology and remediates ransomware incidents.
• Process Automation schedules automatic device scans and color codes device health issues by severity.
• Security Audit identifies security vulnerabilities on the device and suggests remediation.
• Privacy Manager identifies every application's access privileges in detail and breaks down access privileges by category.
• Scanner showcases scan progress and identifies types of infections found, removal results and scan history.

To optimize the mobility of these features, Malwarebytes for Android can be easily managed from a desktop widget. The app can also be controlled using SMS to remotely lock a device, remediate a device if it is being held ransom, and reset device pin codes.

"Windows devices are no longer the sole victims of damaging malware attacks, as strategic attacks on Android devices are rapidly on the rise," said Armando Orozco, Senior Mobile Malware Intelligence Analyst, Malwarebytes. "All Android users need to remain alert and proactively guard their identity and data on the go, just as they do on their computers at home."  

For further details on Malwarebytes for Android, click here.

About Malwarebytes

Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. The company's flagship product combines advanced heuristic threat detection with signature-less technologies to detect and stop a cyberattack before damage occurs. More than 10,000 businesses worldwide use, trust and recommend Malwarebytes. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia and a global team of threat researchers and security experts. For more information, please visit us at http://www.malwarebytes.com/.

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world's most harmful Internet threats. Marcin was recently named "CEO of the Year" in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal's 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.

Follow us on Facebook: https://www.facebook.com/Malwarebytes 
Follow us on Twitter: @malwarebytes https://twitter.com/malwarebytes  
Follow us on LinkedIn: https://www.linkedin.com/company/malwarebytes
See us on YouTube: http://www.youtube.com/malwarebytes 
Read our latest Malwarebytes Labs blog: https://blog.malwarebytes.com/

View original content with multimedia:http://www.prnewswire.com/news-releases/malwarebytes-introduces-malwarebytes-for-android-featuring-proprietary-anti-ransomware-technology-300508887.html

SOURCE Malwarebytes

Read more »

PayThink 'Self-protection' can shield banks from new Android BankBot card malware

Recently, the Dutch company Securify came across a new sample of the BankBot Android mobile banking malware.

While older samples of BankBot mainly targeted Russian financial institutions, the latest sample shows that BankBot now targets European and American institutions as well. More specifically BankBot now targets over 420 leading institutions in countries such as Germany, France, Austria, the Netherlands, Turkey and the United States.

BankBot is a banking Trojan horse that poses as an apparently benign consumer banking application. When the application is installed and run, it asks for administrative privileges. Once these privileges are granted, the icon disappears from the home screen. From that moment, the device is compromised and BankBot attempts to steal the customer’s credentials (e.g., username and PIN) and debit or credit card information.

Bloomberg News

BankBot tries to steal banking credentials by using a well-known technique called overlay. The malware creates a window that mimics the look and feel of the targeted mobile banking app, and it aims to trick users into entering their credentials. This overlay window is positioned on top of the target app when the user launches it. Because the fraudulent overlay window is created to look exactly like the target app, the user usually believes they are interacting with their institution’s genuine mobile banking app.

The BankBot malware comes with a list of names of mobile banking apps that it targets, and it compares names in this target list against the names of apps running on the Android device of the user. When BankBot detects that a running app is present in its target list, it generates the overlay window and positions it on top of the target app to deceive the device’s owner.

Technologists reviewing the following code snippet of BankBot can see exactly how the malware checks whether any of the processes running on the Android device are present in the target list, and how the malware launches the overlay injection routine. The comments in the code have been added by threat analyst Ernesto Corral to simplify reading.

The overlay itself consists of a customized WebView, which is an Android component that can be used to show a web page within an app. The content of the WebView is downloaded on the fly from the C2 server.

Can runtime application self-protection (RASP) offer protection? An analysis of a test shows RASP successfully defends mobile banking apps targeted by BankBot against overlay attacks. As a result, we can safely say that all of the more than 420 apps targeted by BankBot are protected, if so equipped. This is crucial because virtually all currently known malware families use the same deceptive overlay technique as BankBot. A good example of another malware family using this technique is Marcher, one of the most active banking malware families of 2016 according to Kaspersky’s report Financial Cyberthreats in 2016.

Moreover, RASP’s generic overlay protection mechanism ensures “future-proofing”: Any new mobile banking apps that are targeted by BankBot in the future using the same overlay technique, will also be protected.

Even if a banking Trojan should manage to steal a user’s banking credentials (his or her PIN, for instance), the user’s credentials would be of little value to a fraudster, if the app is protected with two-factor authentication, as were apps and devices in this test.

Apps protected in this way use two authentication elements: something the user knows (for example, the PIN) and something the user has (e.g., a cryptographic key stored on the mobile device), which is used to generate one-time passwords. While overlay attacks can be used to target the knowledge factor, they cannot attack the possession factor to steal the cryptographic key.

Analysts at the threat research labs used in this study analyzed the internals of malware such as Bankbot and Marcher. Findings show that at this point, many or most Android mobile banking malware families use the same approach to create fraudulent overlay windows that deceive users.

Based on lab testing, I and the threat research lab team are confident that RASP technology can, if properly developed and with sufficient security features to detect and prevent application-level intrusions, offer protection against all malware families that use this approach. Furthermore, two-factor authentication functionality can ensure that even successful overlay attacks can be thwarted.

via PaymentSource

Read more »

SURVEILLANCE MALWARE APPS MANAGE TO INFILTRATE GOOGLE PLAY STORE

Google’s Play Store has become home to some of the over a thousand malicious apps, known as ‘SonicSpy’, which have been deployed since February.

Of the large number of spyware apps, believed to have come out of Iraq, at least three versions of the malware have appeared in the Play Store in the last six months, according to mobile security company Lookout.

The malicious app most recently found on the Play Store was called Soniac – which was marketed as a customised version of cloud-based instant messaging service Telegram. However, it contained capabilities to silently record audio, takes photos, make outbound calls, send text messages to specific numbers, and retrieve information such as call logs, contacts and information about wi-fi access points. The app has since been removed by Google.

Two other samples of SonicSpy on the Play Store were called Hulk Messenger and Troy Chat – though both are no longer live. It is not clear, however, if Google stepped in and removed the apps, or if they were removed by the people behind the spyware to avoid detection.

Despite the Play Store being seemingly clear of SonicSpy, Lookout warns that we are unlikely to have seen the back of the family of malicious apps.

“The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future,” said Michael Flossman, security research services tech lead at Lookout.

via MobileMarketing

Read more »

Petya: Wiper or Ransomware & How to Protect Yourself

Learn the facts about the recent Petya attack that crippled many organizations worldwide. 

- Is it your regular run-of-the-mill ransomware or a wiper? 
- Who is a target? Why did it spread so quickly?
- How can organizations better protect themselves against similar attacks?

Read more »

Update your iPhone to avoid being hacked over Wi-Fi

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched.

As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”.

Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option.

After all, it’s the kernel that’s responsible for managing security in the rest of the system.

Sophos Home

Free home computer security software for all the family

Learn More

Take this analogy with pinch of salt, but an exploit that gives a remote attacker regular user access is like planting a spy in the Naval corps with a Lieutenant’s rank.

If you can grab local administrator access, that’s like boosting yourself straight to Captain or Commodore; but if you can own the kernel (this is not a pun), you’ve landed among the senior Admiral staff, right at the top of the command structure.

So make sure you don’t miss the latest we-didn’t-quite-get-this-one-out-last-time update to iOS 10.3.1:

iOS 10.3.1

Released April 3, 2017

Wi-Fi

Available for: iPhone 5 and later, 
               iPad 4th generation and later, 
               iPod touch 6th generation and later

Impact:        An attacker within range may be able to 
               execute arbitrary code on the Wi-Fi chip

Description:   A stack buffer overflow was addressed 
               through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero

This is rather different from the usual sort of attack – the main CPU, operating system and installed apps are left well alone.

Most network attacks rely on security holes at a much higher level, in software components such as databases, web servers, email clients, browsers and browser plugins.

So, attacking the Wi-Fi network card itself might seem like small beer.

After all, the attacks that won hundreds of thousands of dollars at the recent Pwn2Own competition went after the heart of the operating system itself, to give the intruders what you might call an “access all areas” pass.

Nevertheless, the CPU of an externally-facing device like a Wi-Fi card is a cunning place to mount an attack.

It’s a bit like being just outside the castle walls, on what most security-minded insiders would consider the wrong side of the moat and drawbridge.

But with a bit of cunning you may be able to position yourself where you can eavesdrop on every message coming in and out of the castle…

…all the while being ignored along with the many unimportant-looking peasants and hangers-on who’ll never have the privilege of entering the castle itself.

Better yet, once you’ve eavesdropped on what you wanted to hear, you’re already on the outside, so you don’t have to run the gauntlet of the guards to get back out to a place where you can pass your message on.

What to do?

As far as we know, this isn’t a zero-day because it was responsibly disclosed and patched before anyone else found out about it.

Cybercrooks have a vague idea of where to start looking now the bug that has been described, but there’s a huge gap between knowing that an exploitable bug exists and rediscovering it independently.

We applied the update as soon as Apple’s notification email arrived (the download was under 30MB), and we’re happy to assume that we’ve therefore beaten even the most enthusiatic crooks to the punch this time.

You can accelerate your own patch by manually visiting Settings | General | Software Update to force an upgrade, rather than waiting for your turn in Apple’s autoupdate queue.

via nakedsecurity

Read more »