June 22, 2018

Hackers hijacking your WhatsApp messages, images

We barely worried about our Whatsapp's cybersecurity as the popular chat app is end-to-end encrypted, but hackers can easily get access to the personal data in various ways. 

Here are ways how hackers could hack your WhatsApp accounts and how you can safeguard it. 

Although the same number cannot be used twice on two different mobile devices at the same time, Whatsapp has a web for desktops and it just requires your WhatsApp Web QR code. Once a hacker got a hold on your QR code, then your personal messages, videos, images could be easily leaked out and spied upon. 

Other than this, there is Whatsapp hack tool available which have a good compatible with Android and jailbroken iPhones. But, there is an app mSpy, which works perfectly with a normal, non-jailbroken iPhone as well.  

The notable features of mSpy app includes call monitoring, restricting incoming calls, track  the sent and received SMS, reading emails remotely, tracking the location using GPS,  Keeping an eye on the internet usage, accessing the Address Book and Calendar, reading messages on all kinds of IM apps (WhatsApp, Skype, iMessage, Viber, Social Network, LINE etc.), Controlling apps, Viewing multi-media files, locking or wiping out the device remotely.

FlexiSPY is another advanced app which is widely used by hackers to hack into your WhatsApp, Facebook, and many other chat apps. It allows the spy to record your calls, see your device messages, passwords, locations, multimedia files, and the internet usages. 

 The most affordable WhatsApp hacker tool is Highster Mobile. it works with  Android devices as well as Apple iPad. The notable feature of this app is that hacker could even track the deleted messages, images, and video. It works efficiently on apps such as Skype, Instagram, Facebook, and WhatsApp.

The best way to protect yourself from being the victim is to Lock your WhatsApp. There are various apps which provide lock facility for both Android as well as iPhones. 

Deleting your messages could be a good option to protect your privacy, but deleting messages doesn't mean deleting it from your device, rather than deleting it permanently from the server. For this you can use a tool, dr.fone - Erase (iOS) to selectively and permanently erase the data you want.

This one is a must do for everyone, you should right now block installation from unknown sources on your devices whether it is phone, tablet, or any other device. Go to Settings > Device Security.

People using unsecured WiFi connection make them highly vulnerable to hackers.  So, it is suggested that you should refrain yourself from using public WiFi connections for accessing WhatsApp or any other applications. 
June 21, 2018

Microsoft edge and Firefox bug exposes content from other sources

It's all about a bug that keeps shaking the entire cyber world much to the worries of millions of users whose emails could reach the criminals.

Named as wavethrough, the huge bug helps the hackers recover emails belonging to other users by putting in place simply an audio file.

 Google developer, Jake Archibald, who claimed to have spotted the bug said it allows the criminals to extract one’s emails and Facebook feeds without any hindrance.

 He said the malicious happenings do take place as the website in question keeps loading multi media contents from a distant website by deploying service workers.

 The cyber criminals, precisely, find it reasonably easy to upload anything inside the website in question, since inconsistent browser keeps treating the files that loaded via service workers inside audio tags, he said.

 Otherwise, nobody can do these since a strong browser security mechanism inside it keeps at bay an attempt to upload anything from another computing device.

 The cyber criminals keep using this Wavethrough (CVE-2018-8235) to enable their website in question to issue something that reaches the social networking sites without any hurdles and hic cups.

Even BBC entertains these resources without any amount of hesitation since the entire mechanism remain intact. According to the experts, luckily the Wavethrough (CVE-2018-8235) is not universal and all the browsers are fixed once the writing is over.

 This is what disturbing for the attackers. Archibald claimed to have discovered that the bug infects Edge and Firefox where Chrome is left untouched.

 He said it infects only the nightly versions of Firefox where as the engineering experts and developers attached to Mozilla have already fixed the issue in the nightly versions.

 The issue reached the Microsoft and very recently it has fixed the malicious issue and the experts have suggested the Edge users to deploy the proper patches to keep these unintended happenings at bay.

The cyber security experts are understood to have been preparing a slew of measures to counter the future problem arising thereof.
These include steps to uplift or improve web standards. This will, they say, will help the devices or browsers deal with the uploading of resources from other websites.
June 19, 2018

MysteryBot Malware Package of Banking Trojan, Ransomware, and Keylogger

Security researchers at ThreatFabric have found a new type of Android malware called MysteryBot, this malware is a combination of banking trojan, keylogger, and a ransomware, making it most destructive malware in the recent times.

Initially, when this malware was found, it was thought to be an updated version of LokiBot, a banking Trojan which wreaked havoc last year as it turned into ransomware whenever someone tried to remove it from their device. But MysteryBot malware has some more threats as comparing LokiBot.

According to researchers both the malware are quite similar and are currently running on the same command and control server. The striking difference between both the malware is that the MysteryBot malware has the capabilities to take control over users' phone. 

A ThreatFabric spokesperson said: "Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot. This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code”.

MysteryBot malware's commands can steal your contacts, emails, messages, remotely start apps saved on a device, manipulate banking apps and also register keystrokes. Their main targets are users who are on Android 7.0 and Android 8.0.

"The encryption process puts each file in an individual ZIP archive that is password protected, the password is the same for all ZIP archives and is generated during runtime. When the encryption process is completed, the user is greeted with a dialog accusing the victim of having watched pornographic material," said ThreatFabric researchers in a blog post. “Most Android banking Trojans seem to be distributed via smishing/phishing & side-loading,” they added.

However, MysteryBot is still under development and is not quite widespread on the internet. But, users are recommended not to install any Android apps from other sources apart from Google Play Store.

June 18, 2018

Dixons Carphone profits to fall amid data breach

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. It is investigating the hacking attempt, which began in July last year.

Dixons Carphone employs more than 42,000 people in eight countries.

The data hack adds more pressure to a company struggling to regroup. The electricals chain is forecast to report a 23% decline in headline full-year pre-tax profits to £382 million, according to a consensus of City analysts. HSBC’s Andrew Porteous said the figures have been dragged down by the poor performance of the company’s mobile phone division, as well as investment. Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach. There was "an attempt to compromise" 5.8 million credit and debit cards but only 105,000 cards without chip-and-pin protection had been leaked, it said.

The hackers had tried to gain access to one of the processing systems of Currys PC World and Dixons Travel stores, the firm said.

Where does this rank among other data breaches affecting UK consumers?

Facebook banned Cambridge Analytica, a data analytics firm which worked on US President Donald Trump’s election campaign and has been linked to Brexit, from using its platform in March, days before a whistleblower claimed the company had harvested and stored data about more than 50 million Facebook users without their permission.

The majority of those users were in the US but the UK’s Information Commissioner issued a warrant to search the company’s London offices after it failed to respond to a previous request about the possible illegal use of data.

Uber admitted in November that 2.7 million people in the UK were affected by a 2016 security breach that compromised customers’ information, including names, email addresses and mobile phone numbers.
June 16, 2018

Malware threat for Syscoin users

The hackers have no dearth of malwares to strike these days. A new malware, of late, has posed no less threat for the Syscoin developers and users alike forcing the cyber security experts to come out with a slew of care and caution to counter the threat.

The security experts who claimed to have detected the
Trojan:Win32/Feury.B!cl, said with the help of the malicious malware, the hackers, very recently got the details of the GitHub account of the Syscoin cryptocurrency. Then it was put in the replaced  official Windows client much to the major concern of the developers and users.

A detail study suggests a malware in the infected Syscoin Windows client which helps the hackers to steal passwords and wallet privacy forcing the velopers to keep the users on maximum alert. The security researchers have maintained that those who have downloaded the version from June 9 to June 13 this year, run the risk of the impending danger. The malware in question might infect the system at any moment.

The hackers have only targetted the Syscoin Windows client by tampering it and they are understood to have been trying to mint Syscoin cryptocurrency putting in place the  Syscoin clients which keeps running on an operating  system. The entire piece of system surfaced acting on the messages the Syscoin experts received from the users.

In a number of messages, the Syscoin team of experts got to know the disturbing facts that the Windows Defender SmartScreen which marked the download of the windows client was infected by a malware. Unless a slew of cautions and cares are maintained, the malware would leave millions of Syscoin users in high and dry.

An updated study by the Syscoin team suggests that the hackers managed to compromise a GitHub account belonging to the developers. Then the team was quick to keep aside the malware and prepared a slew of measures for the users to ensure that their devices and system are left untouched.

The team which deals in the revolutionary cryptocurrencies, has asked all users to ascertain the installation dates with right-click on syscoin-qt.exe in C:\Users[USERNAME]\AppData\Roaming\SyscoinCore. They, further, have the option  to flip through the list mode to modify the date in a note. Another option, the users can avail of: Starting from Settings->Apps and prepare the installation date in a note.

Those who installed or modified the mechanism from June 9 to June 13 this year, should have back up of the crucial data and wallets in a separate system before allowing an anti virus scanner to operate in the device. This, say the experts, the best possible way to keep the impending threat at bay.

The Syscoin users need to change the passwords entered from the moment the devices were left infected. The password needs to be changed from another device which would ensure safety of the system.

The Syscoin team, moreover, has asked the wallet holders to generate new wallets from another computing system if the wallets with funds  unencrypted remained unlocked in the infection period.  The Syscoin users who downloaded the client during this period in question need to delete these before downloading a uninfected version afresh.
June 15, 2018

Quick Heal detects 2 banking Trojans targeting Indian Android users

IT company Quick Heal on Tuesday warned that two new banking trojans (malware designed to steal financial data) targeting Android are hitting users in India to access confidential data.

The Trojans, named “Android.Marcher.C" and "Android.Asacub.T", operate by exploiting user behaviour of android mobile users and imitating notifications from leading banking and finance apps in India as well as popular social apps such as WhatsApp, Facebook, Twitter, Instagram, and Skype.

The trojans mask themselves by using misleading icons and names to trick users. “Android.Marcher.C" uses a fake Adobe Flash Player icon and "Android.Asacub.T" mimics an android update icon and the name “update”.

The malwares work by forcing the users into allowing special privileges to the app by clicking “Activate” after it is installed in the device.

Image credits: Quick Heal
Once the malware has this access, it is able to trick sensitive information from the user such as banking credentials, passwords, card details, etc. whenever the user opens one of the apps the trojan is designed to imitate. This is done by displaying a fake window asking for the credit/debit card number of the user without which, the user is unable to access the app.

Sanjay Katkar, Co-founder and CTO of Quick Heal Technologies Limited, said, "Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users."

He also said the company has detected three other similar malware in less than six months and that it seems like hackers are now targeting mobile users as they are “far more vulnerable to sophisticated phishing attacks”.

Android users are advised to practice caution when downloading apps and to only download them from trusted sources. Always verify app permissions and install a reliable mobile security app.

June 14, 2018

Cyber cell arrests man for hacking, blackmailing several women

A city businessman fell victim to ‘Man In Middle Attack’ — a type of hacking — on May 26 and Rs 2.90 crore was syphoned off from his account to another within minutes without his permission. Thanks to the city cybercrime cell’s quick action, the money was retrieved from a bank in China.

The account is registered in the name of a fraudster who operates primarily as an email hacker.

The businessman approached police on May 26 with his complaint application, stating that he had entered into an agreement with a Chinese firm on April 27 and had placed an order to procure machinery from the company. The firm had demanded some advance from him and he was in touch with its officials through emails.

Man in the middle method of cyber attack involves a hacker who secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

During their investigation, the cyber cell found that the man had hacked into the social media accounts of six other women in the city and blackmailed them. The accused reportedly threatened the women of posting morphed illicit images of them on their social media accounts.

A team headed by deputy commissioner of police (cyber & economics) Sudhir Hiremath and inspectors Jayram Paigude and Manisha Zende acted promptly in the case and managed to recover the lost money. No case was registered, though.

Police inspector of the cyber crime cell, Manisha Zende, told Mirror, “A very renowned company from Hinjawadi, which makes headlights for various vehicles, had been engaged in an email conversation with a China-based company for ordering raw materials on April 27 this year. The deal had been finalised between finance and purchase officials on both sides. The Chinese company had sent an email to the Indian company in which they had requested the transfer of an advance amount and had also asked that the rest of the money be sent across after the delivery.”

The man arrested was identified as Krushna Baliram Fadd, a resident of Jagdish Khanawalkar chawl in Panvel region of Raigad.
June 13, 2018

Amazon Fire TV and Fire TV sticks affected by Android malware

You could be in trouble if you've downloaded any apps that allow you to watch pirated TV shows and movies to your Fire TV stick.

Be careful what you side-load on your Amazon Fire TV and Fire TV Stick, as there’s a new strain of malware going around that can affect Amazon’s products even though the app isn’t exactly tailored for these devices. Several users of the Android-based streaming devices are reporting the presence of a new app that has not been voluntarily downloaded by them.

The Android malware is called ADB.Miner. It is reported to jump on to Fire TV devices through sideloaded apps. It is recommended to disable ADB Debugging.

As per reports, this malware uses devices to mine cryptocurrency and holds the potential of spreading to other Android-powered products running on the same network.

The purpose of the virus app is quite simple: to turn gadgets into cryptocurrency miners. I’m sure you’ve heard of this type of malware before, as it targets plenty of other platforms. But yes, it’s 2018, and your TV can get a virus now because we live in the future.

The malware installs itself as an app called "Test" under the fairly innocuous package name of "" The app is nowhere to be found on the store and does not get removed from the system despite repeated attempts at uninstalling it. Even restoring the devices has resulted in a negative effect for the original poster.

It’s pretty easy to tell whether your Amazon Android device is infected. When the miner is active, it’ll use up the product’s processing resources, which means your Fire TV experience will grind to a halt.

If you notice devices slow, videos stop suddenly, or if you see a notification pop-up on-screen saying "Test" along with the Green Android robot icon, it's likely that you have been affected. But if you've never fiddled with the developer options on your Fire TV stick, you should be safe.
June 13, 2018

A malware turns your computer into spying video camera

The cyber security Researchers at  ESET have discovered a versatile spyware called InvisiMole  that has been active for the past five years. 

 The company’s security products  recently spotted an advanced cyberespionage software that targets Windows PCs in Russian and the Ukraine for nation-state hacking or financially motivated cyber-attacks. 

The malicious code can turn victim’s camera, record videos, and take pictures without even being caught. 
 Apart from spying, the malware could also be used for inspecting the PC for system information, running services, active processes, networking information, scanning wireless networks, tracking geolocation, monitoring specific drives, etc. These activities could be easily performed using component modules — RC2FM and RC2CL.

The spyware  has a  modular architecture that starts working with a DLL wrapper.  After using the DLL wrapper it make makes use of two other feature-rich backdoor modules at the same time which increases its capability to tunnel deep into machines. 

“Common backdoors often support commands such as file system operations, file execution, registry key manipulation or remote shell activation,” ESET researchers said. “This spyware supports all of these instructions and a whole lot more – its 84 commands provide the attackers with all they need to look at their victims more closely.”

According to the researchers the malware remained unnoticed for so long because of its low-infection rate and high sophistication. 

“The campaign is highly targeted – no wonder the malware has a low infection ratio, with only a few dozen computers being affected.”