Security News – Malware Board

Sep 15

Backdoor found in WordPress Plug-in

WordPress is one of the most popular platforms to create dynamic websites. From past two and half months, a WordPress plug-in namely “Display Widgets” is installing backdoor to WordPress websites. According to the researches, this backdoor is present in version 2.6.1 to 2.6.3 which was released during 30th June to 2nd September. The official WordPress team has removed this plug-in from their repository. Display Widget Timeline The original Display Widget plug-in was developed by Stephanie Wells. With the help of this plug-ins, website owners can control which WordPress widget will be displayed on the website. Later, Stephanie Wells sold the open source version to a new developer. A month after that, the new owner released the first new version namely V2.6.0 on June 21. Just a day after, David Law, who is the author of another plug-in namely Display Widgets SEO Plus complained the wordpress.org team that V2.6.0 is violating Read more

Sep 08

Equifax Data Breach (Attck on 143 million users Detaills

Equifax is a very renowned company in US that provides its services in Finance and consumer credit reporting. Last night, the company faced a huge cyber-attack which steals details of more than 143 million customers. The stolen data is huge and they are very sensitive hence the users are really concerned. According to the Press-Release given by the company, the hackers cheated username, address, birth details, driver license number and so on. Additionally, they managed to access credit card details of more than 209,000 users and personal identifying number of additional 182,000 users. According to Equifax, the attackers also have details of Canadian and US users but they didn’t reveal their numbers. The security breach at such as huge magnitude is very rare and is extremely dangerous. They get access over the highly sensitive information and make fraudulent transaction from cheated credit cards, username and password. It is very easy Read more

Sep 06

MongoDB Ransom Attacks Infected 26,000 new Victims

Last week, MongoDB database saw new ransom attack by group of three new groups in which totally 26,000 servers got infected out of which a single group hijacked more than 22,000 servers. Way back in December 2016 to January 2017, similar MongoDB attacks occurred. The recent attacks have been detected by security researchers “Dylan Katz and Victor Gevers” and this is most probably the continuation of same attack. During those attacks, the cyber-criminals used to thoroughly scan the Internet in search for the open MongoDB database which has security vulnerabilities for external connections. They wiped out their contents and later demanded for high ransom amount. The data which cyber-criminals exposed were Test Systems but many companies got manipulated by this scam and agreed to pay the ransom money. Later, they realized that they have been scammed as the cyber-criminals never had their data. Newly MongoDB Hijack Discovered Security researchers have Read more

Aug 31

Sarahah App Steals Users Contact (Compromises Privacy)

Sarahah App has gained a lot of popularity right after it was launched on Google Play and iOS. It allows user to comment or message to other users without disclosing their identity. Many of the users find it very interesting apps because according to them, they get honest review and feedback from other users who could be their friend, relatives or anonymously anybody. Because of this honest sharing opinion feature, it is also popular as “Honest App”. However, it claims its 18 million users to be honest with their comments and opinion however it developers are not truly honest to the users. Recently, all the users’ data were collected and stored in the Company’s serer for a while. This was a hidden activity and users were informed about this activity neither through the privacy-policy nor from the official app store page. The author of Sarahah App namely Zain-al-Abidin Tawfiq later Read more

Aug 31

Fake Charity Scam Websites have Plague Internet after Hurricane Harvey

The US residents are facing a lot of troubles due to Hurricane Harvey. It seems like the problem is not going to stop as cyber felons wants to take advantage and cheat the people who want to help the hurricane victims financially. Actually, they have developed so many scam websites who manipulate the users to send financial help to the victim of hurricane Harley. The money collected on these websites goes in the bank account of cyber-criminals. The United States Computer Emergency Readiness Team released an official warning to Internet users to be aware of possible Online scam campaigns. Additionally, the users are encouraged to be alert regarding scam emails. In past, many such cases have happened where cyber racketeers showed their nasty potential to cheat the innocent users through online scams and bogus fund raising apps. Most of such websites helping in such scams also charges for donation processing Read more

Aug 28

Chinese Citizen Possessed by US in Connection with Sakula Malware

A Chinese National has been arrested by FBI in connection with the distribution of Sakula Malware. This is the same malware that has been used in the Anthem and OPM attack. Many companies and International firms have been a victim of it. The suspect belongs to Sanghai and his name is Yu Pingan and age is 26. He was arrested in Log Angeles on August, 21. Reportedly, the suspect was entered in the US for a security conference. According to authorities, Yu Pingan along with two other unknown conspirators was involved in infecting four US companies with “Sakula” backdoor Trojan. The US Department of Justice has charged four hacking cases on Yu. He was working as an “malware-broker”. Hacking issues has been a major issue for US Department in past few years. Between 2014 to 2015 alone, cyber-hackers were able to steal personal recordes of more than 21 million government Read more

Aug 26

AI Training Algorithms Backdoors are Possible, Say Researchers

According to three researchers from New York University, they have developed a method which can infect artificial intelligence algorithm. As most of the companies outsource AI training operations using on demand MLaas (Machine-Learning-as-a-service) platform, the researchers have based their attacks on it. Technology Giants like Google allows researcher’s access to “Google Cloud Machine Learning Engine”. Similarly, Microsoft allows similar service through Azure Batch AI training and Amazon through EC2 service. According to New York researchers, a backdoor behavior can be triggered by hiding small equation in deep learning algorithm and this is easily possible because it is deep learning algorithms are complex and vast. In order to prove their concept, the researchers have released a demo of image recognition AI in order to manipulate Stop road sign as an indicator of speed limit if objects like bomb sticker, flower sticker were placed on the surface of stop sign. It is Read more

Aug 24

Nigerian Hacker Succeeded to Hack 4,000 Organizations with Simple Tricks

One alone Nigerian Hacker was behind all the mess up and hacking of more than 4000 organization around the globe. According the researchers at Check Point, the hacker used basic hacking technique and antiquated tools to execute such major cyber-crime. In more than 14 cases, the hacker was able to break the security breaches with very simple tricks. The trained security professional are still confused that how a single hacker can execute such a major cyber-hijack with such simple hacking tricks. Attack: When All Started? The attack was initiated by sending a mass emails to targeted companies public or generic addresses. The look and feel of email is very simple and a generic subject was used such as “Dear Sir/Miss”. The mass emails were sent to the entire addressee at the same time. Interestingly, the attack use Yahoo email account and it poses an impression as if the message is Read more

Aug 12

Diablo6 Ransomware: Locky Ransomware Returns with Phishing Spam Campaign

Locky Ransomware has back again and this time it is circulating through mal-spam campaign. Locky was one of the most popular and dangerous data-encrypting malware of last year. According to cyber-experts, the percentage growth of ransomware infection was tremendous and all thanks goes to Locky which began the trend and encouraged cyber-offenders to develop similar harmful infections such as Spora, Cerber and so on. In past few months, there were not any new reports of Locky Ransomware infection however some new cases has been registered last week which indicates that Locky is back again. The initial inspection suggests that it has wide distribution capabilities and could be extremely dangerous. This newly Locky ransomware variant is distributing through malspam campaigns. It appends .diablo6 extension in the targeted infected file. The spam email contains the subject as E [date] (random_numer).docx. It has very small messages like “Files Attached Thanks”. The related ail Read more

Aug 10

Online Course Teaches Russian-Speaking Hackers Latest Carding Tricks

It seems like Russia is becoming a major hub of illegal cyber activities. Now, the group of Russian speaking cyber-offenders is offering cyber-crime tricks through their six-month Online course. The wannabe hackers can enroll in this program and learn the basics to advance Online frauds and carding. This course is offered on Russian underground websites and it is available in Russian language. Working like a Carder’s University The Online cyber-hacking program is promoted as “WWH” which cost 45,000 Russian Ruble (Around $760) and additional cost of $200 for course materials etc. The money is to be paid through Bitcoin or Webmoney. The “WWH” program consists of 20 different topics and the time duration is six months in combined. The five expert instructors will guide the enrolled students through live webinars. The notes and course materials are provided through PDF files. The whole mechanism is very organized and it functions like Read more