Hackers use anti-adblocking service to deliver nasty malware attack

November 2, 2015 – 8:02 PM

More than 500 websites that used a free analytics service inadvertently exposed their visitors to a nasty malware attack made possible by a hack of PageFair, the anti-adblocking company that provided the analytics.

The compromise started in the last few minutes of Halloween with a spearphishing e-mail that ultimately gave the attackers access to PageFair’s content distribution network account. The attacker then reset the password and replaced the JavaScript code PageFair normally had execute on subscriber websites. For almost 90 minutes after that, people who visited 501 unnamed sites received popup windows telling them their version of Adobe Flash was out-of-date and prompting them to install malware disguised as an official update.

“If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,”. PageFair CEO Sean Blanchfield wrote in a blog post published Sunday. “For 83 minutes last night, the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file. I am very sorry that this occurred and would like to assure you that it is no longer happening.”

Source:
http://arstechnica.com/security/2015/11/hackers-use-anti-adblocking-service-to-deliver-nasty-malware-attack/

Signal, the Snowden-Approved Crypto App, Comes to Android

November 2, 2015 – 7:51 PM

Since it first appeared in Apple’s App Store last year, the free encrypted calling and texting app Signal has become the darling of the privacy community, recommended—and apparently used daily—by no less than Edward Snowden himself. Now its creator is bringing that same form of ultra-simple smartphone encryption to Android.

On Monday the privacy-focused non-profit software group Open Whisper Systems announced the release of Signal for Android, the first version of its combined calling and texting encryption app to hit Google’s Play store. It’s not actually the first time Open Whisper Systems has enabled those features on Android phones; Open Whisper Systems launched an encrypted voice app called Redphone and an encrypted texting program called TextSecure for Android back in 2010. But now the two have been combined into a Signal’s single, simple app, just as they are on the iPhone. “Mostly this was just about complexity. It’s easier to get people to install one app than two,” says Moxie Marlinspike, Open Whisper Systems’ founder. “We’re taking some existing things and merging them together to make the experience a little nicer.”

That streamlining of Redphone and TextSecure into a single app, in other words, doesn’t actually make Open Whisper System’s encryption tools available to anyone who couldn’t already access them. But it does represent a milestone in those privacy programs’ idiot-proof interface, which in Signal is just as straightforward as normal calling and texting. As Marlinspike noted when he spoke to WIRED about Signal’s initial release last year, that usability is just as important to him as the strength of Signal’s privacy protections. “In many ways the crypto is the easy part,” Marlinspike said at the time. “The hard part is developing a product that people are actually going to use and want to use. That’s where most of our effort goes.”

Source:
http://www.wired.com/2015/11/signals-snowden-approved-phone-crypto-app-comes-to-android/

FBI gives shocking advice to ransomware victims

October 28, 2015 – 5:53 AM

Over the last few years ransomware has become a prominent way for hackers to extort money from victims. Ransomware such as Cryptolocker encrypts a victims computer and demands a payment to decrypt the files. What’s surprising is how the FBI deals with victims of ransomware attacks. Last week at the Cyber Security Summit 2015 event, Joseph Bonavolonta, the Assistant Special Agent in charge of the FBI’s CYBER and Counterintelligence Program at the FBI’s Boston office revealed that the FBI can’t really do a lot about the problem.

Ransomware programs such as Cryptolocker and Cryptowall appear to have gotten the better of the FBI, “To be honest, we often advise people just to pay the ransom.” revealed Bonavolonta “The ransomware is that good”.

In June this year, the FBI issued a Public Service Announcement (PSA) which echoed Bonavolonta’s message regarding ransomware. “These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims.”

Source:
http://www.neowin.net/news/fbi-gives-shocking-advice-to-ransomware-victims

This Malware Can Delete and Replace Your Entire Chrome Browser with a Lookalike

October 20, 2015 – 4:22 AM
Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome, in a way that you will not notice any difference while browsing.
 
The new adware software, dubbed “eFast Browser,” works by installing and running itself in place of Google Chrome
 
The adware does all kinds of malicious activities that we have seen quite often over the years:
 
  • Generates pop-up, coupon, pop-under and other similar ads on your screen
  • Placing other advertisements into your web pages
  • Redirects you to malicious websites containing bogus contents
  • Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue
Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft.

Source:
https://thehackernews.com/2015/10/malware-chome.html

Malware Tool That Has Your Back

October 3, 2015 – 11:06 PM

Security researchers at Symantec have been tracking a malware tool that, for a change, most victims wouldn’t actually mind have infecting their systems–or almost, anyway.

The threat dubbed Linux.Wifatch compromises home routers and other Internet-connected consumer devices. But unlike other malware, this one does not steal data, snoop silently on victims, or engage in other similar malicious activity.

Instead, the author or authors of the malware appear to be using it to actually secure infected devices. Symanetc believes the malware has infected tens of thousands of routers and other IoT systems around the world. Yet, in the two months that the security vendor has been tracking Linux.Wifatch it has not seen the malware tool being used maliciously even once.

“In fact all the hardcoded routines seem to have been implemented in order to harden compromised devices,” Symantec security researcher Mario Ballano wrote in a blog post published Thursday.

Wifatch has one module that attempts to detect and remediate any other malware infections that might be present on a device that it has infected. “Some of the threats it tries to remove are well known families of malware targeting embedded devices,” Ballano wrote.

Source:
http://www.darkreading.com/vulnerabilities—threats/and-now-a-malware-tool-that-has-your-back/d/d-id/1322451?