Forwarded from TechToday News
#Security #Malware #report #Reverse_Engineering
Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.
http://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/
The Judy Malware: Possibly the largest malware campaign found on Google Play
Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.
http://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/
Check Point Software
The Judy Malware: Possibly the largest malware campaign found on Google Play - Check Point Software
Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an
Forwarded from TechToday News
#Security #Android #Google #Malware
While hunting for malicious applications out there, we found a banking trojan known as Bankbot in Google Play.
It was found in an early stage so it didn't have enough time to spread, but the current status it around 500 installations.
http://blog.koodous.com/2017/05/bankbot-on-google-play.html
Bankbot on Google Play
While hunting for malicious applications out there, we found a banking trojan known as Bankbot in Google Play.
It was found in an early stage so it didn't have enough time to spread, but the current status it around 500 installations.
http://blog.koodous.com/2017/05/bankbot-on-google-play.html
Koodous
Bankbot on Google Play
While hunting for malicious applications out there, we found a banking trojan known as Bankbot in Google Play. It was found in an early...
Forwarded from TechToday News
#Vulnerability #Windows #Reverse_Engineering #Article #Malware
How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
An icon-display bug in Windows allows attackers to masquerade PE files with special icons by automatically “borrowing” other commonly used icons from the local machine, thus tricking users into clicking them. The bug behind this vulnerability lies deep inside the image-handling code of Windows. The bug has been present since at least Windows 7 and is still present in the most updated versions of Windows 10.
We discovered the bug while researching a recent batch of malicious PE files. After copying files from one directory to another, we noticed an odd behavior: some of the files’ icons changed. To rule out the possibility of a mistake (or a simple lack of caffeine), we copied the files to a different directory and again the icons of these files changed to a different commonly-used and completely unrelated icon. This piqued our interest and prompted an investigation into this strange phenomenon.
https://www.cybereason.com/labs-a-zebra-in-sheeps-clothing-how-a-microsoft-icon-display-bug-in-windows-allows-attackers-to-masquerade-pe-files-with-special-icons/
How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
An icon-display bug in Windows allows attackers to masquerade PE files with special icons by automatically “borrowing” other commonly used icons from the local machine, thus tricking users into clicking them. The bug behind this vulnerability lies deep inside the image-handling code of Windows. The bug has been present since at least Windows 7 and is still present in the most updated versions of Windows 10.
We discovered the bug while researching a recent batch of malicious PE files. After copying files from one directory to another, we noticed an odd behavior: some of the files’ icons changed. To rule out the possibility of a mistake (or a simple lack of caffeine), we copied the files to a different directory and again the icons of these files changed to a different commonly-used and completely unrelated icon. This piqued our interest and prompted an investigation into this strange phenomenon.
https://www.cybereason.com/labs-a-zebra-in-sheeps-clothing-how-a-microsoft-icon-display-bug-in-windows-allows-attackers-to-masquerade-pe-files-with-special-icons/
Forwarded from TechToday News
#Malware #Security #Tool #WikiLeaks
CheckAngelfire.ps1
A one-liner powershell script for testing if your station is infected by the CIA's Angelfire. Path known from:
https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf
https://gist.github.com/dalmoz/2f513f30da675c6212e0532451265b65
CheckAngelfire.ps1
A one-liner powershell script for testing if your station is infected by the CIA's Angelfire. Path known from:
https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf
if ((Get-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Windows').GetValue('SystemLookup')) {Write-Host "Angelfire found!"} else {Write-Host "Nothing"}https://gist.github.com/dalmoz/2f513f30da675c6212e0532451265b65
Forwarded from Группы/конференции
Чат канала @R0_Crew
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;
Invite Bot: @r0crew_bot
https://t.me/joinchat/AAAAAEPI6ZcpRAslyjQRbA
Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/reverse4you_org
VK: https://vk.com/reverse_engineering
#security #malware #exploit #pentest
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;
Invite Bot: @r0crew_bot
https://t.me/joinchat/AAAAAEPI6ZcpRAslyjQRbA
Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/reverse4you_org
VK: https://vk.com/reverse_engineering
#security #malware #exploit #pentest
Forwarded from Заметки Хакер
🖥 Репозиторий: Discover — пользовательские скрипты Bash
Discover — это набор пользовательских скриптов Bash, предназначенных для автоматизации различных задач в области тестирования на проникновение.
Этот инструмент охватывает такие аспекты, как разведка, сканирование, анализ и создание вредоносных полезных нагрузок и слушателей с использованием Metasploit.
⏺ Ссылка на GitHub (https://github.com/leebaird/discover)
#Scanning #Bash #Pentest #Malware
@hackernews_lib
Discover — это набор пользовательских скриптов Bash, предназначенных для автоматизации различных задач в области тестирования на проникновение.
Этот инструмент охватывает такие аспекты, как разведка, сканирование, анализ и создание вредоносных полезных нагрузок и слушателей с использованием Metasploit.
⏺ Ссылка на GitHub (https://github.com/leebaird/discover)
#Scanning #Bash #Pentest #Malware
@hackernews_lib
Forwarded from Заметки Хакер
🖥 Репозиторий: Raspirus — сканер вредоносных программ
Raspirus — это легкий сканер вредоносных программ, основанный на правилах, который предназначен для проверки файлов и каталогов.
— Этот инструмент был разработан для сканирования USB-накопителей с использованием Raspberry Pi, и с тех пор его возможности расширились, чтобы поддерживать сканирование локальных файлов и папок на разных платформах.
⏺ Ссылка на GitHub (https://github.com/Raspirus/Raspirus)
#Scanning #Malware
@hackernews_lib
Raspirus — это легкий сканер вредоносных программ, основанный на правилах, который предназначен для проверки файлов и каталогов.
— Этот инструмент был разработан для сканирования USB-накопителей с использованием Raspberry Pi, и с тех пор его возможности расширились, чтобы поддерживать сканирование локальных файлов и папок на разных платформах.
⏺ Ссылка на GitHub (https://github.com/Raspirus/Raspirus)
#Scanning #Malware
@hackernews_lib