The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Malware

Fortnite APK Download for Android Won't Be Available on Google Play Store

Fortnite APK Download for Android Won't Be Available on Google Play Store

August 06, 2018Swati Khandelwal
There's both good news and bad news for Fortnite game lovers. Fortnite, one of the most popular games in the world right now, is coming to Android devices very soon, but players would not be able to download Fortnite APK from the Google Play Store. Instead, Epic Games software development company has confirmed the Fortnite APK for Android will be available for download exclusively only through its official website, bypassing the Google Play Store. Why Fortnite for Android Bypassing Google Play Store? Epic Games CEO Tim Sweeney cites two main reasons for this decision. First, offering Fortnite APK downloads directly from its official website will allow the company to "have a direct relationship" with its consumers. Second, since Google takes a 30 percent cut of revenue each time a user makes an in-app purchase through its Play Store, the decision will allow the company to save millions. This should not be shocking as Fortnite on iOS made $15 million in j
iPhone Chip Supplier TSMC Stops Production After Computer Virus Attack

iPhone Chip Supplier TSMC Stops Production After Computer Virus Attack

August 06, 2018Swati Khandelwal
Taiwan Semiconductor Manufacturing Company (TSMC)—Apple's sole supplier of SoC components for iPhones and iPads, and Qualcomm's major manufacturing partner—shut down several of its chip-fabrication factories Friday night after being hit by a computer virus. The world's largest makers of semiconductors and processors TSMC lost an entire day of production after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones. Though the popular chip maker has been attacked by viruses in the past, this is the first time a virus has affected TSMC's production lines, making the incident a real big deal. Without revealing many details, TSMC said a number of its computer systems and fabrication tools were infected by the virus on Friday night, but since then it has recovered 80% of its impacted equipment, though others will be recovered by tomorrow. According to TSMC, the comput
iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

July 25, 2018Swati Khandelwal
India-linked highly targeted mobile malware campaign, first unveiled two weeks ago , has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article , earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile device management (MDM) service to hijack and spy on a few targeted iPhone users in India. Operating since August 2015, the attackers have been found abusing MDM service to remotely install malicious versions of legitimate apps, including Telegram, WhatsApp, and PrayTime, onto targeted iPhones. These modified apps have been designed to secretly spy on iOS users, and steal their real-time location, SMS, contacts, photos and private messages from third-party chatting applications. During their ongoing investigation, Talos researchers identified a new MDM infrastructure and several malicious binaries – designed
Hackers Used Malicious MDM Solution to Spy On 'Highly Targeted' iPhone Users

Hackers Used Malicious MDM Solution to Spy On 'Highly Targeted' iPhone Users

July 13, 2018Swati Khandelwal
Security researchers have uncovered a "highly targeted" mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely. Exploiting Apple MDM Service to Remotely Control Devices To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program. Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator. Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, in
Gaza Cybergang Returns With New Attacks On Palestinian Authority

Gaza Cybergang Returns With New Attacks On Palestinian Authority

July 10, 2018Wang Wei
Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT (advanced persistent threat) surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email sent to targeted victims that includes an attachment of a self-extracting archive containing two files—a Word document and a malicious executable. Posing to be from the Palestinian Political and National Guidance Commission, the Word document serves as a decoy to distract victims while the malware is installed in the background. The malicious executable, which runs in the background, act as the first stage info-stealer malware designed for intelligence gathering to identify potential victims (on the basis of what is unclear as of now), and then it accordingly downloads the second stage malware designed for espionage. "While the analysis...discloses the capabilities of
Stolen D-Link Certificate Used to Digitally Sign Spying Malware

Stolen D-Link Certificate Used to Digitally Sign Spying Malware

July 09, 2018Swati Khandelwal
Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications. As you may know, digital certificates issued by a trusted certificate authority (CA) are used to cryptographically sign computer applications and software and are trusted by your computer for execution of those programs without any warning messages. However, malware author and hackers who are always in search of advanced techniques to bypass security solutions have seen been abusing trusted digital certificates in recent years. Hackers use compromised code signing certificates associated with trusted software vendors in order to sign their malicious code, reducing the possibility of their malware being detected on targeted enterprise networks and consumer
Most LokiBot samples in the wild are "hijacked" versions of the original malware

Most LokiBot samples in the wild are "hijacked" versions of the original malware

July 06, 2018Swati Khandelwal
Hacker himself got hacked. It turns out that most samples of the LokiBot malware being distributed in the wild are modified versions of the original sample, a security researcher has learned. Targeting users since 2015, LokiBot is a password and cryptocoin-wallet stealer that can harvest credentials from a variety of popular web browsers, FTP, poker and email clients, as well as IT administration tools such as PuTTY. The original LokiBot malware was developed and sold by online alias "lokistov," a.k.a. "Carter," on multiple underground hacking forums for up to $300, but later some other hackers on the dark web also started selling same malware for a lesser price (as low as $80). It was believed that the source code for LokiBot was leaked which might have allowed others to compile their own versions of the stealer. However, a researcher who goes by alias " d00rt " on Twitter found that someone made little changes (patching) in the original Lok
New Virus Decides If Your Computer Good for Mining or Ransomware

New Virus Decides If Your Computer Good for Mining or Ransomware

July 05, 2018Mohit Kumar
Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable. While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files, cryptocurrency miners utilize infected system's CPU power to mine digital currencies . Both ransomware and cryptocurrency mining-based attacks have been the top threats so far this year and share many similarities such as both are non-sophisticated attacks, carried out for money against non-targeted users, and involve digital currency. However, since locking a computer for ransom doesn't always guarantee a payback in case victims have nothing essential to losing, in past months cybercriminals have shifted more towards fraudulent cryptocurrency
Github Account of Gentoo Linux Hacked, Code Replaced With Malware

Github Account of Gentoo Linux Hacked, Code Replaced With Malware

June 29, 2018Swati Khandelwal
Downloaded anything from Gentoo's GitHub account yesterday? Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a malicious one. Gentoo is a free open source Linux or FreeBSD-based distribution built using the Portage package management system that makes it more flexible, easier to maintain, and portable compared to other operating systems. In a security alert released on its website yesterday, developers of the Gentoo Linux distribution warned users not to use code from its GitHub account, as some "unknown individuals" had gained its control on 28 June at 20:20 UTC and "modified the content of repositories as well as pages there." According to Gentoo developer Francisco Blas Izquierdo Riera, after gaining control of the Gentoo Github organization, the attackers "repla
Free Thanatos Ransomware Decryption Tool Released

Free Thanatos Ransomware Decryption Tool Released

June 26, 2018Swati Khandelwal
If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search is over here. Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for free without paying any ransom in cryptocurrencies. Like all ransomware threats, Thanatos encrypts files and asks victims to pay for ransom in multiple cryptocurrencies, including Bitcoin Cash, to decrypt their files. "Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild," the researchers say.  "Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Inste
New Malware Family Uses Custom UDP Protocol for C&C Communications

New Malware Family Uses Custom UDP Protocol for C&C Communications

June 26, 2018Wang Wei
Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto , the hacking group, which they dubbed RANCOR, has been found using two new malware families—PLAINTEE and DDKONG—to target political entities primarily in Singapore and Cambodia. However, in previous years, threat actors behind KHRAT Trojan were allegedly linked to a Chinese cyber espionage group, known as DragonOK. While monitoring the C&C infrastructure associated with KHRAT trojan, researchers identified multiple variants of these two malware families, where PLAINTEE appears to be the latest weapon in the group's arsenal that uses a custom UDP protocol to communicate with its remote command-and-control server. To deliver both PLAINTEE and DDKONG, attackers use spear phishing messages with different inf
Python-Based Adware Evolves to Install Malicious Browser Extensions

Python-Based Adware Evolves to Install Malicious Browser Extensions

June 26, 2018Wang Wei
Security researchers have been warning of a few newly detected variants of python -based adware that are being distributed in the wild not only to inject ads but also found installing malicious browser extensions and hidden cryptocurrency miner into victims' computers. Dubbed PBot , or PythonBot , the adware was first uncovered more than a year ago, but since then the malware has evolved, as its authors have been trying different money-making schemes to profit themselves, according to researchers at Kaspersky Labs. The previous versions of the PBot malware were designed to perform man-in-the-browser (MITB) attacks to inject unwanted advertising scripts on web pages visited by the victim, but the newer variants have been found installing malicious ad extensions in the web browser. "Developers are constantly releasing new versions of this modification, each of which complicates the script obfuscation," Kaspersky researchers said in their blog post published today.
Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

June 20, 2018Swati Khandelwal
Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of your customers to hackers. More than 250,000 online stores use open-source Magento e-commerce platform, which makes them an enticing target for hackers, and therefore the security of both your data and your customer data is of the utmost importance. According to the researchers at Sucuri , who have previously spotted several Magento malware campaigns in the wild, cybercriminals are currently using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed. To achieve this, criminals are hiding their 'credit card stea
Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking

Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking

June 19, 2018Swati Khandelwal
Remember the ' Olympic Destroyer ' cyber attack? The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia. Earlier this year, an unknown group of notorious hackers targeted Winter Olympic Games 2018 , held in South Korea, using a destructive malware that purposely planted sophisticated false flags to trick researchers into mis-attributing the campaign. Unfortunately, the destructive malware was successful to some extent, at least for a next few days, as immediately after the attack various security researchers postmortem the Olympic Destroyer malware and started attributing the attack to different nation-state hacking groups from North Korea, Russia, and China. Later researchers from Russian antivirus vendor Kaspersky Labs uncovered more details about the attack, including the evidence of false attribution artifacts, and conclud
Chinese Hackers Carried Out Country-Level Watering Hole Attack

Chinese Hackers Carried Out Country-Level Watering Hole Attack

June 14, 2018Swati Khandelwal
Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a Chinese-speaking threat actor group called LuckyMouse . LuckyMouse, also known as Iron Tiger, EmissaryPanda, APT 27 and Threat Group-3390, is the same group of Chinese hackers who was found targeting Asian countries with Bitcoin mining malware early this year. The group has been active since at least 2010 and was behind many previous attack campaigns resulting in the theft of massive amounts of data from the directors and managers of US-based defense contractors. This time the group chose a national data center as its target from an unnamed country in Central Asia in an attempt to gain "access to a wide range of government
Destructive and MiTM Capabilities of VPNFilter Malware Revealed

Destructive and MiTM Capabilities of VPNFilter Malware Revealed

June 06, 2018Swati Khandelwal
It turns out that the threat of the massive VPNFilter botnet malware that was discovered late last month is beyond what we initially thought. Security researchers from Cisco's Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malware that infected more than 500,000 routers in at least 54 countries, allowing attackers to spy on users, as well as conduct destructive cyber operations. Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE. "First, we have determined that are being targeted by this actor, including some from vendors that are new to the target list. These new vendors are. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-L
75% of the 'Left to Get Hacked' Redis Servers Found Infected

75% of the 'Left to Get Hacked' Redis Servers Found Infected

June 04, 2018Wang Wei
Despite the continual emergence of new cyber attacks because of misconfigured servers and applications, people continue to ignore security warnings. A massive malware campaign designed to target open Redis servers, about which researchers warned almost two months ago, has now grown and already hijacked at least 75% of the total servers running publicly accessible Redis instances. Redis, or REmote DIctionary Server, is an open source, widely popular data structure tool that can be used as an in-memory distributed database, message broker or cache. Since it is designed to be accessed inside trusted environments, it should not be exposed on the Internet. Dubbed RedisWannaMine , a similar malware leveraging same loophole was discovered in late March by data center security vendor Imperva and designed to drop a cryptocurrency mining script on the targeted servers—both database and application. According to Imperva's March blog post , this cryptojacking threat was "more c
FBI seizes control of a massive botnet that infected over 500,000 routers

FBI seizes control of a massive botnet that infected over 500,000 routers

May 24, 2018Swati Khandelwal
Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices  in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco's Talos cyber intelligence unit on Wednesday. Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices. Meanwhile, the court documents unsealed in Pittsburgh on the same day indicate that the FBI has seized a key web domain communic
Researchers unearth a huge botnet army of 500,000 hacked routers

Researchers unearth a huge botnet army of 500,000 hacked routers

May 23, 2018Swati Khandelwal
More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter , that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well as conduct destructive cyber attack operations. The malware has already infected over 500,000 devices in at least 54 countries, most of which are small and home offices routers and internet-connected storage devices from Linksys, MikroTik, NETGEAR, and TP-Link. Some network-attached storage (NAS) devices known to have been targeted as well. VPNFilter is a multi-stage, modular malware that can steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infrastructure and factori
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.