The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Search results for Messenger

The U.S. Department of Justice said on Tuesday that they've arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history. Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. FBI said , " Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, and security sy

As digging deeper and deeper into the huge Hacking Team data dump , security researchers are finding more and more source code, including an advanced Android Hacking Tool. Yes, this time researchers have found a source code to a new piece of weaponized android malware that had the capability to infect millions of Android devices even when users are running latest versions of the android mobile operating system. Trend Micro researchers found that the Italian spyware company was selling RCSAndroid (Remote Control System Android) , which they says, is one of the "most professionally developed and sophisticated" pieces of Android malware a.k.a Android hacking tool they have ever seen. RCSAndroid is a sophisticated, real-world surveillance and hacking tool that provides even unskilled hackers to deploy one of the world's more advanced surveillance suites for Google's mobile operating system Android. List of Creepy Features of Android Hacking Tool

A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware , a financial threat designed to steal users' online banking credentials, according to security researchers from Microsoft. The malware, identified as Emotet , was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability , which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro. Microsoft has been monitoring a new variant of Emotet banking malware , Trojan:Win32/Emotet.C , since November last year. This new variant was sent out as part of a spam email campaign that peaked in November. Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware. HeungSoo Kang of Microsoft's Malware Protection Center identifi

Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software. Like previous 'text bomb' bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country. Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple's iOS Springboard. Apps that receive the text bomb tries to load the character, but fails and refuses to function prope

Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature. At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million. Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn't manage to access any third-party app data . Here's How Facebook Classified the Stolen Data: Facebook vice president of product management Guy Rosen published a new blog post  Friday morning to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows: For about 1

If you came across any Facebook Message with an image file (exactly .SVG file format) send by any of your Facebook friends, just avoid clicking it. An ongoing Facebook spam campaign is spreading malware downloader among Facebook users by taking advantage of innocent-looking SVG image file to infect computers. If clicked, the file would eventually infect your PC with the nasty Locky Ransomware , a family of malware that has quickly become one of the favorite tools among criminals due to its infecting capabilities. Discovered by malware researcher Bart Blaze , the attack campaign uses Facebook Messenger to spread a malware downloader called Nemucod that takes the form of .SVG image files. Why SVG file? Hackers considered SVG (or Scalable Vector Graphics) files for spreading the malware downloader, because SVG has the ability to contain embedded content such as JavaScript, and can be opened in a modern web browser. Crooks added their malicious JavaScript code right inside th

BlackBerry has long been known for its stance on mobile security, as it was the first mobile phone maker to provide end-to-end encryption. But a new report revealed that the company has provided a master backdoor to law enforcement in its secure devices since 2010. The Royal Canadian Mounted Police (RCMP) have been in possession of a global decryption key for BlackBerry phones since 2010, according to a new report from Vice News published yesterday. The report suggests that the Canadian police used the master key to intercept and decrypt over 1 Million messages sent using its own encrypted and allegedly secure BlackBerry Messenger ( BBM ) service in a criminal investigation over the course of 2 years. Single Encryption Key to Protect All Customers The issue with Blackberry's security mechanism is that the company uses a single global encryption key to protect all its regular customers, though the corporate BlackBerry phones use their own encryption keys generated

Cybercriminals are known to take advantage of everything that's popular among people in order to spread malware, and Google's official Play Store has always proved no less than an excellent place for hackers to get their job done. Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it. Dubbed Update WhatsApp Messenger , came from an app developer who pretended to be the actual WhatsApp service with the developer title "WhatsApp Inc."—the same title the actual WhatsApp messenger uses on Google Play. You might be wondering how the sneaky app developer was able to use the same title as the legitimate Facebook-owned maker of the messaging client—thanks to a Unicode character space. The app maker added a Unicode character space after the actual WhatsApp Inc. name, which in computer code reads WhatsApp+Inc%C2%A0 .

How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular secure messenger applications, such as Signal, Telegram and WhatsApp. Zerodium announced a new pricing structure on Wednesday, paying out $500,000 for fully functional remote code execution (RCE) and local privilege escalation (LPE) vulnerabilities in Signal, WhatsApp, iMessage, Viber, Facebook Messenger, WeChat, and Telegram. The payouts for all these secure messengers have been increased after tech companies introduced end-to-end encryption in their apps, making it more difficult for anyone to compromise their messaging platforms. The same payout is offered for remote code execution and local privilege escalation security flaws in default mobile email applications. Launched in 2015, Zerodium is a Washington, DC-based p

Popular instant messaging app WhatsApp has already been struggling for its existence in China ever since July when Chinese government blocked its users from sending photos and videos over the app. Now, it appears that China has largely blocked Facebook-owned WhatsApp in its latest step to tighten censorship as the country prepares for a major Communist Party gathering next month. Yes, WhatsApp no longer works in the country at all. China has a long history of blocking and limiting access to web services, especially social networks and Western-owned sites through its Great Firewall . The service currently blocks some 171 out of the world's leading websites, including Wikipedia, Twitter, Facebook, Instagram, and many Google services in mainland China. And now, it is WhatsApp. Although it's unclear how long the messaging app may remain inaccessible in the country, according to Symbolic Software, a Paris-based research firm that monitors WhatsApp's situation in Chi

A seven-year-old cyber espionage campaign has targeted senior level executives from large global companies by using a specialized Advanced Persistent Threat (APT) , zero-day exploits, and well-developed keyloggers to extract information from them when they stay in luxury hotels during their business trips. The researchers at Moscow-based security firm Kaspersky Lab dubbed the threat as " DarkHotel APT ," appear to have the ability to know in advance when a targeted executive checks in and checks out of a hotel. The group has been operating in Asia since from 2009 but there have been infections recorded in the United States, South Korea, Singapore, Germany, Ireland and many others, as well. It uses hotel Wi-Fi networks to target elite executives at organisations in manufacturing, defense, investment capital, private equity, automotive and other industries. The group has access to zero day vulnerabilities and exploits, and it used them to infect victims. Threa

Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, including Dating on Facebook, letting users clear their web browsing history, real-time language translation within Messenger, and many more. Besides announcing exciting features for its social media platform, Facebook CEO Mark Zuckerberg also gave us a quick look at the features Facebook introduced for companies that it owns, like WhatsApp and Instagram. During Facebook's F8 conference on Tuesday, Zuckerberg announced a long-awaited feature for WhatsApp— Group Video Calling . Yes, you heard that right. WhatsApp would soon be adding a group video calling feature to the popular end-to-end messaging app, making it possible for its over billion users to have face-to-face conversations with multiple people at once. Although there are not many details about the WhatsApp group video calling feature at this moment, it is clear that WhatsApp will now allow four people to have one-on-one

Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app: Voice Calling . And what's interesting? Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence. No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls. Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes. However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company  said . "All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected." Signal, which uses Twilio to send SMS verification codes to users registering with the app, said it's in the process of alerting the affected users directly and prompting them to re-register the service on their devices. The development comes less than a week after Twilio  revealed  that data associated with about 125 customer accounts were accessed by malicious actors through a phishing attack that duped the comp

An Android malware is spreading around WhatsApp messenger called ' Priyanka '. It changes all your groups names to Priyanka, and may also change your contact names to Priyanka. Apparently, the malware doesn't actually harm Android devices, but it is very annoying and it spreads manually, relying on victims to accept and install a contact file from a friend, named " Priyanka, ". Just in this week this virus started infecting WhatsApp users. If you receive a contact file from a friend, named 'Priyanka' and install it, your WhatsApp will be infected. If you receive the contact file but don't accept it, nothing will happen. Follow below steps to remove the virus, if your are infected: Go to your contacts, search for Priyanka and DELETE it Go to Settings on your phone Select Apps or App manager and then select Whatsapp from the list Tap on Force stop and then on Clear data Once done. Open Whatsapp on your phone and it'll show up as you've j

Russia's communications regulator Roskomnadzor has threatened Apple to face the consequences if the company does not remove secure messaging app Telegram from its App Store. Back in April, the Russian government banned Telegram in the country for the company's refusal to hand over private encryption keys to Russian state security services to access messages sent using the secure service. However, so far, the Telegram app is still available in the Russian version of Apple's App Store. So in an effort to entirely ban Telegram, state watchdog Roskomnadzor reportedly sent a legally binding letter to Apple asking it to remove the app from its Russian App Store and block it from sending push notifications to local users who have already downloaded the app. Roskomnadzor's director Alexander Zharov said he is giving the company one month to remove the Telegram app from its App Store before the regulator enforces punishment for violations. For those unfamiliar with

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user," Trustwave Senior Security Consultant Richard Tan said in a report shared with The Hacker News. According to Trustwave SpiderLabs, the shortcoming was spotted in version 7.91 of the app, which was released on the Google Play Store on February 18, 2020. The cybersecurity firm said it attempted to contact the app makers multiple times since August 18, 2020, without receiving a response. But checking the app's changelog, GO SMS Pro received an update (v7.92) on September 29, followed by another subsequent update, which was published yesterday. The latest updates to the app, however

Good News for WhatsApp users! The widely popular messaging service is going completely free. And you'll be able to use WhatsApp without paying a penny. Old WhatsApp users might not be aware of this, but WhatsApp introduced the subscription fees for its service a few years ago, forcing new users to pay an annual 99 cents (~$1) subscription fee after the first year. However, WhatsApp announced Monday that the Facebook-owned company is dropping its annual subscription fee to make its service free to all users. While announcing the plan today, WhatsApp's founder Jan Koum stated that the annual subscription fee was still a barrier to some users. "As we have grown, we have found that this approach has not worked well," WhatsApp admitted in a company blog post today. "Many WhatsApp users do not have a debit or credit card number, and they worried they'd lose access to their friends and family after their first year." What will be What

Microsoft today announced built-in support for Cortana—an artificial intelligence-powered smart assistant—in Skype messenger on Android as well as iOS devices. What purpose does it serve? Microsoft wants its AI-based smart assistance to understand your conversations and help you with quick suggestions, ideas and information right inside your chat window. "Cortana can also help you organize your day—no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled," Skype said in a blog post . In other words, it typically means — Microsoft's Cortana can now read your private Skype conversations. Should You Worry About Your Privacy? Yes, Cortana needs continuous monitoring of your private chats in order to come up with useful suggestions such as movie bookings, travel plans, nearby restaura

A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash. The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software. The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist. Here's How Telegram Vulnerability Works The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, li