The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Search results for backdoor

Backdoor Found in Popular Server Management Software used by Hundreds of Companies

Backdoor Found in Popular Server Management Software used by Hundreds of Companies

August 16, 2017Swati Khandelwal
Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. Recently, cyber crooks managed to infiltrate the update mechanism for a popular server management software package and altered it to include an advanced backdoor, which lasts for at least 17 days until researchers discovered it. Dubbed ShadowPad , the secret backdoor gave attackers complete control over networks hidden behind legit cryptographically signed software sold by NetSarang —used by hundreds of banks, media firms, energy companies, and pharmaceutical firms, telecommunication providers, transportation and logistics and other industries—for 17 days starting last month. Important Note — If you are using any of the affected product (listed below), we highly recommend you stop using it until you update them. Hacker Injected Backdoor Through Software Update Mechanism
Incapsula introduces 'Backdoor Protect' feature in Cloud-based Website Security

Incapsula introduces 'Backdoor Protect' feature in Cloud-based Website Security

January 30, 2013Mohit Kumar
Incapsula announced this week that they’re offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What’s a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you’ve been hacked before, there’s a good chance you’ve already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo
Explained — What's Up With the WhatsApp 'Backdoor' Story?

Explained — What's Up With the WhatsApp 'Backdoor' Story?

January 14, 2017Mohit Kumar
What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are
WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages

WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages

January 13, 2017Mohit Kumar
Important Update — Most Security Experts argued, " It's not a backdoor, rather it’s a feature ," but none of them denied the fact that, if required, WhatsApp or a hacker can intercept your end-to-end encrypted chats. Read detailed explanation on arguments in my latest article. Most people believe that end-to-end encryption is the ultimate way to protect your secret communication from snooping, and it does, but it can be intercepted if not implemented correctly. After introducing " end-to-end encryption by default " last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide. But if you think your conversations are completely secure in a way that no one, not even Facebook, the company that owned WhatsApp, can intercept your messages then you are highly mistaken, just like most of us and it's not a new concept. Here's the kick: End-to-end encrypted messaging service, such as WhatsApp and Te
Built-In Backdoor Found in Popular Chinese Android Smartphones

Built-In Backdoor Found in Popular Chinese Android Smartphones

December 18, 2014Swati Khandelwal
Chinese smartphone manufacturers have been criticized many times for suspected backdoors in its products, the popular Chinese smartphone brands, Xiaomi and Star N9500 smartphones are the top examples. Now, the China's third-largest mobile and world's sixth-largest phone manufacturer 'Coolpad' , has joined the list. Millions of Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd. may contain an extensive "backdoor" from its manufacturer that is being able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users' phones without their knowledge, alleged a U.S. security firm. OVER 10 MILLION USERS AT RISK Researchers from Silicon Valley online security firm Palo Alto Networks discovered the backdoor, dubbed " CoolReaper ," pre-installed on two dozens of Coolpad Android handset models, including high-end devices, sold exclusively in China and Taiwan. The backdoor can let attacke
CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

November 24, 2014Swati Khandelwal
Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins’ server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is
Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

December 20, 2017Swati Khandelwal
Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin to an undisclosed buyer, who then modified the plugin to download and install a hidden backdoor. In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store. While reviewing the source code of the Captcha plugin, WordFence folks found a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication. The plugin was configured to automatically pull an updated "backdoored" version from a remote URL — https[://]simplywordpress[dot]net/captcha/captcha_pro_update.php — after installati
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

January 13, 2016Swati Khandelwal
Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers? Probably Not. Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious code in FortiOS firewalls from enterprise security vendor Fortinet. According to the leaked information, FortiOS operating system, deployed on Fortinet's FortiGate firewall networking equipment, includes an SSH backdoor that can be used to access its firewall equipment. Anyone can Access FortiOS SSH Backdoor Anyone with " Fortimanager_Access " username and a hashed version of the " FGTAbc11*xy+Qqz27 " password string, which is hard coded into the firewall, can login into Fortinet's FortiGate firewall networking equipment. However, according to the company's product details, this SSH user is created for challenge-and-response authenti
Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

April 20, 2014Swati Khandelwal
At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken , who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file ‘scfgmgr’ which contains the backdoor is still present there with a new option “ -l ”, that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse en
5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update

5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update

December 14, 2016Swati Khandelwal
Those innocent-looking apps in your smartphone can secretly spy on your communications or could allow hackers to do so. Hard to believe, but it's true. Recently, Trustwave's SpiderLabs analysts discovered a hidden backdoor in Skype for Apple's macOS and Mac OS X operating systems that could be used to spy on users' communications without their knowledge. The backdoor actually resides in the desktop Application Programming Interface (API) that allows third-party plugins and apps to communicate with Microsoft-owned Skype — the popular video chat and messaging service. Appeared to have been around since at least 2010, the backdoor could allow any malicious third-party app to bypass authentication procedure and provide nearly complete access to Skype on Mac OS X. How an Attacker can Take Complete Control of Your Skype The malicious app could bypass authentication process if they "identified themselves as the program responsible for interfacing with th
Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

September 08, 2016Swati Khandelwal
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution. Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms. One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X. Stefan Ortloff, a researcher from Kaspersky Lab’s Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes , in January this year. Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakd
Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker

Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker

May 12, 2016Mohit Kumar
How to Hack an Android device? It is possibly one of the most frequently asked questions on the Internet. Although it's not pretty simple to hack Android devices and gadgets, sometimes you just get lucky to find a backdoor access. Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in backdoor. Chinese fabless semiconductor company Allwinner is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide. Simple Backdoor Exploit to Hack Android Devices All you need to do to gain root access of an affected Android device is… Send the text " rootmydevice " to any undocumented debugging process. The local privileges escalation  backdoor code for debugging ARM-powered Android devices managed to make its way in shipped firmware after fir
Cyber Espionage Group Ported Windows Malware to Mac

Cyber Espionage Group Ported Windows Malware to Mac

September 05, 2014Wang Wei
Till now we have seen a series of different malware targeting Windows operating system and not Mac, thanks to Apple in way it safeguard its devices’ security. But with time, cyber criminals and malware authors have found ways to exploit Mac as well. GROUP BEHIND THE MAC VERSION OF BACKDOOR Researchers have unmasked a group of cyber criminals that has recently started using a new variant of XSLCmd backdoor program to target Mac OS X systems. This Mac version of backdoor shares a significant portion of its code with the Windows version of the same backdoor that has been around since at least 2009. According to FireEye researchers, the group, dubbed as GREF , is already infamous for its past cyber espionage attacks against the US Defense Industrial Base (DIB), companies from the electronics and engineering sectors worldwide, foundations and other NGO’s as well. " We track this threat group as “GREF” due to their propensity to use a variety of Google references in th
Hijacking Servers Remotely with Hikit advanced persistent threat

Hijacking Servers Remotely with Hikit advanced persistent threat

August 26, 2012Mohit Kumar
Security researchers have revealed the existence of an advanced persistent threat that has been making the rounds since April 2011.  Backdoor.Hikit  is a dangerous backdoor Trojan that will damage infected system and files. Usually, Backdoor. Hikit will open backdoor to allow remote attackers to connect to the infected system and carry out harmful activities, such as stealing information or destroying files and programs. It is really stubborn those antiviruses often fail to delete it for good, for it runs secretly and automatically when Windows boots without your knowledge or consent and can disguise it as fake system files or processes. Besides, many other threats, such as adware, redirecting virus, Trojan variants from family, such as Trojan Horse Generic 27.PN, BackDoor.Hupigon5.CJMY, Trojan.Zeroaccess.C, Trojan:win64/Sirefef.E and so on, which is really a threat to system and data security. According to experts from security firm Symantec , it all starts with the unknown dropper
Kaspersky: NSA Worker's Computer Was Already Infected With Malware

Kaspersky: NSA Worker's Computer Was Already Infected With Malware

November 17, 2017Swati Khandelwal
Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware. Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware. According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC. The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader. Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classi
New Fileless Malware Uses DNS Queries To Receive PowerShell Commands

New Fileless Malware Uses DNS Queries To Receive PowerShell Commands

March 06, 2017Swati Khandelwal
It is no secret that cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine techniques that involve the exploitation of standard system tools and protocols, which are not always monitored. The latest example of such attack is DNSMessenger – a new Remote Access Trojan (RAT) that uses DNS queries to conduct malicious PowerShell commands on compromised computers – a technique that makes the RAT difficult to detect onto targeted systems. The Trojan came to the attention of Cisco's Talos threat research group by a security researcher named Simpo, who highlighted a tweet that encoded text in a PowerShell script that said 'SourceFireSux.' SourceFire is one of Cisco's corporate security products. DNSMessenger Attack Is Completely Fileless Further analysis of the malware ultimately led Talos researchers to
Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China

Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China

November 16, 2016Swati Khandelwal
Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours. You heard that right. Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours. Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing. First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide. Infected Android Smartphone WorldWide Moreover, it is worth noting that AdUps provides its software to much larger ha
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.