Author Archives: Patrick Howell O'Neill

Pakistani military leverages Facebook Messenger for wide-ranging spyware campaign

Posted on by

Security researchers discovered two pieces of malware used by the Pakistani military in order to to spy on specific targets in the Middle East, Afghanistan and India, according to the mobile security company Lookout. The malware, dubbed Stealth Mango and Tangelo, appears to have successfully compromised government officials, medical professionals and civilians in Afghanistan, India, Iraq, Iran, the United Arab Emirates and Pakistan. Targets were compromised via Android and possibly iOS. Government officials in the United States, Australia, the United Kingdom and Iran were indirectly compromised after interacting with direct Stealth Mango victims. Instead of sophisticated and expensive exploits, attackers relied on phishing through third-party app stores and possibly physical access to targeted devices. The campaign is ongoing as of April 2018. The malware, developed by independent contractors, is constantly being updated. Developers are releasing up to two new versions per week. “What’s interesting is the ability, insight and amount […]

The post Pakistani military leverages Facebook Messenger for wide-ranging spyware campaign appeared first on Cyberscoop.

Continue reading Pakistani military leverages Facebook Messenger for wide-ranging spyware campaign

Security flaw in Electron impacts hundreds of desktop apps

Posted on by

A security flaw in Electron, an extremely popular web application framework, leaves vulnerable targets open to remote code execution attacks. Electron underlies widely used desktop apps like Skype and Slack. This is the second critical remote code execution vulnerability of the year for Electron, after a Microsoft Windows app bug was publicly unveiled in January. This latest flaw was discovered by Trustwave researcher Brendan Scarvell. Electron has already issued a patch addressing the flaw, but it’s up to developers to implement it. Versions below 1.7.13, 1.8.4 and 2.0.0-beta.3 are vulnerable. Apps using those versions are vulnerable to cross-site scripting (XSS) attacks due to a failure to sanitize user input. Due to some specifics within Electron — explained in great detail here by Scarvell — it’s a relatively small jump to escalate that to remote code execution, which could then lead to full ownership of a machine. “A default Electron application includes access to not only […]

The post Security flaw in Electron impacts hundreds of desktop apps appeared first on Cyberscoop.

Continue reading Security flaw in Electron impacts hundreds of desktop apps

No, Apple is not making it harder for cops to hack iPhones

Posted on by

As Silicon Valley prepares for the next encryption policy battle, rumors are swirling about what plans Apple is considering. Recent reports have suggested, for example, that Apple will be adding a new encryption feature to the upcoming iOS 11.4. But that’s not accurate. On Tuesday morning, research from ElcomSoft, a Moscow-based mobile forensics company, was published claiming a feature called “USB Restricted Mode” was present in the latest version of iOS, Apple’s mobile operating system. The feature would disable the iPhone’s Lightning port after seven days; a new rule that would present a significant obstacle to law enforcement and forensics companies looking to hack into targeted iPhones. The truth is: there are no plans to ship USB Restricted Mode in iOS 11.4, which is still in development. The feature was present in an older beta version of iOS 11.3 so it’s possible ElcomSoft made a version mistake when authoring their recent report. In […]

The post No, Apple is not making it harder for cops to hack iPhones appeared first on Cyberscoop.

Continue reading No, Apple is not making it harder for cops to hack iPhones

Accused Romanian hackers and financial fraudsters extradited to U.S.

Posted on by

A pair of Romanians accused of an international hacking and identity theft conspiracy were extradited from Romania to the United States on Friday to face 31 criminal charges in federal court. Teodor Laurentiu Costea, 41, and Robert Codrut Dumitrescu, 40, allegedly installed interactive voice response software on vulnerable computers as part of a phone scamming plot pretending to make calls from financial institutions in order to steal account numbers, PINs, and Social Security numbers from victims. The Justice Department’s announcement on the extradition characterize the tactics as “vishing” and “smishing” — phishing by voice and text messages respectively. Costea and Dumitrescu then allegedly sold the information. American officials estimate the losses from the scheme amount to over $18 million. The U.S. government has extradited a number of criminals tied to cybercrime in the past few months. In March, the Justice Department extradited Yevgeniy Nikulin from the Czech Republic. Nikulin was allegedly breaches tied to LinkedIn, Dropbox […]

The post Accused Romanian hackers and financial fraudsters extradited to U.S. appeared first on Cyberscoop.

Continue reading Accused Romanian hackers and financial fraudsters extradited to U.S.

Sentencing delayed for FSB’s email-popping hacker pawn

Posted on by

Sentencing was delayed in the case against Karim Baratov, the hacker who broke into 11,000 email accounts including targeting specific individuals’ email accounts for the Russian intelligence agency FSB. Baratov, a 23-year-old born in Kazakhstan, pleaded guilty last year to helping hack into Yahoo and Gmail accounts. Prosecutors described Baratov’s actions as directions from Russian intelligence officers Dmitry Dokuchaev and Igor Sushchin to target specific accounts of interest to the FSB. Dokuchaev paid Baratov to hack into at least 80 email accounts, including that of journalists, lawyers and senior government officials in Russia and its border countries, as well as “prominent leaders in the commercial industries” like banking and transportation, according to court documents. U.S. government officials and tech company employees were also targeted. Baratov, who was arrested in March 2017 at his adopted home in Canada, argues that he never knew the identities of the people he was working for. Judge Vince Chhabria began the hearing by saying […]

The post Sentencing delayed for FSB’s email-popping hacker pawn appeared first on Cyberscoop.

Continue reading Sentencing delayed for FSB’s email-popping hacker pawn

U.S. government weighing sanctions against Kaspersky Lab

Posted on by

The U.S. government is considering sanctions against Russian cybersecurity company Kaspersky Lab as part of a wider round of action carried out against the Russian government, according to U.S. intelligence officials familiar with the matter. The sanctions would be a considerable expansion and escalation of the U.S. government’s actions against the company. Kaspersky, which has two ongoing lawsuits against the U.S. government, has been called “an unacceptable threat to national security” by numerous U.S. officials and lawmakers. Officials told CyberScoop any additional action against Kaspersky would occur at the lawsuits’ conclusion, which Kaspersky filed in response to a stipulation in the 2018 National Defense Authorization Act that bans its products from federal government networks. If the sanctions came to fruition, the company would be barred from operating in the U.S. and potentially even U.S. allies. Sen. Jeanne Shaheen, D-N.H., authored legislation to ban Kaspersky, which was eventually introduced into the NDAA. In […]

The post U.S. government weighing sanctions against Kaspersky Lab appeared first on Cyberscoop.

Continue reading U.S. government weighing sanctions against Kaspersky Lab

Kaspersky Lab banned from advertising on Twitter

Posted on by

Russian cybersecurity company Kaspersky Lab has been banned from advertising on Twitter due to its allegedly close and active ties between the company and Russian intelligence agencies, according to the social network. The ban is the latest blow in an ongoing saga for Kaspersky, which includes two ongoing legal battles with the U.S. government. Eugene Kaspersky, CEO of Kaspersky Lab, took to Twitter on Friday to condemn the ban. My open letter to @jack Dorsey asking for more transparency to quash any doubts about potential political censorship on Twitter https://t.co/XKtIOpbmd3 pic.twitter.com/UhecZRY7ZB — Eugene Kaspersky (@e_kaspersky) April 20, 2018 A Twitter spokesperson reiterated that the “decision is based on our determination that Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices.” The same spokesperson pointed media to the September 2017 Department of Homeland Security decree that ordered federal agencies to remove Kaspersky products from […]

The post Kaspersky Lab banned from advertising on Twitter appeared first on Cyberscoop.

Continue reading Kaspersky Lab banned from advertising on Twitter

Prosecutors hand over terabytes of evidence in case against Russian charged with LinkedIn breach

Posted on by

U.S. prosecutors say they have an exceptionally large mountain of evidence in their case against Yevgeniy Nikulin, the Russian hacker accused of stealing data from LinkedIn and other American tech firms. The government is preparing to hand over the evidence to Nikulin’s lawyers, a discovery process that will take at least two months because of the sheer amount of data involved. “There is quite a bit of discovery in this case,” prosecutor Michelle Kane said. “Just one set of logs alone related to one of the victims will be about three terabytes, plus tens of thousands of other pages of discovery.” Nikulin’s lawyers, including Arkady Bukh, requested and received two months time to review the evidence as they build a defense for their client. The next hearing will take place on June 26. Judge William Alsup, who was clearly energetic in his desire to move the case along as quickly as possible, aims to […]

The post Prosecutors hand over terabytes of evidence in case against Russian charged with LinkedIn breach appeared first on Cyberscoop.

Continue reading Prosecutors hand over terabytes of evidence in case against Russian charged with LinkedIn breach

Hamas-linked spyware targeting Palestinians removed from Google Play store

Posted on by

A hacking group which analysts believe is linked to Hamas successfully placed highly targeted surveillanceware in the Google Play Store in order to spy on Palestinian targets, according to new research from the mobile security firm Lookout. The newly identified malware, known as Desert Scorpion, was deployed against over 100 individuals of interest in Palestine. A similar 2017 campaign from the same “highly active” group, dubbed APT-C-23.  The group has been linked to Hamas’s political rivals as well as government employees, security services and university students. Desert Scorpion has been tied to a 2017 campaign, known as Frozen Cell, by reuse of the same social media profiles to promote the malware as well as infrastructure using similar IP blocks. APT-C-23 has been active since at least 2015 when U.S. cybersecurity firms Palo Alto Networks and ThreatConnect identified a campaign by the group targeting the United States, Israel, Palestinian Territories and Egypt. The malware allows its users to steal data from […]

The post Hamas-linked spyware targeting Palestinians removed from Google Play store appeared first on Cyberscoop.

Continue reading Hamas-linked spyware targeting Palestinians removed from Google Play store

ViperRAT spyware resurfaces in Google Play Store

Posted on by

One year after a hacking campaign targeted Israeli Defense Force soldiers, the ViperRAT malware family returned to the Google Play Store, according to new research from the mobile security firm Lookout. ViperRAT made waves last year after a wave of IDF personnel fell victim to social engineering attacks from hackers posing as young women, who tricked the soldiers into installing third-party apps that copied files and spied on communications. The malware relatively disappeared after intense media coverage, but the new samples look even more sophisticated — so much so that they’ve snuck into the Google Play Store. It’s not clear who is  being targeted or responsible for building the ViperRAT 2.0. The two ViperRAT malicious chat apps (called VokaChat and Chattak) in the Google Play Store were downloaded over 1,000 times before Lookout discovered and Google removed them. “The chat functionality of the apps, which in earlier ViperRAT samples did not function, […]

The post ViperRAT spyware resurfaces in Google Play Store appeared first on Cyberscoop.

Continue reading ViperRAT spyware resurfaces in Google Play Store