Collaborate Disseminate
A battery-saving app enables attackers to snatch text messages and read sensitive log data – but it also holds true to its advertising. Continue reading Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries
Introduction
Cyber criminals have always been attracted to cryptocurrencies
because it provides a certain level of anonymity and can be easily
monetized. This interest has increased in recent years, stemming far
beyond the desire to simply use cr… Continue reading How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:
Blockchain Infrastructure Use
The Kedi Remote Access Trojan has some sneaky tricks up its sleeve – don’t get caught out by it Continue reading Beware the Kedi RAT pretending to be a Citrix file that Gmails home
Domain fronting is a technique used to mask command and control (C2) traffic. It is possible for C2 channels to be proxied through CDN’s like Cloudfront to make it appear like normal Internet traffic. It is very difficult to detect and block for defenders as it appears as if clients on a network are connecting […]
The post Domain Fronting – Tradecraft Security Weekly #18 appeared first on Security Weekly.
Continue reading Domain Fronting – Tradecraft Security Weekly #18
After an attacker is successful in getting a payload onto a system and getting it to run they still have to worry about whether there will be a successful connection out to a command and control server. There are a number of different transport mechanisms that can be utilized including direct TCP connections, pivoting through […]
The post Command & Control 101: Transports – Tradecraft Security Weekly #9 appeared first on Security Weekly.
Continue reading Command & Control 101: Transports – Tradecraft Security Weekly #9
Thousands of Microsoft Windows machines worldwide are infected with an NSA-developed backdoor that hackers installed by reusing leaked executable code from an outdated hacking toolkit belonging to the spy agency, multiple security researchers tell CyberScoop. The mysterious Shadow Brokers group published a package of internal NSA documents last week, containing among other things the computer code for a series of exploits, implants and other hacking tools. In the days since the leak first became public, hackers have mulled over the trove and begun reverse-engineering and recycling some of the capabilities, CyberScoop previously reported. One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR — which is used to run malicious code on an already compromised box — has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers. John Matherly, […]
The post That was fast: Thousands of computers now compromised with leaked NSA tools, researchers say appeared first on Cyberscoop.
Carbanak has moved away from its exclusive focus on financial services, branching out to attacks against hospitality and retail. Continue reading The Changing Face of Carbanak
Carbanak has surfaced again with new campaigns using Google hosted services such as Forms and Sheets as command and control channels. Continue reading Carbanak Using Google Services for Command and Control
Gdog is a stealthy Python Windows backdoor that uses Gmail as a command and control server, it’s inspired by Gcat and pushes a little beyond a proof of concept with way more features. And don’t forget, Gcat also inspired Twittor – Backdoor Using Twitter For Command & Control. Features Encrypted transportation messages (AES) + SHA256…
Read the full post at darknet.org.uk
Continue reading Gdog – Python Windows Backdoor With Gmail Command & Control