Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Sunday, March 29, 2020

Phishing Attack Says You're Exposed to Coronavirus, Spreads Malware

By Lawrence Abrams March 29, 2020 12:12 PM 0



A new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.

With the Coronavirus pandemic affecting all corners of the world, we continue to see phishing actors try to take advantage of the fear and anxiety it is provoking to scare people into opening malicious email attachments.

In a new low, a threat actor is pretending to be from a local hospital telling the recipient that they have been in contact with a colleague, friend, or family member who has tested positive for the COVID-19 virus.

The email then tells the recipient to print the attached EmergencyContact.xlsm attachment and bring it with them to the nearest emergency clinic for testing.
Coronavirus-themed phishing email

The text of this email reads:Dear XXX You recently came into contact with a colleague/friend/family member who has COVID-19 at Taber AB, please print attached form that has your information prefilled and proceed to the nearest emergency clinic. Maria xxx The Ottawa Hospital General Campus 501 Smyth Rd, Ottawa, ON K1H 8L6, Canada


When a user opens the attachment. they will be prompted to 'Enable Content' to view the protected document.
Malicious attachment

If a user enables content, malicious macros will be executed to download a malware executable to the computer and launch it.

This executable will now inject numerous processes into the legitimate Windows msiexec.exe file. This is done to hide the presence of the running malware and potentially evade detection by security programs.

In a cursory analysis, BleepingComputer saw that the malware performed the following behavior:
Search for and possibly steal cryptocurrency wallets.
Steals web browser cookies that could allow attackers to log in to sites with your account.
Gets a list of programs running on the computer.
Looks for open shares on the network with the net view /all /domain command.
Gets local IP address information configured on the computer.

During this crisis, it is important for everyone to be especially careful of any Coronavirus-related emails that they receive and to not open any attachments.

Instead, you should look up the number for the alleged sender and contact them via phone to confirm the email and the enclosed information.

Furthermore, if you are looking for the latest trust Coronavirus information you should go to the sites for the CDC, WHO, or your local health department instead rather than risk opening an attachment from a stranger.

Hackers Used Local News Sites to Install Spyware On iPhones

March 27, 2020Ravie Lakshmanan
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices.

According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.

Watering-hole attacks typically let a bad actor compromise a specific group of end-users by infecting websites that they are known to visit, with an intention to gain access to the victim's device and load it with malware.


The APT group, dubbed "TwoSail Junk" by Kaspersky, is said to be leveraging vulnerabilities present in iOS 12.1 and 12.2 spanning all models from iPhone 6 to the iPhone X, with the attacks first identified on January 10, before intensifying around February 18.


Using Malicious Links as Bait to Install Spyware
The campaign uses fake links posted on multiple forums, all popular with Hong Kong residents, that claim to lead to various news stories related to topics that are either sex-related, clickbait, or news related to the ongoing COVID-19 coronavirus pandemic.



Clicking the URLs lead the users to legitimate news outlets that have been compromised as well as websites set up specifically for this campaign (e.g., hxxps://appledaily.googlephoto[.]vip/news[.]html) by the operators. In both situations, a hidden iframe is employed to load and execute malicious code.

"The URLs used led to a malicious website created by the attacker, which in turn contained three iframes that pointed to different sites," Trend Micro researchers said. "The only visible iframe leads to a legitimate news site, which makes people believe they are visiting the said site. One invisible iframe was used for website analytics; the other led to a site hosting the main script of the iOS exploits."



The malware in question exploits a "silently patched" Safari vulnerability, which when rendered on the browser leads to the exploitation of a use after free memory flaw (tracked as CVE-2019-8605) that allows an attacker to execute arbitrary code with root privileges — in this case, install the proprietary LightSpy backdoor. The bug has since been resolved with the release of iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, and watchOS 5.2.1.

The spyware is not just capable of remotely executing shell commands and taking full control of the device. It also contains a variety of downloadable modules that allow for data exfiltration, such as contact lists, GPS location, Wi-Fi connection history, hardware data, iOS keychains, phone call records, mobile Safari and Chrome browser history, and SMS messages.


In addition, LightSpy targets messaging applications like Telegram, QQ, and WeChat to steal account information, contacts, groups, messages, and attached files.


A Surveillance Operation Targeting Southeast Asia
It is suspected the TwoSail Junk gang is connected to, or possibly the same, as the operators of "dmsSpy," an Android variant of the same malware that was distributed last year through open Telegram channels under the guise of Hong Kong protest calendar apps among others.

"dmsSpy's download and command-and-control servers used the same domain name (hkrevolution[.]club) as one of the watering holes used by the iOS component of Poisoned News," the researchers observed.

Once installed, these rogue Android apps harvested and exfiltrated contacts, text messages, the user's location, and the names of stored files.

"This particular framework and infrastructure is an interesting example of an agile approach to developing and deploying surveillance framework in Southeast Asia," Kaspersky researchers concluded.

Trend Micro, for its part, suggested the design and functionality of the campaign aim to compromise as many mobile devices as possible to enable device backdooring and surveillance.

To mitigate such threats, it's essential that users keep their devices up-to-date and avoid sideloading apps on Android from unauthorized sources.

Tekya Clicker Malware Hides in 56 Apps that Downloaded 1 Million Times Worldwide From Google Play

By GURUBARAN S - March 27, 2020 0



Google implements a number of ways to filter the malicious apps getting into the play store, but still, attackers continue to find ways to infiltrate the app store and infect user devices.

Security researchers from Check Point identified 56 malicious apps in play store that aimed to commit mobile fraud with new malware families dubbed ‘Tekya’.

Tekya Malware Play Store

The malware aims to steal user data such as credentials, emails, text messages, and geographical location.

The Tekya malware founded to be hidden with 56 apps that were downloaded more than 1 million times worldwide. Out of 56 apps, 24 of the infected apps targeting apps used by kids such as puzzles to racing games.

Researchers found that “Tekya malware obfuscates native code to avoid detection by Google Play Protect and utilizes the ‘MotionEvent’ mechanism in Android to imitate the user’s actions and generate clicks”.

MotionEvent is a mechanism in an Android device that used to report movements such as a mouse, pen, finger, trackball events.

With this campaign, attackers cloned the legitimate versions of the app and host fake versions with malware embedded.

Once this malware gets installed in the device, a receiver gets registered and multiple actions performed in the device.

The receiver “us.pyumo.TekyaReceiver” get’s registered to perform the following actions

‘BOOT_COMPLETED’ to allow code running at device startup (“cold” startup)
‘USER_PRESENT’ in order to detect when the user is actively using the device
‘QUICKBOOT_POWERON’ to allow code running after device restart


The main goal of the malware is to click on the ads banner from agencies such as Google’s AdMob, AppLovin, Facebook, and Unity.

Here you can find the full list of the infected apps
Package_name Gp Installs
caracal.raceinspace.astronaut 100000
com.caracal.cooking 100000
com.leo.letmego 100000
com.caculator.biscuitent 50000
com.pantanal.aquawar 50000
com.pantanal.dressup 50000
inferno.me.translator 50000
translate.travel.map 50000
travel.withu.translate 50000
allday.a24h.translate 10000
banz.stickman.runner.parkour 10000
best.translate.tool 10000
com.banzinc.littiefarm 10000
com.bestcalculate.multifunction 10000
com.folding.blocks.origami.mandala 10000
com.goldencat.hillracing 10000
com.hexa.puzzle.hexadom 10000
com.ichinyan.fashion 10000
com.maijor.cookingstar 10000
com.major.zombie 10000
com.mimochicho.fastdownloader 10000
com.nyanrev.carstiny 10000
com.pantanal.stickman.warrior 10000
com.pdfreader.biscuit 10000
com.splashio.mvm 10000
com.yeyey.translate 10000
leo.unblockcar.puzzle 10000
mcmc.delicious.recipes 10000
mcmc.delicious.recipes 10000
multi.translate.threeinone 10000
pro.infi.translator 10000
rapid.snap.translate 10000
smart.language.translate 10000
sundaclouded.best.translate 10000
biaz.jewel.block.puzzle2019 5000
biaz.magic.cuble.blast.puzzle 5000
biscuitent.imgdownloader 5000
biscuitent.instant.translate 5000
com.besttranslate.biscuit 5000
com.inunyan.breaktower 5000
com.leo.spaceship 5000
com.michimocho.video.downloader 5000
fortuneteller.tarotreading.horo 5000
ket.titan.block.flip 5000
mcmc.ebook.reader 5000
swift.jungle.translate 5000
com.leopardus.happycooking 1000
com.mcmccalculator.free 1000
com.tapsmore.challenge 1000
com.yummily.healthy.recipes 1000
com.hexamaster.anim 500
com.twmedia.downloader 100
com.caracal.burningman 50
com.cuvier.amazingkitchen 50
bis.wego.translate 0
com.arplanner.sketchplan 0
com.arsketch.quickplan 0
com.livetranslate.best 0
com.lulquid.calculatepro 0
com.smart.tools.pro 0
com.titanyan.igsaver 0
hvt.ros.digiv.weather.radar 0
md.titan.translator 0
scanner.ar.measure 0
toolbox.artech.helpful 0
toolkit.armeasure.translate 0


This shows that attackers still finding ways to bypass the Google Play Store and infiltrate with malicious apps.

Before installing apps users are recommended to check the background of the application and its developer company reputation.

Πώς η τηλεργασία κάνει τους χρήστες πιο ευάλωτους στους χάκερς;


By Hack Unamatata 29 Μαρτίου 2020, 13:30

Ο Κοροναϊός έχει μολύνει περισσότερους από 450.000 ανθρώπους παγκοσμίως και τώρα οι ειδικοί στον τομέα της κυβερνοασφάλειας προειδοποιούν ότι η πανδημία θα μπορούσε να επηρεάσει και τα συστήματα των ηλεκτρονικών υπολογιστών
Πολλές εταιρείες που χειρίζονται συνήθως ευαίσθητες και εμπιστευτικές πληροφορίες στα γραφεία τους, συνιστούν στους υπαλλήλους την τηλεργασία, σε μία προσπάθεια να περιοριστεί η εξάπλωση του Κοροναϊού. 
Αυτό όμως μπορεί να τους κάνει πιο ευάλωτους σε χάκερς, ειδικά αν οι εργαζόμενοι περιηγηθούν σε συγκεκριμένα sites που ενδεχομένως να επισκέπτονται όταν δεν βρίσκονται υπό την επίβλεψη των αφεντικών τους, όπως για παράδειγμα τα porn sites. 
Το porn αποτελεί ένα από τα αγαπημένα εργαλεία των χάκερς και μπορεί να γίνει ακόμη πιο αποτελεσματικό εάν οι υπάλληλοι μιας εταιρείας αποφασίσουν ότι αυτό που αποκαλείται NSFW είναι μία ασφαλής επιλογή κατά την τηλεργασία ενόψει της πανδημίας του Κοροναϊού. Στην πραγματικότητα όμως το NSFW δεν είναι ασφαλές.


Σύμφωνα με τον Tyler Moffitt, αναλυτή ερευνητικών απειλών στην διαδικτυακή εταιρεία Webroot, τα sites για ενήλικες ήταν πάντα στις 3 καλύτερες κατηγορίες sites που φιλοξενούν κακόβουλο περιεχόμενο, έτσι είναι πολύ πιθανό να αυξηθούν οι κακόβουλες επιθέσεις, δεδομένου ότι οι άνθρωποι θα έχουν την τάση να επισκέπτονται πιο συχνά porn sites κατά τη διάρκεια της καραντίνας. Άλλωστε οι κυβερνοεγκληματίες εκμεταλλεύονται τις ευκαιρίες που τους παρουσιάζονται, ιδιαίτερα σε κρίσιμες περιόδους όπως η πανδημία του Κοροναϊού.

Το Pornhub, που είναι το πιο δημοφιλές porn site, αναφέρει ότι η επισκεψιμότητα μπορεί όντως να αποδειχθεί επικίνδυνη σε συνδυασμό με την πανδημία του Κοροναϊού.

Αξίζει να σημειωθεί ότι τις τελευταίες δύο εβδομάδες έχουν αυξηθεί σημαντικά οι κυβερνοεπιθέσεις, με στόχο τους Αμερικανούς, καθώς η μεγαλύτερη κοινότητα χάκερς στον κόσμο εκτιμά ότι οι Αμερικανοί εργάζονται τώρα έξω από τα εταιρικά τείχη προστασίας τους.


Σύμφωνα με τον Tom Kellermann, επικεφαλής της στρατηγικής για την κυβερνοασφάλεια στην εταιρεία λογισμικού VMware, δεν είναι μόνο οι επισκέπτες τέτοιων sites που κινδυνεύουν να “χτυπηθούν” από χάκερς, δεδομένου ότι και η τηλεργασία από μόνη της επιφυλάσσει κινδύνους. 
Ο Kellermann επισημαίνει επίσης ότι τα εταιρικά τείχη προστασίας μπορούν να επεκταθούν στα σπίτια των εργαζομένων μέσω εικονικών ιδιωτικών δικτύων (VPNs), που ορισμένες εταιρείες έχουν σχεδιάσει για να εξασφαλίσουν μεγαλύτερη ασφάλεια κατά την εξ αποστάσεως εργασία.


Σύμφωνα με τον Peter Bauer, διευθύνοντα σύμβουλο της Mimecast, σημειώνονται συχνά απάτες που προωθούνται μέσω email παρουσιαζόμενες ως Costco, προσελκύοντας τους ανθρώπους για να προμηθευτούν προϊόντα σε κρίσιμες στιγμές. 
Οι χάκερς σαφώς και δεν θέλουν να πουλήσουν προϊόντα όπως χαρτί υγείας και Purell. Ο Bauer προειδοποιεί επίσης για μηνύματα email που υποτίθεται ότι προέρχονται από την ομοσπονδιακή κυβέρνηση, προσφέροντας επιταγές “ανακούφισης” αρκεί οι χρήστες να δώσουν στοιχεία των τραπεζικών τους λογαριασμών
Ο Bauer επισημαίνει ότι ορισμένοι χάκερς μπορεί να δραστηριοποιούνται σε μεγαλύτερο βαθμό τώρα επειδή ίσως αισθάνονται απελπισμένοι. Συγκεκριμένα, υπάρχουν πολλοί χάκερς των οποίων η καθημερινότητα έχει διακοπεί, συνεπώς ξοδεύουν πολύ περισσότερο χρόνο μπροστά από έναν υπολογιστή. 
Ο Bauer προβλέπει ότι οι κυβερνοεπιθέσεις θα συνεχιστούν για τουλάχιστον μερικές εβδομάδες ακόμη.


Ο Andy Ellis, επικεφαλής της Υπηρεσίας Ασφαλείας της Akamai Technologies, τόνισε ότι δεν υπάρχει τέλεια άμυνα για την αποφυγή των χάκερς, ωστόσο οι εργαζόμενοι μπορούν να περιορίσουν τον κίνδυνο εφαρμόζοντας την λεγόμενη “ψηφιακή υγιεινή”.  
Η καλή ψηφιακή υγιεινή μπορεί να περιλαμβάνει την εκκαθάριση παλαιών εγγράφων από το Dropbox ή το Google Drive. Η τακτική αλλαγή των κωδικών πρόσβασης μπορεί επίσης να βοηθήσει ενώ οι εμπειρογνώμονες συστήνουν τη χρήση συσκευών κατάλληλων για εργασία σε επιχειρήσεις, όποτε είναι δυνατόν, καθώς οι προσωπικές συσκευές ενδέχεται να έχουν ασθενέστερη προστασία.

 Μία ακόμη συμβουλή που δίνουν οι ειδικοί είναι οι χρήστες να μείνουν μακριά από porn sites  

13 Free Movie Download Websites — Watch HD Movies Online! Stay Home!!

Wang Wei
 

When you search for free movie download or watch free movies online, search engines serve you a long list of best free movie websites.

But you need to beware, as most free movies files and free movie site could end you up into downloading links to nasty computer viruses. They could infect or, at worst case, take control over your computer.

One more thing I have learned in these years is that most top torrent sites, including Kickass Torrents and Pirate Bay, are illegal as they violate copyright laws. So, before downloading movies, make sure those movies are legal to download.

But, there are hundreds of torrents available on the Internet, which are legal to download.

We receive emails from our readers on a daily basis who ask for legal sites like Tubi TV to download free movies and TV series.

The query is fair enough because it is no easy to get free streaming sites or free movie download websites without breaking laws.


Best Free Movie Download Websites (Legally)
So in the interest of our readers, I have compiled a list of movie sites, where you can download movies.

You can also consider streaming movies for free, instead of downloading them. In fact, you will be able to watch high quality movies if you consider to watch movies online.


To watch movies for free, you need to stream movies from the websites as many times as you like. You can even try out free movie streaming apps if you want to watch free movies online on a mobile device.

Below we have listed some of the best movie download sites and online streaming services that offer a good collection of movies and shows for free:


1) The Internet Archive Movies
The Internet Archive's Movies is one of the oldest and best websites to download free movies. It offers a wide variety of digital movies uploaded by Archive users for free. The categories range from full-length classic films to cartoons and concerts.

You can download movies in different file formats. Your computer's in-built video player supports most file formats, or you can opt for VLC Media Player that supports many video file formats.


2) Public Domain Torrents
Public Domain Torrents is one of a few legal torrent websites that offers a wide collections of movies to download for free.

The movies end up on the public domain when the original creator of a patented movie fails to renew its copyright claim on time.

The categories on Public Domain Torrents range from drama, horror, musical, to westerns. The movies are available in many formats and quality.

The interface is simple and easy. It helps you select a category of movies or find the most popular movies and recently added movies.


3) MoviesFoundOnline
MoviesFoundOnline is a free movie download website that lists free content from around the Internet. It has a long list of free movies, films, documentaries, animations, stand up comedy, drama shows and other media.


MoviesFoundOnline offers 40 genres including action, adventure, comedy, musical, short films, animation, romance, horror, and more. You can browse the site's categories to download movies.


4) Sony CrackleOwned by Sony , Crackle is a great website to watch high-quality movies and TV shows for free. Crackle offers lots of popular movies and TV shows that you won't find for free on other websites.

Crackle offers legal content from big media providers like Universal Studios, Warner Bros and Fox Digital. So, you get lots of movies to watch.

The interface of Crackle is simple and easy to navigate. You need to signup and create a watchlist. Crackle will then recommend you content based on the things you like.

You can browse full library of movies and TV shows including Action, Comedy, Sci-Fi, Romance, Sports, Thriller, Crime, Anime, and Horror. It's all free as long as you are sometimes willing to watch commercials and ads.

Crackle also has Android and iOS apps, making it easy to watch free movies and TV shows while travelling.


5) Popcorn Flix
Owned by Screen Media Ventures, Popcornflix is one of my favorite video streaming websites with nice user interface. Popcornflix lists action, comedy, drama, documentaries, family, horror, romance, and foreign films. It also features web and film school originals.

With a constant flow of new movies, Popcornflix helps you watch movies on your computer, mobile phone, and other supported devices. All completely free, even without need to create any account on the website.

Hit Play button on your chosen movie and enjoy watching.

It's worth pointing out that Popcornflix is ad-supported. So you will have to sit through a few commercial advertisements, which is acceptable for a free, good quality watch.


6) TopDocumentaryFilms
Love watching documentaries? TopDocumentaryFilms (TDF) is one of the best sites for documentaries based on real life.

With the flow of recent films, TopDocumentaryFilms has more than 3,000 films. Some of the best documentaries on the site are under the 60-minute mark.

The website's layout is simple and straightforward. It helps you search by categories based on subject. This includes war, global conflict, and crime, making it easy to find something of an interest.


TopDocumentaryFilms also has a community of users. They provide ratings and reviews for each film. So other users can have an idea of the documentary before they watch.

You can also check out the site's front page for its featured films, or top 100 documentary list to see what people are watching.


7) YouTube
YouTube is the world's largest video-sharing website. Besides movie trailers, YouTube also hosts a sizable collection of full-length movies and TV shows for free.

YouTube also provides movies and TV shows that are its originals. You can enjoy them without paying a single penny.

Finding free movies on YouTube might be quite difficult nowadays. But you can check few popular YouTube channels, like Maverick Entertainment and The Paramount Vault, that feature a long list of films.

Also, there are thousands of films on YouTube that won't show up unless you search for them by typing their names. So if you are looking for a particular movie, especially an older one, perform a quick search on YouTube.

YouTube also offers paid subscription tiers like YouTube Premium and YouTube TV, to watch high quality movies.


8) Vimeo
Like YouTube but may not be as big as YouTube, Vimeo is also a famous video-sharing website for users. You can upload, share and view videos on Vimeo as well.

Vimeo also offers a good collection of free movies and documentaries. You can also find tons of entertaining short movies on the platform.

Vimeo has a pretty decent interface with a high definition playback support and no annoying ads. It also offers an On-Demand video section where users can pay for popular movies and TV shows.


9) SnagFilms
SnagFilms is a video-on-demand website. You can watch hundreds of rare documentaries and independent films that you can't find anywhere else on the Internet.

Founded in 2008, SnagFilms lists more than 10,000 independent documentaries and narrative films. You can search them by genre, most reviewed, newly added, and most popular.

SnagFilms is currently available as a free app for iOS and Android. It is also compatible with Kindles, some Roku devices, and a host of other streaming devices.


10) Yahoo View
If you were a great fan of Hulu's free version, Yahoo View is for you. Yahoo View is another free video-on-demand platform that works almost in the same manner as Hulu worked once.

The clean and easy-to-access interface allows you to select any genre of your interest. It includes popular TV shows from many broadcasting networks like NBC, ABC and FOX. The website also hosts movies trailers, free TV shows, and documentaries.

But, there is one thing you should note—under each video on the site, you will see days remaining before the free version expires. So make sure you complete those episodes in the given time.

Yahoo View also provides many international sitcoms and anime shows which you can enjoy without any episode limit.


11) Pluto TV—Channel
Although it is not as famous as others on-demand video sites, Pluto TV is one of my favorite services on the list.

Pluto TV is a free internet-based TV platform that offers more than 100 channels. They channels divides into movies, TV, news, technology, sports, and other popular sections.

Last year, Pluto TV struck a deal with MGM and Warner Bros to add a huge amount of on-demand movies along with TV shows.

Besides on-demand films, Pluto TV also offers a completely free live-TV streaming service. It hosts content curated from across the Internet. Pluto TV currently features nine live movie channels.

Pluto TV is available for almost all popular platforms. Besides iOS and Android, Pluto TV is also compatible with Apple TV, Amazon Fire TV, Roku devices, and more. So you can enjoy the service on the go.


12) Classic Cinema Online
If you love old, classic movies, Classic Cinema Online is your place. You can find those classic cinemas of the Golden Age of Hollywood which are not easy to find nowadays.

Some of the classic movies include Gregory Peck's Moby Dick, the original Lone Ranger film, the 1952 Mutiny and the 1932 Secret of Dr. Kildare.

If you are looking for something specific, you can search by category, or check out the menu for old films.


13) Retrovision
Retrovision is another free movie download website featuring many classic movies and TV shows. The category includes Adventure, Comedy, Classic TV, Cartoons, Crime, Drama, Horror, and Sci-Fi.

Although not all movies on the site are high-quality—but there are still plenty of good movies to enjoy. The site is well designed that allows users to filter movies based on genre.

Mobile users can download its Android app called Classic UHF so that they can watch movies on the go.


Watch Movies Online: Streaming Services for Latest Movies
Always keep in mind that there is no legal way to download free movies that are still in theaters. For downloading latest movies online to watch them in the comfort of your home, you can try paid websites.

Here's a list of some paid movie download websites and online streaming subscription services that let you watch high quality movies online:


Netflix—It is a leading subscription service for watching movies and TV episodes, and probably one of my favorites. You can either stream to watch movies online or download movies or TV series to watch them on the go. Download option is available only for certain content.
Amazon Prime—It is yet another subscription service that lets you watch and download movies and popular TV shows.
Hulu—Once popular free movie download website, Hulu is now a subscription service. It lets users stream popular TV shows, movies and news online for a low monthly fee. The service is compatible with a long list of devices, including computers and smartphones.