Softpedia
and WiseCleaner are giving away unlimited license keys for Wise Care
365 PRO. Normally, one key costs $29.95 / €25.95. Each key has a
lifetime availability (does not apply to software updates). All you have
to do is access this download link to claim your reward (the app is automatically registered to Pro - the Softpedia giveaway version at installation).
The deadline for this giveaway promo is Monday, July 7 at 15:00 UTC (8:00 a.m. PDT/PST).
Monday, June 30, 2014
Sunday, June 29, 2014
Cloned Android Banking App Hides Phishing Scheme
by Michael Mimoso
Cloned mobile applications, such as the legions of Flappy Bird knock-offs that surfaced once the popular game was removed from Google Play and the Apple App Store, are an increasingly popular malware vehicle for attackers.
The risks range from loading programs that dial premium numbers at the user’s expense, to others that spy on messages or steal data stored on the device.
Mobile security company Lookout this week reported on a cloned banking app targeting users of a popular Israeli bank. The app, a clone of Mizrahi Bank’s legitimate Android application, has since been removed from Google Play.
“The authors put a wrapper around the bank’s legitimate app and redistributed it on the Google Play store, pretending to be the financial institution,” said Meghan Kelly of Lookout.
Strangely enough, the app targets the banking customer’s credentials as expected, but only the user ID.
“Indeed, those who built the malware inserted a comment into the code dictating that only the user ID be taken, not the passwords,” Kelly said.
Likely, the attackers are collecting user names in order to phish customers of this particular bank later on for their credentials or authentication tokens, though it’s not clear why they didn’t do so with the mobile app.
“Once a victim opens the app, the malware loads the login form, which is an in-app html page that has been changed to siphon off the victim’s user ID’s as they enter their credentials. It’s effectively a phishing attack,” Kelly said. “Once the user ID is stored the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store.”
Lookout points out that most banking malware is confined to Europe and Asia with some samples even trying to pass themselves off as Google Play, sending notifications to users’ devices luring them to rogue banking apps.
“Unfortunately, with an app that sneaks into the Google Play store, it’s hard to use traditional means to protect yourself,” Kelly said. “For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs.”
Android banking Trojans such as Svpeng are much more direct and dangerous than this one. The Trojan, studied by Kaspersky Lab researchers, spreads via SMS spam and tailors its messaging based on the device’s language setting. It targets U.S., German, Belarusian and Ukranian victims. In November, Kaspersky researchers reported that a new feature was added to Svpeng where devices infected with the Trojan are presented with a phishing window upon launching their banking application in an attempt to steal credential, which are sent to a command server.
The Trojan also has a payment card component where it layers a phishing window over Google Play prompting the user to enter a credit card or bank card number, including expiration date and security code.
Earlier this year, Svpeng was modified with a ransomware component demanding $500 for illicit activity with the mobile device. That was short lived, Kaspersky researcher Roman Unuchek said recently. A new version of the Trojan began chasing victims in the United States with a new ransomware component tailored around victims in the U.S.
“We managed to identify seven modifications of the new Svpeng, and all of them include a Cryptor class reference, but none of them makes any attempt to use it,” Unuchek said. “It could mean that in the future the cybercriminals will use the Trojan to encrypt user data and demand a ransom to decrypt it.”
Source: http://threatpost.com/cloned-android-banking-app-hides-phishing-scheme/106867
Cloned mobile applications, such as the legions of Flappy Bird knock-offs that surfaced once the popular game was removed from Google Play and the Apple App Store, are an increasingly popular malware vehicle for attackers.
The risks range from loading programs that dial premium numbers at the user’s expense, to others that spy on messages or steal data stored on the device.
Mobile security company Lookout this week reported on a cloned banking app targeting users of a popular Israeli bank. The app, a clone of Mizrahi Bank’s legitimate Android application, has since been removed from Google Play.
“The authors put a wrapper around the bank’s legitimate app and redistributed it on the Google Play store, pretending to be the financial institution,” said Meghan Kelly of Lookout.
Strangely enough, the app targets the banking customer’s credentials as expected, but only the user ID.
“Indeed, those who built the malware inserted a comment into the code dictating that only the user ID be taken, not the passwords,” Kelly said.
Likely, the attackers are collecting user names in order to phish customers of this particular bank later on for their credentials or authentication tokens, though it’s not clear why they didn’t do so with the mobile app.
“Once a victim opens the app, the malware loads the login form, which is an in-app html page that has been changed to siphon off the victim’s user ID’s as they enter their credentials. It’s effectively a phishing attack,” Kelly said. “Once the user ID is stored the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store.”
Lookout points out that most banking malware is confined to Europe and Asia with some samples even trying to pass themselves off as Google Play, sending notifications to users’ devices luring them to rogue banking apps.
“Unfortunately, with an app that sneaks into the Google Play store, it’s hard to use traditional means to protect yourself,” Kelly said. “For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs.”
Android banking Trojans such as Svpeng are much more direct and dangerous than this one. The Trojan, studied by Kaspersky Lab researchers, spreads via SMS spam and tailors its messaging based on the device’s language setting. It targets U.S., German, Belarusian and Ukranian victims. In November, Kaspersky researchers reported that a new feature was added to Svpeng where devices infected with the Trojan are presented with a phishing window upon launching their banking application in an attempt to steal credential, which are sent to a command server.
The Trojan also has a payment card component where it layers a phishing window over Google Play prompting the user to enter a credit card or bank card number, including expiration date and security code.
Earlier this year, Svpeng was modified with a ransomware component demanding $500 for illicit activity with the mobile device. That was short lived, Kaspersky researcher Roman Unuchek said recently. A new version of the Trojan began chasing victims in the United States with a new ransomware component tailored around victims in the U.S.
“We managed to identify seven modifications of the new Svpeng, and all of them include a Cryptor class reference, but none of them makes any attempt to use it,” Unuchek said. “It could mean that in the future the cybercriminals will use the Trojan to encrypt user data and demand a ransom to decrypt it.”
Source: http://threatpost.com/cloned-android-banking-app-hides-phishing-scheme/106867
Free 7-Data Recovery Suite (100% discount)
16 hours remaining
About:
7-Data Recovery Suite is an all-in-one data recovery software to recover lost/deleted photos, files, partition, and more from hard disks, memory cards, flash drives for Windows and mobile phone. Four different data recovery modules are integrated for rescuing files under almost any conditions including but not limited to: accidentally deleted files; damaged or formatted hard drive; lost/deleted partition; photo or video lost from local drive, memory card or camera; file lost from mobile phones; etc.
Note:
Product name: 7-Data Recovery Suite
Version:3.0
License type: Single-User Personal License (Giveaway)
Does not support FREE with giveaway
Promo link: http://sharewareonsale.com/s/free-sharpknight-7-data-recovery-suite-69-95-value
Bitdefender Internet Security 2014 - 180 days Free protection - 50 hours remaining
Hurry up !
You get free key at here http://www.bitdefender.com/media/html/donotcrack/
Enter your name, email, code and then press the GET FREE LICENSE button.
That's it !
Saturday, June 28, 2014
Dropbox Used by Trojan to Update Command and Control Settings
By Ionut Ilascu
A variant of the PlugX RAT (remote access tool) has been discovered to use a Dropbox account to update the settings for the command and control server.
Researchers at Trend Micro found that the new variant of the malware targets a government agency in Taiwan and that it contains some modifications compared to previous known versions.
The investigation revealed that the fresh sample comes with a changed header, most likely in order to prevent forensic analysis. It also has an authentication code from the attacker.
One particularity of the newly found Trojan is that it comes with a trigger date to start its activity. One reason for this could be to avoid being detected by the user immediately after the system has been infected.
According to Trend Micro, there are five command and control servers (C&C) the malware can contact. Further investigation revealed that one of them is related to Krypt Technologies, while another appears to be owned by a certain Zhou Pizhong.
In the case of another address, the registration details were protected and no information could be found.
By checking with Dropbox to update the settings for the command and control server, the intruders made sure that malicious network traffic was not easily detected, since the domain was a legitimate one.
The security company says that after the communication with the remote server has been established, “threat actors then move laterally into the network with the aid of malicious and legitimate tools to avoid being traced and detected.”
The capabilities of the malware include key-logging, port mapping and remote shell command execution.
They appeal to utilities for password recovery or remote administration, as well as network tools and Htran, which is designed to cloak the IP address of the attacker by bouncing the TCP traffic to different countries.
This is a technique that ensures persistence in the network, since tracing the source of the IP is not an easy task and takes some time to complete.
The use of legitimate cloud storage services is not a new practice for cybercriminals, but Trend Micro says that this is the first case they’ve seen in which such service was employed for updating the settings for the C&C server.
Normally, the abuse would occur by using the platform which stores the malware to be delivered to the targeted victim.
The company also says that the common ground in the PlugX RAT variants allows mitigation of the risks regarding sensitive information. “The publicly available information on indicators of compromise can determine if an enterprise is being hit by targeted attacks. This may be incorporated in their security solutions, thus, breaking the attack cycle and possible data exfiltration from the target enterprise or large organization,” writes Maersk Menrige in Trend Micro's blog post.
Friday, June 27, 2014
SMS Worm Selfmite Makes an Entry, and an Exit
By Ionut Ilascu
A new strain of Android malware has been discovered recently propagating through short text messages to different contacts in the list of the victim’s infected smartphone.
Unlike other forms of malware, this one, called Selfmite, is not after banking credentials or any other type of sensitive information.
Its purpose is to download on the victim’s device a copy of Mobogenie, which is a legitimate app for managing and installing mobile apps, as well as multimedia content.
This sort of activity led researchers at AdaptiveMobile to the conclusion that Selfmite is part of a software affiliation scheme which brings the cybercriminals new cash for each install of a specific app.
AdaptiveMobile says that the distribution process of the malware begins with the potential victim receiving a short text message from a known contact inviting them to click on a link.
The address actually leads to the Selfmite worm, which is served as an app named The Self-Timer. As soon as launched, the worm checks the list of contacts and picks 20 of them to distribute to through SMS.
Since it has the name and the phone number, it can customize the message sent to the next potential victim so as not to raise suspicions. The message reads: “Dear [NAME], Look the Self-time, http://goo.gl/******,” and the infection cycle starts again.
It proceeds to direct the victim to the advertising platform address where the Mobogenie download is served only after making sure that the infection is perpetuated.
After the Mobogenie version is installed, it sends some device parameters to a certain URL in order to confirm the installation, and thus, the scammers rake in the profit.
The number of downloads for Mobogenie on Google Play is between 50 millions and 100 millions, which shows that it is a popular app among Android users.
However, there are no signs that the developers of the app are involved in this scheme. Moreover, the developers updated its description with an apologetic message towards those users that have been affected by this campaign.
The company representative also says that they have identified a technical issue with one of the promotional partners and a fix is on the way.
“Although we have never intentionally distributed spam advertisements to our users, we would like to take this opportunity to apologise to all of you for any inconvenience this spam may have caused. Having now identified a technical issue with one of our promotional partners, we are currently trying our best to fix this problem as soon as possible,” the post says.
According to AdaptiveMobile, North America appears to be the most affected region and the company has already blocked the spread to its customers. Google has also been contacted and it has disabled the shortened links used in the scam, as well as Mobogenie, to block the ID responsible for such activity.
Source: http://news.softpedia.com/news/SMS-Worm-Selfmite-Makes-an-Entry-and-an-Exit-448657.shtml
A new strain of Android malware has been discovered recently propagating through short text messages to different contacts in the list of the victim’s infected smartphone.
Unlike other forms of malware, this one, called Selfmite, is not after banking credentials or any other type of sensitive information.
Its purpose is to download on the victim’s device a copy of Mobogenie, which is a legitimate app for managing and installing mobile apps, as well as multimedia content.
This sort of activity led researchers at AdaptiveMobile to the conclusion that Selfmite is part of a software affiliation scheme which brings the cybercriminals new cash for each install of a specific app.
AdaptiveMobile says that the distribution process of the malware begins with the potential victim receiving a short text message from a known contact inviting them to click on a link.
The address actually leads to the Selfmite worm, which is served as an app named The Self-Timer. As soon as launched, the worm checks the list of contacts and picks 20 of them to distribute to through SMS.
Since it has the name and the phone number, it can customize the message sent to the next potential victim so as not to raise suspicions. The message reads: “Dear [NAME], Look the Self-time, http://goo.gl/******,” and the infection cycle starts again.
It proceeds to direct the victim to the advertising platform address where the Mobogenie download is served only after making sure that the infection is perpetuated.
After the Mobogenie version is installed, it sends some device parameters to a certain URL in order to confirm the installation, and thus, the scammers rake in the profit.
The number of downloads for Mobogenie on Google Play is between 50 millions and 100 millions, which shows that it is a popular app among Android users.
However, there are no signs that the developers of the app are involved in this scheme. Moreover, the developers updated its description with an apologetic message towards those users that have been affected by this campaign.
The company representative also says that they have identified a technical issue with one of the promotional partners and a fix is on the way.
“Although we have never intentionally distributed spam advertisements to our users, we would like to take this opportunity to apologise to all of you for any inconvenience this spam may have caused. Having now identified a technical issue with one of our promotional partners, we are currently trying our best to fix this problem as soon as possible,” the post says.
According to AdaptiveMobile, North America appears to be the most affected region and the company has already blocked the spread to its customers. Google has also been contacted and it has disabled the shortened links used in the scam, as well as Mobogenie, to block the ID responsible for such activity.
Source: http://news.softpedia.com/news/SMS-Worm-Selfmite-Makes-an-Entry-and-an-Exit-448657.shtml
Thursday, June 26, 2014
PayPal’s Two-Factor Authentication Bypassed
By Ionut Ilascu
A vulnerability in the authentication flow of the PayPal API web services allowed access to an account protected by PayPal’s two-factor authentication (2FA) mechanism.
2FA is a supplementary security measure which requires entering an additional code that is generally sent to the owner’s email address or mobile phone as a short text message.
PayPal mobile apps cannot be used to access accounts that have 2FA enabled, but it seems that the log in procedure is still carried out in lack of the supplementary security code and, when the signal that the log in is protected by the additional code returns from the server, access to said account is blocked.
On iOS, by enabling the Airplane Mode before the 2FA signal returns from the server and then re-enabling connectivity of the device, it is possible to gain access to an account protected by the double security measure.
According to Duo Security researcher Zach Lanier, the flaw was possible because during the authorization process of 2FA-enabled accounts, a session token was provided after logging in with the username and password; this allowed various account-related actions to be performed, including money transfers.
The discovery was made by Dan Saltman, a developer who, at the end of March, reported the issue to PayPal via the Bug Bounty program, but received an automated response only after about a month, letting him know that the investigation was ongoing. Meanwhile, he contacted Duo Security for validation of the flaw.
Duo Security confirmed the issue. Upon further investigation, they reproduced the 2FA bypass with mobile apps for the Android operating system. The security firm also contacted PayPal on April 23 and received a reply two days later, informing that the case was still under investigation.
After an email exchange between the security firm, which informed on June 9 of its public disclosure intent on June 25, and PayPal (that extended over the course of a month), the latter implemented a temporary fix for the problem.
In a blog post, PayPal Senior Director of Global Initiatives Anuj Nayar informs customers that “all PayPal accounts remain secure” and that the issue affected only users with the 2FA extra security measure enabled.
“As a precaution we have disabled the ability for customers who have selected 2FA to log in to their PayPal account on the PayPal mobile app and on certain other mobile apps. These customers will still be able to log in to their PayPal account on a mobile device by visiting the PayPal mobile web site,” he added.
Source: http://news.softpedia.com/news/PayPal-s-Two-Factor-Authentication-Bypassed-448412.shtml
A vulnerability in the authentication flow of the PayPal API web services allowed access to an account protected by PayPal’s two-factor authentication (2FA) mechanism.
2FA is a supplementary security measure which requires entering an additional code that is generally sent to the owner’s email address or mobile phone as a short text message.
PayPal mobile apps cannot be used to access accounts that have 2FA enabled, but it seems that the log in procedure is still carried out in lack of the supplementary security code and, when the signal that the log in is protected by the additional code returns from the server, access to said account is blocked.
On iOS, by enabling the Airplane Mode before the 2FA signal returns from the server and then re-enabling connectivity of the device, it is possible to gain access to an account protected by the double security measure.
According to Duo Security researcher Zach Lanier, the flaw was possible because during the authorization process of 2FA-enabled accounts, a session token was provided after logging in with the username and password; this allowed various account-related actions to be performed, including money transfers.
The discovery was made by Dan Saltman, a developer who, at the end of March, reported the issue to PayPal via the Bug Bounty program, but received an automated response only after about a month, letting him know that the investigation was ongoing. Meanwhile, he contacted Duo Security for validation of the flaw.
Duo Security confirmed the issue. Upon further investigation, they reproduced the 2FA bypass with mobile apps for the Android operating system. The security firm also contacted PayPal on April 23 and received a reply two days later, informing that the case was still under investigation.
After an email exchange between the security firm, which informed on June 9 of its public disclosure intent on June 25, and PayPal (that extended over the course of a month), the latter implemented a temporary fix for the problem.
In a blog post, PayPal Senior Director of Global Initiatives Anuj Nayar informs customers that “all PayPal accounts remain secure” and that the issue affected only users with the 2FA extra security measure enabled.
“As a precaution we have disabled the ability for customers who have selected 2FA to log in to their PayPal account on the PayPal mobile app and on certain other mobile apps. These customers will still be able to log in to their PayPal account on a mobile device by visiting the PayPal mobile web site,” he added.
Source: http://news.softpedia.com/news/PayPal-s-Two-Factor-Authentication-Bypassed-448412.shtml
Tuesday, June 3, 2014
Europol Expert Says Free Anti-Malware Apps Are Useless
By Bogdan Popa
If you’re one of the many users who are currently running freeware anti-malware protection on your computers, you might want to reconsider your options after reading this article.
The head of the European Cybercrime Centre, a European Union body that belongs to the Europol, said in an interview with Information Age that freeware anti-malware solutions do no good to your computer and those who’d like to remain completely secure and block any threat that might appear are strongly recommended to get a paid product.
“We see too often that people are using cheap and easy security solutions. There are no free lunches. If you are getting something for free then you are the product,” he said in the interview.
Freeware security products have been around for a while and there’s no doubt that they’re fairly appealing for users who do not want to pay for a similar application that promises to offer pretty much the same thing.
At this point, security apps such as avast! Free Antivirus, Avira, and AVG are ruling the top free security solutions charts, as they offer support for the majority of Windows versions on the market, while also providing features that can be easily compared to those of their paid siblings.
Read more...
I beg to diasagree with Europol Expert's findings. I've been using and testing free AV and they really are good so there's really no need to purchase a full license. For those who do online business, I will agree a paid for version would be better, but if you are just a home user doing trivial stuff on you PC a free version will suffice. I feel surprised that AVG fared better than Avast! to their test. My hands on experience with malware says otherwise.
Bottomline, it's just a ploy to make free users to switch to paid for versions. Business is still business
Here are the list of free versions that I install on my customers PCs
If you’re one of the many users who are currently running freeware anti-malware protection on your computers, you might want to reconsider your options after reading this article.
The head of the European Cybercrime Centre, a European Union body that belongs to the Europol, said in an interview with Information Age that freeware anti-malware solutions do no good to your computer and those who’d like to remain completely secure and block any threat that might appear are strongly recommended to get a paid product.
“We see too often that people are using cheap and easy security solutions. There are no free lunches. If you are getting something for free then you are the product,” he said in the interview.
Freeware security products have been around for a while and there’s no doubt that they’re fairly appealing for users who do not want to pay for a similar application that promises to offer pretty much the same thing.
At this point, security apps such as avast! Free Antivirus, Avira, and AVG are ruling the top free security solutions charts, as they offer support for the majority of Windows versions on the market, while also providing features that can be easily compared to those of their paid siblings.
Read more...
I beg to diasagree with Europol Expert's findings. I've been using and testing free AV and they really are good so there's really no need to purchase a full license. For those who do online business, I will agree a paid for version would be better, but if you are just a home user doing trivial stuff on you PC a free version will suffice. I feel surprised that AVG fared better than Avast! to their test. My hands on experience with malware says otherwise.
Bottomline, it's just a ploy to make free users to switch to paid for versions. Business is still business
Here are the list of free versions that I install on my customers PCs
- Avast!
- Avira
- Comodo
- Malwarebytes
Latest Windows Service Packs & Updates
Download Updates for Windows 8, Windows 7, Windows Vista, and More
By Tim Fisher
Microsoft regularly releases major updates to their Windows operating systems. Below you'll find all the latest information on these updates
Read more...
Subscribe to:
Comments (Atom)