Monthly Archives: May 2017

Remove Malcious Apps From Your Android Device

Here’s a list of malicious apps developed by Kiniwini and if you have any of these installed on your device, remove it immediately:

  • Fashion Judy: Snow Queen style
  • Animal Judy: Persian cat care
  • Fashion Judy: Pretty rapper
  • Fashion Judy: Teacher style
  • Animal Judy: Dragon care
  • Chef Judy: Halloween Cookies
  • Fashion Judy: Wedding Party
  • Animal Judy: Teddy Bear care
  • Fashion Judy: Bunny Girl Style
  • Fashion Judy: Frozen Princess
  • Chef Judy: Triangular Kimbap
  • Chef Judy: Udong Maker – Cook
  • Fashion Judy: Uniform style
  • Animal Judy: Rabbit care
  • Fashion Judy: Vampire style
  • Animal Judy: Nine-Tailed Fox
  • Chef Judy: Jelly Maker – Cook
  • Chef Judy: Chicken Maker
  • Animal Judy: Sea otter care
  • Animal Judy: Elephant care
  • Judy’s Happy House
  • Chef Judy: Hotdog Maker – Cook
  • Chef Judy: Birthday Food Maker
  • Fashion Judy: Wedding day
  • Fashion Judy: Waitress style
  • Chef Judy: Character Lunch
  • Chef Judy: Picnic Lunch Maker
  • Animal Judy: Rudolph care
  • Judy’s Hospital: Pediatrics
  • Fashion Judy: Country style
  • Animal Judy: Feral Cat care
  • Fashion Judy: Twice Style
  • Fashion Judy: Myth Style
  • Animal Judy: Fennec Fox care
  • Animal Judy: Dog care
  • Fashion Judy: Couple Style
  • Animal Judy: Cat care
  • Fashion Judy: Halloween style
  • Fashion Judy: EXO Style
  • Chef Judy: Dalgona Maker
  • Chef Judy: ServiceStation Food
  • Judy’s Spa Salon

Android Malware ‘Judy’ Hits as Many as 36.5 Million Phones

Up to 36.5 million Android devices may have been infected by malware that produced fake ad clicks and lined the pockets of its developers.

As outlined by security firm Check Point, 41 apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., “infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.”

It’s “possibly the largest malware campaign found on Google Play,” according to Check Point.

Google “swiftly” removed the apps from Google Play after being alerted to their existence, Check Point says, but not before they “reached an astonishing spread between 4.5 million and 18.5 million downloads.” Some were available on the store for several years and all were recently updated.

“It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown,” Check Point says, but those download numbers mean “the total spread of the malware may have reached between 8.5 and 36.5 million users.”

Judy Malware

The malware was dubbed Judy by Check Point after the title character in Kiniwini’s apps. Chef Judy: Picnic Lunch Maker, for example, encourages players to “create delicious food with Judy.” But Judy-themed games ran the gamut, from “Animal Judy” and “Fashion Judy.”

How does Judy infect your device? Hackers create an innocuous app that can get around Google’s Bouncer security screening and is added to an app store.

“Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server,” Check Point says. “The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.”

Check Point likens Judy to two previous exploits: FalseGuide and Skinner. And like another bug, DressCode, Judy hid behind good reviews. “Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware,” Check Point says.

Kiniwini develops apps for iOS and Android, Check Point says, but it did not mention any problems with the iOS apps. As of Sunday afternoon, 45 ENISTUDIO Corp. Judy apps are available in the App Store, most of which appear to have last been updated on March 31.

WannaSmile – A Simple Tool To Protect Yourself From WannaCry Ransomware

WannaCry Ransomware is spreading like wild fire. It uses vulnerability in Microsoft’s SMB ( which is turned on by default ).

On 13th may 2017 , security researcher going with the handle @malwaretech and Darien Huss found a ‘kill-switch’ which paused the ransomware. Basically the ransomware opens a unregistered domain and if fail to open then the system is infected. So @malwaretech registered the domain which stopped the ransomware.

Soon Cyber criminals around the world DDOSed it to take it down so that the ransomware can continue affecting.

Also the ‘kill-switch’ won’t work if :

  • System is not connected to internet
  • If the ‘kill-switch’ domain is down
  • If it is blocked by the isp or firewall

 

The Solution

Here is the link to the Repo : WannaSmile 

WannaSmile obtained the
100% Clean Softpedia Award

It can do the following :

  • It will disable SMB in your system ( which is enabled by default )
  • ( OnlineFix ) It will edit your host file and add google’s IP to the ‘kill-switch’ ( which means even if the site goes down you wont be affected )
  • ( OfflineFix ) It will create a lightweight local web server and add localhost to ‘Kill-switch’

 

Offline Fix For WannaCry

Runs a local server and localhost to the wannaCry kill-switch by appending hosts file. This is done so that when the ransomware tried to connect to the website it does not fail which will eventually stop the ransomware.

Instructions

1. Install the wannaSmile service by running the setup.exe from this release. (Download the wannasmile.zip file)

2. After Installing you need to start the service once and then it will do the rest automatically

To do that

  • Open start menu
  • Search services
  • Open the Services desktop app (a gear icon)
  • Inside Services search for WannaSmile (The list is alphabatical)
  • right click on WannaSmile and click start

The service will be running and the wanna cry IPs will be blocked along with the SMBs

WannaSmile – OnlineFix 

How To Run

You directly run the .exe file and it will do the magic. ( Run as Administrator ). If you don’t trust our .exe file then you yourself can compile and run it.

Tip

  •     Use the OnlineFix if you are always connected to the internet
  •     Use the OfflineFix if you are not connected to the internet.
Note : For a permanent fix, PLEASE UPDATE YOUR WINDOWS ASAP TO PATCH (MS17-010)

Crysis ransomware master keys released to the public – Download From Here

The world has been rocked by WannaCry causing disruption and upheaval across core services and businesses alike over the past week, but there is good news for victims of Crysis with the release of 200 master keys to the public.

Posted at the BleepingComputer forum, the keys can be used by victims of the ransomware as well as security firms in the creation of decryption tools.

The keys, uploaded to Pastebin, have been confirmed as valid by security researchers. Users of the keys have also confirmed that they have regained access to the files.

Ransomware is a particularly nasty form of malware which, once executed on a vulnerable PC, encrypts files and locks users out of their system.

 

In return for a ransom demand in the virtual currency Bitcoin which can reach thousands of dollars, the victims are told that they will be granted a key to decrypt their files and restore access.

However, there is no guarantee that such keys will work, and to pay up only fuels this expanding criminal industry.

Recently, one strain of the malware dubbed WannaCry caused widespread disruption. The ransomware targets elderly Windows operating system builds — Windows 10 has been protected with an automatic patch — and enjoyed a successful campaign which is still causing damage and disruption to date.

The ransomware hit the headline after taking down numerous UK National Health Service (NHS) hospital and trust systems, and since then, has spread worldwide.

In total, 386 samples of malware utilizing WannaCry have been detected in the wild, but if you have accepted automatic updates and keep your system up-to-date, there shouldn’t be any need to worry about becoming infected.

 

This is not the first time master keys for Crysis have been released; in fact, this is the third time. However, what sets this release apart is that the keys can also be used to decrypt files which have been encrypted with .wallet and .onion extensions.

“This has become a habit of the Crysis operators lately — with this being the third time keys were released in this manner,” ESET researchers say. “Since the last set of decryption keys was published, Crysis ransomware attacks have been detected by our systems over ten thousand times.”

Why the keys have been released remains a mystery — it may be that all who were likely to pay up have done so, and so there is no harm in releasing the keys, or perhaps after enjoying some time in the spotlight the campaign’s operators are happy to get out of the game.

If you have been affected by this strain of ransomware, you can download a decryption tool provided by security firm ESET here.

WannaCry: Ransom note analysis throws up new clues

As the world works towards identifying the perpetrators of the WannaCry ransomware campaign, one group of cybersecurity researchers says they’ve likely determined the native language of the writer of the ransom note, another potential step towards attributing the attack.

A number of cybersecurity firms have tentatively linked the attack to North Korea, but now analysis of WannaCry ransom notes in 28 languages by researchers at Flashpoint has led them to the conclusion that those behind the ransomware text are likely Chinese speaking.

Analysis of the ransom notes found that only the Chinese versions, both simplified and traditional, and the English versions, are likely to have been composed by a someone who spoke those languages.

Researchers suggest that minor errors in the Chinese ransom note mean it was typed using a Chinese-language input system.

Meanwhile, while the English language note is said to have been written with someone with a “strong command” of English, a grammatical error in the note suggests the author is not a native English speaker.

The other 25 ransom notes – in languages including Russian, Spanish, Turkish and Korean – have all been translated using Google Translate, with the English language version of the ransom demand used as the source text for machine translation.

However, when researchers tested the text with Chinese-English and English-Chinese translations, the results were inaccurate, further suggesting that the Chinese note wasn’t developed by using machine translation from English.

Other signs also point to a Chinese author; for example, one term for “week” is more common in South China, Hong Kong and Taiwan, while the term used for anti-virus is more common the Chinese mainland.

In addition to all of this, researchers note that the Chinese ransom demand is longer than those of other languages, with additional content and a differing format, again suggesting that it is written by someone who could speak the language.

Overall, linguistic analysis of the notes lead Flashpoint to conclude “with moderate confidence” that the Chinese ransom note was written by a fluent Chinese speaker and served as the original source for the English version, which was then used as the basis of machine translation for other notes.

Researchers therefore suggest that it’s highly possible that Chinese is the authors’ native tongue. However, they also suggest that it isn’t possible to rule out misdirection on behalf of the attackers, who might have used the machine translation to hide their native language.

Some security firms have linked the cyberattack to the Lazarus group, a hacking operation connected to a number of high-profile cyberattacks in recent years including the $80m Bangladeshi cyber bank heist, as well as attacks against financial institutions, banks, casinos, and systems used by software developers for investment companies around the world.

Researchers at Symantec say there are similarities between code linked to these Lazarus campaigns and the code behind the WannaCry ransomware outbreak, which they suggest means the two campaigns could be linked to the same author.

While some say the Lazarus hacking group works on behalf of North Korea, the group is actually believed to operate out of China, something which would lend weight to Flashpoint’s conclusions that the authors are fluent in Chinese.

However, there’s also the possibility that a group which just happen to have members who are fluent in Chinese are writing notes in the language to throw authorities off the scent.

The WannaCry ransomware epidemic hit over 300,000 PCs around the globe, using worm-like capabilities to spread and infect Microsoft Windows machines, particularly those using older operating systems.

While most of the affected organisations have now returned to normal, some are still recovering almost two weeks on from the outbreak.

Best USA People Search Tool | Background Check

We really wanted to provide the BEST solution to our readers for this problem and we  did some extensive research and reverse engineering. After a loot of research and looking around we found the BEST solution of this problem for the people of tha USA Its the BEST USA people Search Tool. Its absolutely FREE to try and gives almost any information you want regarding the person for his / her background verification.

The name of the tool is EVERIFY.

find people for free usa | Find people by phone number

find people for free usa | Find people by phone number

The features of this tool include (but are not limited to) some of the best features you can think of :-

a) People Check – If you are looking for someone in the USA with any detail about the person. You can find the COMPLETE information about the person by looking for the person. In this tool you can :-

  • Search for person by Phone numbers
  • Search for person by Email addresses
  • Search for person by Address history
  • Search for person by DOB
  • Search for person by Relatives and associates

b) Social Media Check – Find all the information about any person from any social networking website including the complete list of his :-

  • Photos
  • Videos
  • Blogs
  • Professional interests
  • Social Networking Profiles
  • Archives and publications
  • And other!

c) Background Check – In case you get a spam email or even think of working with a legitimate person, doing a background check of the person is always a good idea. You can verify the complete information about the person based upon what he mentioned and what’s officially in the record by matching it against the following :-

  • Court Records
  • Marriage/Divorce Records
  • Birth Records
  • Death Records
  • Property Records
  • Asset Information

d) Criminal Check – If the above information was not enough, you can even go for the Criminal Record check of the person. The following information can be looked up about the person under criminal records :-

  • Arrest & convictions
  • Felonies & misdemeanor
  • Sex offenders
  • Mug shots
  • Criminal driving infractions
  • Court and probation records
  • And more

I have personally tested this tool and I loved it. I tried searching a person by phone number, name email and it automatically gave me all the related information about the person.

One think that could be improved about this tool is that currently its available only for the people of USA but we will find such valuable and useful resources for other countries as well and share the same for you guys to use.

I am sure many people will LOVE this tool and might start using it on regular basis. Some of our big corporate clients have been using this tool since long for the verification of the candidates they hire from the USA and save thousands of dollars annually in the actual verification. I myself use if for verification before we deal with any client overseas.

find people for free usa | Find people by phone number

find people for free usa | Find people by phone number

So next time you want to deal with any person from the USA and feel like doing their background checks, remember to use everify and get confident about your search before taking a step forward.

Beware Of “EternalRocks” More Dangerous Than WannaCry

SAN FRANCISCO: After a host of different ransomware attacks that hit enterprises across the globe, security researchers have now identified a new strain of malware “EternalRocks” that is more dangerous than WannaCry and is potentially tougher to fight.

According to the researchers, “EternalRocks” exploits the same vulnerability in Windows that helped WannaCry spread to computers. It also uses a NSA tool known as “EternalBlue” for proliferation, Fortune reported on Sunday.

 
“…it also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry),” the report said.

In its current form, “EternalRocks” does not have any malicious elements — it does not lock or corrupt files, or use compromised machines to build a botnet — but leaves infected computers vulnerable to remote commands that could ‘weaponise’ the infection at any time.

“EternalRocks” is stronger that WannaCry because it does not have any weaknesses, including the kill switch that a researcher used to help contain the ransomware.

EternalBlue also uses a 24-hour activation delay to try to frustrate efforts to study it, the report noted.

The last 10 days have seen a wave of cyberattacks that have rendered companies helpless around the globe.
First it was WannaCrypt or WannaCry that spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. It encrypted files on infected machines and demanded payment for unlocking them.
WannaCry had some loopholes that made it easier to slow and circumvent.
After facing a massive “WannaCrypt” ransomware attack, another type of malware quietly started generating digital cash from machines it infected.
Tens of thousands of computers were affected globally by the “Adylkuzz attack” that targeted machines, let them operate and only slowed them down to generate digital cash or “Monero” cryptocurrency in the background.

“Monero” — being popularised by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.

Shodan a Search Engine for Hackers

Many people have described Shodan as a search engine for hackers, and have even called it “the world’s most dangerous search engine”. It was developed by John Matherly in 2009, and unlike other search engines, it looks for specific information that can be invaluable to hackers. John Matherly is an Inernet Cartographer, hence the shodan.

Shodan is a type of search engine that allows users to search for Internet-connected devices and explicit website information such as the type of software running on a particular system and local anonymous FTP servers. Shodan can be used much in the same way as Google, but indexes information based on banner content, which is meta-data that servers send back to hosting clients. For the best results, Shodan searches should be executed using a series of filters in a string format.

So in conclusion we can say that, Shodan is a search engine for finding specific devices, and device types, that exist online. It is like an internet map that lets us see which device is connected to which or ports are open on a specific device or what operating system a certain system is using, etc. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners.

What Shodan can do?

Shodan pulls service banners from servers and devices on the web, mostly port 80, but also ports 21 (ftp), 22 (SSH), 23 (telnet), 161 (SNMP), and 5060 (SIP). Since almost every new device now has a web interface (maybe even your refrigerator) to ease remote management, we can access innumerable web-enabled servers, network devices, home security systems, etc. Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it! Although many of these systems communicate over port 80 using HTTP, many use telnet or other protocols over other ports. Keep that in mind when trying to connect to them.

How to use Shodan?

Understanding shodan is very important at first you might find it complex but once yu get to know it you will find it very handy in use and  very resourcefull too. So, now let us learn how to work with fasinating search engine. To use shodan to your advantage you have

Follow the steps to register. After registration a link will be sent to your e-mail ID for your activation of account on Shodan. Once your account is activated login to Shodan and now that you are logged in you are free to search anything.

Here are some examples for which you can use shodan to search up the things you want.

Webcam

When you search for webcam, it will show you all the webcam present in the world. It will show the results as shown in the image below :

Traffic Signals

Searching about traffic signals or traffic signals camera then it will show you all the traffic surveillance camera present.

Cisco

Searching about cisco will show you all the cisco routers in the world but you can search them by country. Like, here, i have found cisco routers in India and result is below image :

Scada

You can also search about Scada and you will get its information around the whole world as shown :

netcam

Shodan can also show you about all the netcams in world and you can access them too with your hacking skills.

GPS

Shodan even lets you find all the GPS devices all over the world and for this you just have to type gps in the search box.

Port

Not only the devices but it can help find which port is open in which device. For example I have here searched port : 1723. Now we all know this port is used for VPN so through this we can know which device is using VPN as shown in image below :

When you search for port : 3389 it will show the operating system used by the device too which can be very useful.

This is how Shodan is useful for hackers as it gives all the information necessary to collect that too all over the world. And so you can manipulate this information as you desire.