Monthly Archives: July 2017

Hackers are making their malware more powerful by copying WannaCry and Petya ransomware tricks

Hackers responsible for one of the most common forms of banking Trojans have learned lessons from the global WannaCry ransomware outbreak and the Petya cyberattack, and have equipped their malware with a worm propagation module to help it spread more efficiently.

The credential-stealing Trickbot has been hitting the financial sector since last year and more recently it has added a long list of UK and US banks to its targets. The attacks are few in number but highly targeted. The malware is spread via emails that claim to be from an international financial institution, which then lead the victim to a fake login page used to steal credentials.

 

Now the gang behind Trickbot are testing additional techniques with a new version of the malware — known as 1000029 — and researchers at Flashpoint who’ve been watching it say it can spread via Server Message block (SMB), crudely replicating the exploit that allowed WannaCry and Petya to quickly spread around the world.

A Windows security flaw known as EternalBlue was one of many allegedly known to US intelligence services and used to carry out surveillance before being leaked by the Shadow Brokers hacking group. The exploit leverages a version of Windows’ Server Message Block (SMB) networking protocol to spread itself across an infected network using wormlike capabilities.

Using SMB, Trickbot can now scan domains for lists of servers via the NetServerEnum Windows API and establish the number of computers on the network using Lightweight Directory Access Protocol (LDAP) enumeration.

The malware can also leverage inter-process communication to propagate and execute a PowerShell script as a final payload in order to download an additional version of Trickbot — this time masked as ‘setup.exe’ into the shared drive.

Crucially, this test version of Trickbot doesn’t appear to be fully implemented by the hacking gang behind the malware, nor does it have the ability to randomly scan external IPs for SMB connections, unlike the worm behind the WannaCry ransomware.

Nonetheless, researchers warn that this development once again demonstrates the evolving, professional work of the cybercrime gang behind Trickbot as they examine further ways to steal financial data from banks and private wealth management firms.

Ultimately, if successfully deployed, the worm could allow Trickbot to infect other computers on the same network as the machine initially compromised by a phishing email, either for the further stealing of credentials and further account take over, or even to rope them into a botnet for further spread of malware.

“Even though the worm module appears to be rather crude in its present state, it is evident that the Trickbot gang learned from the global ransomware worm-like outbreaks of WannaCry and NotPetya and is attempting to replicate their methodology,” said Vitali Kremez, director of Research at Flashpoint.

While Trickbot isn’t as prolific as the likes of Zeus, Gozi, Ramnit, and Dridex, researchers warn that Trickbot will continue to be “formidable force” in future, as its authors look to add more potent capabilities to this dangerous malware.

Benefits For Rooting Android Phone

If you are rooted mobile user and you don’t know what to do after rooting. Read this guide here I show you how can you take advantages of rooting

1. Run Kali Linux in Android Mobile

Turn your android phone into a hacking machine with this hack. If your phone is rooted you can Kali Linux OS in your android mobile. Kali Linux is a Penetration Testing OS used by Security Researchers and Ethical Hackers.
How to Install and run Kali Linux on your Android Mobile

2. Install Nethunter

The Kali Linux NetHunter project is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member “BinkyBear” and Offensive Security. NetHunter supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks – and is built upon the sturdy shoulders of the Kali Linux distribution and toolsets. Currently, Nethunter available for only  Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 or OnePlus One.
Nethunter for Running Linux OS in Android Mobile

3. Kick Out Other Devices From Your Wifi Network Using Android Mobile

Kick out your friends and other friends from same wifi network and eat all bandwidth from downloading this app in your android mobile. WiFi Kill is a amazing wifi hacking app for rooted android mobile users that kick out other devices from your wifi network.

4. ZAnti App – Penetration a

zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
ZAnti Penetrations Testing Toolkit

5.  Browse Root Directory

You can browse the root directory of your android mobile If you are a rooted android mobile user.
For browsing root directory in mobile, you just need to download ES File Explorer from Google Play Store and enable root directory in settings.
browse-root-directory

6. Run Custom Rom

If you are Rooted mobile user you can run Custom ROM in your android mobile.
Custom ROM for Android

7. Hack WPS Secured WiFi

You can Hack WIFi Password, If you are a rooted android mobile user. You just need to download WPS  Connect app from Google Play Store.
WIFI WPS WPA TESTER WiFi Hacking Android App

8. Block Ads in Android

Download Adaway android app in your phone for blocking all type of android ads in your phone.
block-ads-from-android-apps

9. Edit your Host File

Modify your HOST file like Window PC, if you are a rooted android mobile user. Download below app in your phone for editing host file in your rooted android phone.
Hosts Editor
Developer: Bert Cotton
Price: Free

  • Hosts Editor Screenshot
  • Hosts Editor Screenshot
  • Hosts Editor Screenshot
  • Hosts Editor Screenshot

10. Boot Any Computer PC from Android

Drivedroid is an android app that can turn your rooted android device into a bootable live Linux from iso image files. You can boot your pc from this amazing android apps. Download live Linux distributions and boot your pc from this amazing utility.

drivedroid

11. Stop Background Apps for Increasing Android performance

Greenify hibernate your android apps and increase your android mobile performance. With Greenify, you can stop another background process for increasing your slow mobile speed.
Greenify Screenshot

12. Customize and Tweak Everything in Android Phone.

Many low-level tweaks can normally only be performed on Android by flashing custom ROMs. The Xposed Framework allows you to modify your existing system without installing a new custom ROM. All it requires is root access.
Xposed Framnework

13. Change Mac Address

You can also change your Mac address of your android phone when you root your android phone. Just download “Wifi Mac Changer” app in your android phone from Google Play Store.
Wifi Mac Changer Screenshot

14. Change Android Device ID

Android Device is the unique id for your android phone. When you download android apps from google play store or visit any website from android mobile phone, websites and google track you from your android mobile device id. If you change your android mobile device id you create so many id for your android phone. So no one can track you from your android device id.
change android device id

15. Change your Boot Screen with Logcat

Install this app in your phone and change the bootscreen of your android phone.
Image result for android boot animation

16. Run All type of Linux Commands in your Mobile with full Access from Terminal App

Access your Android’s built-in Linux command line shell from this android app.
Terminal Emulator for Android
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot
  • Terminal Emulator for Android Screenshot

17.Custom DNS

SetDNS is the easiest way to force your rooted phone to use custom nameservers on WiFi for all devices AND 3G/mobile networks on rooted devices. Works for both IPv4 and IPv6 networks and nameservers.
Set DNS
Developer: H12 Enterprises
Price: Free

  • Set DNS Screenshot
  • Set DNS Screenshot
  • Set DNS Screenshot
  • Set DNS Screenshot
  • Set DNS Screenshot

18. Custom Firewall in android (Save your Mobile Data)

AFWall+ (Android Firewall +) is a front-end application for the powerful iptables Linux firewall.It allows you to restrict which applications are permitted to access your data networks (2G/3G and/or Wi-Fi and while in roaming). Also you can control traffic within LAN or while connected through VPN.
AFWall+ (Android Firewall +)
Developer: ukpriya
Price: Free

  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot
  • AFWall+ (Android Firewall +) Screenshot

19. Increase your Phone RAM

Increase your Phone RAM from downloading this app in your android phone, this app is available only for rooted android mobile user.

20.Secure your WiFi Connection from Hackers

This app is for those, who are tired of being kicked from the network by WifiKill. And for those, who are a little bit paranoid, because they know it’s quite easy to read the Wi-Fi traffic with tools like DroidSheep, ettercap, FaceNiff, Cain & Abel and others. Such programs use the same technique to prevent you from accessing the network or to sniff your data. You can defend yourself with a single app.

21. Make a Full Backup of your Phone from Titanium App

You can backup, restore, freeze (with Pro) your apps + data + Market links. This includes all protected apps & system apps, plus external data on your SD card. You can do 0-click batch & scheduled backups. Backups will operate without closing any apps (with Pro). You can move any app (or app data) to/from the SD card. You can browse any app’s data and even query the Market to see detailed information about the app.
Titanium Backup ★ root
Developer: Titanium Track
Price: Free

  • Titanium Backup ★ root Screenshot
  • Titanium Backup ★ root Screenshot
  • Titanium Backup ★ root Screenshot
  • Titanium Backup ★ root Screenshot
  • Titanium Backup ★ root Screenshot
  • Titanium Backup ★ root Screenshot

22. Move Mobile Applications to  SD Card and Save Space in Phone

Link2SD is an application manager that makes it easy for Android 2.0+ users on their device to move applications to the SD card. It enables you to manage your apps and storage easily.
Link2SD
Developer: Bulent Akpinar
Price: Free

  • Link2SD Screenshot
  • Link2SD Screenshot
  • Link2SD Screenshot
  • Link2SD Screenshot
  • Link2SD Screenshot
  • Link2SD Screenshot
  • Link2SD Screenshot
  • Link2SD Screenshot

23. Delete Preinstalled Apps

Remove preinstalled apps in your phone from downloading System App Remover app in your Phone.
System app remover (ROOT)
Developer: Jumobile
Price: Free

  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot
  • System app remover (ROOT) Screenshot

24. Remotely Turn Off Any Android Phone by Just Sending SMS

Remote Turn OFF
Remote Turn OFF
Download this app in your android phone and turn off your android phone just sending by SMS from other mobile number.

25.Unlock/Bypass Lock Android Phone from Sending SMS

SMS bypass is the very important android app for very android users who easily forget lock pattern of his android phone. This app is so simple for resetting your android phone password. Make sure that your phone is rooted. You only need to send simple secret password code from another android phone and your android phone will be unlocked.
SMS Bypass Unlock Screen

26. How To View Saved Wifi Passwords In Android (2 Methods)

Need to re-connect your new android mobile device to WiFi network, but forgot your wifi password? Want to share a WiFi password of random characters with your friend?
Download WiFi Password Recovery app in your android mobile for recovering saved wifi password. This app works with all android versions including lollipop and marshmallow.
FREE WiFi Password Recovery

27. Automate Everything

The best part of the android is you can do anything you want. You can make your android smarter from downloading android apps from google plays store.
You can automate your android phone for any tasks, for time and also on location.
You can turn on your flashlight from just shaking your android phone. Here I use Macrodroid app for automate anything in the android phone.
How to Smartly Automate Any Tasks on your Android Phone

28. Over Clock Your Android Phone

Kernel Auditor is an amazing app for increasing the performance of your android mobile. You can modify the below settings in your android mobile, if you are a rooted android mobile user.
CPU (Frequency, Governor)
CPU Voltage
CPU Hotplug
Thermal
GPU (Frequency, Governor)
Screen (Color Calibration [RGB], Gamma)
Wake controls (DT2W, S2W)
Sound (Faux Sound)
Battery (Fast Charge)
I/O Scheduler
Kernel Samepage Merging
Low Memory Killer (Minfree settings)
Virtual Memory (ZRAM)
Flash/Backup
Build prop Editor
Recovery (Flash, Wipe)
Init.d editor
Saving Profiles
Tasker support
and a lot more… (check it out, keep in mind that only supported things will appear on your phone!)
Kernel Adiutor (ROOT)
Developer: Willi Ye
Price: Free

  • Kernel Adiutor (ROOT) Screenshot
  • Kernel Adiutor (ROOT) Screenshot
  • Kernel Adiutor (ROOT) Screenshot
  • Kernel Adiutor (ROOT) Screenshot
  • Kernel Adiutor (ROOT) Screenshot
  • Kernel Adiutor (ROOT) Screenshot

29. Find the Hidden SSID

Find the Hidden SSID of any wifi in your android phone from downloading inSSIDer app in your phone. You can download this app from Google play Store.
inSSIDer
Developer: MetaGeek
Price: AED36.69

  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot
  • inSSIDer Screenshot

30. Find your Lost android Mobile

Cerberus is a complete anti-theft application, the best protection you can get to recover your misplaced, lost or stolen Android device. It’s not just a “find my phone” app or a phone tracker, Cerberus has many unique features that make it the perfect app to locate your phone or tablet, identify the thief and get back your device.
Cerberus anti theft
Developer: LSDroid
Price: Free+

  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot
  • Cerberus anti theft Screenshot

31. Record Android Mobile Screen

Screen Recorder is a free unlimited screen capture app for recording your device’s screen to video.
Create promotional videos, make tutorials or record help videos complete with audio!
Screen Recorder
Developer: NLL
Price: Free

  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot
  • Screen Recorder Screenshot

32. Turn Off Camera Shutter Sound

Turn off the annoying phone camera sound of your default Android camera! Finally succeed snapshots of animals or babies without scaring them!
Camera Sound off! (root)
Developer: Alex K.
Price: Free

  • Camera Sound off! (root) Screenshot
  • Camera Sound off! (root) Screenshot

33. Completely OFF your WiFi

Retailers and government are tracking your movements. Even when your Wi-Fi is turned off, your phone may be broadcasting information to whoever is in a range which can be used both to track repeated visits to as well as your exact movements in an area under surveillance. Download Pry Wifi for shutting download your wifi completely.
[root] Pry-Fi
Developer: Chainfire
Price: Free+

  • [root] Pry-Fi Screenshot
  • [root] Pry-Fi Screenshot

besside – ng :- crack a WEP or WPA key without user intervention and collaborate with WPA cracking

besside-ng – crack a WEP or WPA key without user intervention and collaborate with WPA cracking statistics 

SYNOPSIS

besside-ng [options] <interface>

DESCRIPTION

besside-ng is a tool wich will crack all the WEP networks in range and log all the WPA handshakes. WPA handshakes can be uploaded to the online cracking service at wpa.darkircop.org. Wpa.darkircop.com also provides useful statistics based on user-submitted capture files about the feaseability of WPA cracking.

-b <target mac>
Specifies the target’s BSSID
-s <WPA server>
Where to upload capture file for cracking. A good choice is wpa.darkircop.org
-c <chan>
Channel lock
-p <pps>
Packages per second to send (flood rate).
-W
Crack only WPA networks
-v
Verbos mode. Use -vv for more verbose, -vv for even more and so on.
-h
Help screen

Bluto – DNS Recon, Zone Transfer & Brute Forcer

BLUTO

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Enumeration | MetaData Harvesting

 

Bluto has gone through a large code base change and various feature additions have been added since its first day on the job. Now that RandomStorm has been consumed and no longer exists, I felt it time to move the repo to a new location. So from this git push onwards Bluto will live here. I hope you enjoy the new Bluto.

 

Bluto is a Python-based tool for DNS recon, DNS zone transfer testing, DNS wild card checks, DNS brute forcing, e-mail enumeration and more.

 

he target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they are not Bluto will brute force subdomains using parallel sub processing on the top 20000 of the ‘The Alexa Top 1 Million subdomains’ If Wild Cards are in place, Bluto will still Brute Force SubDomains but using a different technique which takes roughly 4 x longer. NetCraft results are then presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.

Bluto now does email address enumeration based on the target domain, currently using Bing and Google search engines plus gathering data from the Email Hunter service and LinkedIn. https://haveibeenpwned.com/ is then used to identify if any email addresses have been compromised. Previously Bluto produced a ‘Evidence Report’ on the screen, this has now been moved off screen and into an HTML report.

Search engine queries are configured in such a way to use a random User Agent: on each request and does a country look up to select the fastest Google server in relation to your egress address. Each request closes the connection in an attempt to further avoid captchas, however exsesive lookups will result in captchas (Bluto will warn you if any are identified).

Bluto requires various other dependencies. So to make things as easy as possible, pip is used for the installation. This does mean you will need to have pip installed prior to attempting the Bluto install.

 

Usage

You can download Bluto here:

Bluto-2.01.zip

Ransomware: This free tool lets you decrypt files locked by a common version of the malware

Emisoft has released a free decryption tool for the latest version of Nemucod ransomware — meaning you can get your files back for free.

 

  • Victims of the latest version of one of the most common forms of ransomware could now be able to get their files back without giving in to cybercriminals’ demands — thanks to the release of a new decryption tool.
  • The Nemucod ransomware family has been active since at least 2015 and has remained one of the most common ransomware threats for much of the time since. Researchers have cracked previous versions of Nemucod, but the group behind the ransomware doesn’t give up and continually releases new versions in an effort to stay one step ahead of security companies.
  • Indeed, those behind Nemucod released a new version of their ransomware — NemucodAES — delivering the malicious component via a PHP script and PHP interpreter in order to encrypt the victim’s files.
  • Like previous versions of the ransomware, NemucodAES dupes victims into clicking on a malicious link that delivers the malware through emails that claim to contain information about an undelivered package.
  • However, one key difference to previous incarnations is that it has changed the type of encryption from from RC4 to a mix of AES-128 in ECB mode and RSA encryption in order to make the files more difficult to decrypt with a randomly generated 128-bit per-file key.
  • Those infected with NemucodAES are presented with a ransom note demanding a Bitcoin ransom of $300 in exchange for the return of their files.
  • However, those who fall foul of this latest version of Numucod may not have to pay the ransom in order to regain access to their system as researchers at Emsisoft have released a free decryption tool for NemucodAES.
  • “Not to be outplayed by cybercriminals, our lab promptly went to work and produced a new version of our decrypter to handle NemucodAES and free victim’s files,” the company said in a blog post.
  • Emsisoft is part of the No More Ransom initiative, a partnership between law enforcement and cybersecurity firms which provides free keys for unlocking encrypted files and information on how to avoid getting infected with ransomware in the first place.

India’s Reliance Jio suffers data breach

A database containing information on over 120 million Reliance Jio customers has been leaked, according to reports from local media in India.

Fonearena first reported on Monday that sensitive details such as names, mobile numbers, email addresses, and Aadhaar Number — a 12 digit random number issued to residents by the Unique Identification Authority of India — had been leaked and made available on a now-pulled website magicapk.com, which was shared via social media sites in India.

The website reportedly asked visitors to enter a Reliance Jio mobile number to get access to SIM details.

“We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic,” a Jio spokesperson told the publication.

“We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement.”

Jio, which shook the Indian telecom market with cheap data and free calls last year, also said it has informed law enforcement agencies about the reported breach and will “follow through to ensure strict action is taken”.

Fonearena stands by its claims, however, with the article’s writer confirming he had found valid information on the magicapk.com website.

Reliance Jio is an LTE mobile network operator in India and a wholly-owned subsidiary of Reliance Industries, based in Mumbai, India.

Jio is planning nationwide domination, banking on its “future proof” IP network to bring transformational changes to the Indian digital services space.