Author Archives: Professional Hackers

This old ransomware has been revamped as Bitcoin-stealing malware

An old form of ransomware has been re-purposed to steal bitcoin by altering the addresses of wallets and redirecting payments into accounts owned by the attacker.

Little of the malicious code has been changed so a number of security products will still identify it as the file-locking malware, despite this version’s new role in outright stealing cryptocurrency.

Detailed by researchers at Fortinet, this Bitcoin stealing campaign has its origins in Jigsaw – a form of ransomware which appeared in April 2016 and infamous for displaying the face of horror film antagonist it is named after.

The source code of Jigsaw has been available for a long time and is widely distributed online, so the attack is unlikely to be the work of the original ransomware author because anyone with knowledge of C# code could theoretically tailor the malware to their own ends.

In this instance, the author is looking to take advantage of the popularity of blockchain-based bitcoin, which is still by far the most valuable cryptocurrency.

References in the code refer simply refer to the malware as ‘BitcoinStealer’ – although this can only be uncovered by reverse-engineering, so victims will never see this give-away of the software’s intentions.

The main goal of the malware is to modify the clipboard content of Bitcoin wallets so that the currency within ends up in the hands of the attackers

 

While common sense might indicate that users would notice that the bitcoin address has changed, BitcoinStealer replaces the legitimate address with a forged one – but this forged address has similar or the same symbols at the beginning and end of the string, in order to trick the user into believing it is the intended address.

address-spoofing.png
Address spoofing used to redirect Bitcoin payments.

Image: Fortinet

Researchers say that these attacks have successfully stolen at least 8.4 Bitcoin, which currently works out at around $62,000 (£48,000). So while the attack is basic, it is seemingly effective.

During the course of the investigation into the malware, Fortinet uncovered similar projects for building and modifying cryptocurrency stealers being advertised on underground forums.

This episode goes to show that even the most basic cyber attacks can result in a big loss for victims. Bitcoin users should always double-check to see if they’re sending payments to the right address.

Why You Should Be Using a VPN & Which Is Best Vpn For Android

 

What Is a VPN?

Put simply, a Virtual Private Network, or VPN, is a group of computers (or discrete networks) networked together over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.

 

What Makes for a Good VPN?

The best VPNs offer a solid balance of features, server location, connectivity protocols, and price. Some are great for occasional use, others are geared towards getting around the location restrictions companies put on their apps and services, and others are targeted at people who do heavy downloading and want a little privacy while they do it. Here’s what you should look for.

  1. Protocol: When you’re researching a VPN, you’ll see terms like SSL/TLS (sometimes referred to as OpenVPN support,) PPTP, IPSec, L2TP, and other VPN types.
  2. Corporate and Exit Locations: Depending on what you’re using a VPN for, your service’s location—and the exit locations you can choose—are important to consider. If you want to get around a location restriction and watch live TV in the UK, for example, you want to make sure your VPN service provider has servers in the UK.
  3. Logging: When you connect to a VPN, you’re trusting the VPN service provider with your data. Your communications may be secure from eavesdropping, but other systems on the same VPN—especially the operator—can log your data if they choose.
  4. Anti-Malware/Anti-Spyware Features: Using a VPN doesn’t mean you’re invulnerable. You should still make sure you’re using HTTPS whenever possible, and you should still be careful about what you download. Some VPN service providers—especially mobile ones—bundle their clients with anti-malware scanners to make sure you’re not downloading viruses or trojans.
  5. Mobile Apps: If you’re going to spend money on a VPN service provider (or even if you use a free one, frankly), you should be able to get a consistent experience across all of your devices.
  6. Price: Finally, go into your user agreement with both eyes open. You should read the privacy policy for the service you’re interested in, and be very aware of the differences between free and paid services.

Download Free Vpn Services For android from below

 

 

 

 

 

10 of the Most Significant Ransomware Attacks of 2017

Here are 10 of the most significant ransomware attacks from the past year.

  1. Unknown

On 26 July 2017, Arkansas Oral & Facial Surgery Center suffered an attack at the hands of an unknown ransomware. The incident didn’t affect its patient database. However, it did affect imaging files like X-rays along with other documents such as email attachments. It also rendered patient data pertaining to appointments that occurred three weeks prior to the attack inaccessible.

At the time of discovery in September 2017, Arkansas Oral & Facial Surgery could not determine whether the ransomware attackers accessed any patients’ personal or medical data. It therefore decided to notify 128,000 customers of the attack and set them up with a year of free credit-monitoring services.

  1. Reyptson

Emsisoft security researcher xXToffeeXx detected a new ransomware threat called Reyptson back in July 2017. Upon successful infection, Reyptson checks to see if Mozilla’s Thunderbird email client is installed on the computer. If it is, the ransomware attempts to read the victim’s email credentials and contact list.

The threat isn’t interested in viewing this data to compromise the victim’s privacy. Instead it leverages those contacts to conduct a spam distribution campaign from the victim’s computer. Each of those spam messages comes with a fake invoice document that contains an executable responsible for loading up the ransomware.

  1. LeakerLocker

McAfee’s research team detected “Android/Ransom.LeakerLocker.A!Pkg,” also known as LeakerLocker, back in July 2017. They found it hiding inside of two Android applications: Booster & Cleaner Pro, an app which had 5,000 installs at the time of discovery, and Wallpapers Blur HD, a program with 10,000 installs.

LeakerLocker doesn’t encrypt an infected device’s files. Unlike other Android-based ransomware, it locks the home screen and claims to access the device’s email addresses, contacts, Chrome history, text messages and calls, pictures, and device information. The threat then displays this information in a WebView and demands $50 in payment if the victim doesn’t want their data shared with all of their phone contacts.

  1. WYSIWYE

In April 2017, Panda Security’s researchers discovered a new type of ransomware that they nicknamed “What You See Is What You Encrypt,” or “WYSIWYE.” The digital threat comes with an interface that an attacker can use to configure their preferences, including the email address that will appear in the ransom note that is sent to the victim. From that interface, they can also go after certain network computers, target specific files, and enter stealth mode.

The threat attacks a computer via a Remote Desktop Protocol (RDP) brute force attack. This type of intrusion oftentimes involves scanning the web for open RDP servers. If they find one, attackers use a tool to try hundreds of thousands of password combinations to steal the RDP credentials. They then deploy WYSIWYE onto the targeted network computer.

  1. Osiris

On 12 December 2016, the Cockrell Hill Police Department in Dallas, Texas learned of a security incident in which a computer virus affected one of its servers. The infection, which the police department contained to a single server, occurred when an employee received spam mail from an email address imitating a department-issued email address.

The Cockrell Hill Police Department traced the infection to a virus known as “Osiris,” which could be in reference to one variant of Locky ransomware. Osiris encrypted Microsoft Office and Excel documents as well as all body camera video, some in-car video, some in-house surveillance video, and some photographs dating back to 2009. It then demanded 4,000 USD in Bitcoin. Cockrell Hill’s police recovered the documents off CDs and DVDs, but without comprehensive data backups, they lost access to the affected video and photographs.

  1. Cerber

Cerber is one of the heavy-hitters in the ransomware sphere. It’s also one of the most prolific crypto-malware threats. Indeed, Microsoft detected more enterprise PCs infected with Cerber than any other ransomware family over the 2016-17 holiday season.

Bad actors have outfitted Cerber with new tactics and techniques since then. Malwarebytes observed one such modification in August 2017 with respect to a campaign that begins with Magnitude Exploit Kit. Upon successful exploitation of a hard-coded vulnerability, Magnitude loads a variant of Cerber that uses binary padding to artificially increase its size and thereby skirt scanning restrictions imposed by most security software.

  1. Locky

Since its discovery in February 2016, Locky and its ever–multiplying variants have relied on spam botnets like Necurs for distribution. The crypto-ransomware went dark in early 2017. However, it resurfaced in August with one of its largest campaigns yet: 23 million spam messages sent out over a 24-hour period.

Detected by AppRiver, the operation sent out emails containing subject lines like “pictures” and “documents” that bore a request to “download it here.” The emails come with a ZIP attachment that contains a Visual Basic Script (VBS) file. This file, in turn, pulls down Locky.

  1. BadRabbit

A week before Halloween, Kaspersky Lab revealed it had received “notifications of mass alerts” of a new ransomware targeting Ukrainian and Russian organizations. Some of the victims included Russian news media outlets Fontanka.ru and Interfax as well as Kiev’s metro system and an airport in  Odessa. ESET researchers believe the ransomware also hit targets in Poland, South Korea, and the United States.

Kaspersky’s researchers ultimately identified the threat as BadRabbit. Unlike WannaCry and NotPetya, BadRabbit did not exploit a Microsoft vulnerability for distribution. Instead it used drive-by attacks to deliver the ransomware dropper, a smaller-scale operation which demanded 0.5 Bitcoins in ransom from only hundreds (not hundreds of thousands) of victims.

  1. NotPetya

News of NotPetya first broke on 27 June when power distributors in Ukraine and the Netherlands confirmed hacking attacks that affected their systems. Not long afterwards, Ukraine’s government, the offices of multinationals in Spain, and the British advertising group WPP confirmed similar incidents. Researchers quickly traced the attacks to Petya, a form of ransomware which encrypts the Master Boot Record. They also observed how those newer variants were abusing the same EternalBlue vulnerability as exploited by WannaCry for distribution.

A closer look by Kaspersky Lab, however, revealed that Petya wasn’t actually involved in the worldwide campaign. The responsible malware borrowed large chunks of code from Petya, but it behaved as a wiper in that it offered no way for users to recover their affected data. For that reason, Kaspersky named the threat “NotPetya.”

  1. WannaCry

On 12 May 2017, an updated version of WCry/WannaCry ransomware called “WanaCrypt0r 2.0” struck hospitals belonging to the United Kingdom’s National Health Service (NHS), internet service provider Telefonica, and other high-profile targets around the world. Each victim subsequently received a note demanding $300 in Bitcoin as ransom. As with other variants, however, meeting the WannaCry attackers’ demand didn’t guarantee that a victim would receive a decryption key for their affected files.

Researchers later determined that WannaCry made its rounds by exploiting EternalBlue, a vulnerability which Microsoft patched in a security bulletin in March 2017. It’s believed bad actors incorporated EternalBlue into WannaCry’s delivery and distribution mechanism after a band of criminals known as the Shadow Brokers leaked EternalBlue and other exploit code stolen from the Equation Group hacker collective onto the public web. In total, WannaCry affected more than 300,000 organizations worldwide.

Hacking Vax’s & Unix

Hacking onto a unix system is very difficult, and in this case, we advise
having an inside source, if possible. The reason it is difficult to hack a
vax is this:  Many vax, after you get a carrier from them, respond=>
Login:
They give you no chance to see what the login name format is.  Most commonly
used are single words, under 8 digits, usually the person's name.  There is
a way around this:  Most vax have an acct. called 'suggest' for people to
use to make a suggestion to the system root terminal.  This is usually watched
by the system operator, but at late he is probably at home sleeping or
screwing someone's brains out.  So we can write a program to send at the
vax this type of a message:
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
garbage characters, and then a command to create a login acct., after which
you clear the screen again, then unfreeze the terminal.  What this does:
When the terminal is frozen, it keeps a buffer of what is sent.  well, the
buffer is about 127 characters long. so you overflow it with trash, and then
you send a command line to create an acct. (System dependant).  after this
you clear the buffer and screen again, then unfreeze the terminal.  This is
a bad way to do it, and it is much nicer if you just send a command to
the terminal to shut the system down, or whatever you are after...
There is always, *Always* an acct. called root, the most powerful acct.
to be on, since it has all of the system files on it.  If you hack your
way onto this one, then everything is easy from here on...
On the unix system, the abort key is the Cntrl-d key.  watch how many times
you hit this, since it is also a way to log off the system!
A little about unix architechture: The root directory, called root, is
where the system resides.  After this come a few 'sub' root directories,
usually to group things (stats here, priv stuff here, the user log here...).
Under this comes the superuser (the operator of the system), and then
finally the normal users.  In the unix 'Shell' everything is treated the same.
By this we mean:  You can access a program the same way you access a user
directory, and so on.  The way the unix system was written, everything,
users included, are just programs belonging to the root directory.  Those
of you who hacked onto the root, smile, since you can screw everything...
the main level (exec level) prompt on the unix system is the $, and if you
are on the root, you have a # (superuser prompt).
Ok, a few basics for the system... To see where you are, and what paths
are active in regards to your user account, then type
=> pwd
This shows your acct. seperated by a slash with another pathname (acct.),
possibly many times. To connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then you are connected all the way from path1 to path3.  You can
run the programs on all the paths you are connected to.  If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape.  You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to
learn...
To see what you have access to in the end path, type=>
ls
for list.  this show the programs you can run.  You can connect to
the root directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you
can set up a watch on the file, waiting for people to log in and snatch their
password as it passes thru the file. To connect to a directory, use the
command:
=> cd pathname  This allows you to do what you want
with that directory.  You may be asked for a password, but this is a good
ay of finding other user names to hack onto.
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they
are on a dec, so refer to that section when examining file.  To see what is
in a file, use the
=> pr
filename command, for print file.
We advise playing with pathnames to get the hang of the concept.  There
is on-line help available on most systems with a 'help' or a '?'.
We advise you look thru the help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a user, create or destroy directories on the tree beneath you.
This means that root can kill everything but root, and you can kill any
that are below you.  These are the
=> mkdir pathname
=> rmdir pathname
commands.
Once again, you are not alone on the system... type=> 
who
to see what other users are logged in to the system at the time.  If you
want to talk to them=>
write username 
Will allow you to chat at the same time, without having to worry
about the parser.  To send mail to a user, say
=> mail
And enter the mail sub-system. To send a message to all the users
on the system, say
=> wall
Which stands for 'write all'. By the way, on a few systems,
all you have to do is hit the <return> key to end the message,
but on others you must hit the cntrl-d key.
To send a single message to a user, say
=> write username
this is very handy again!  If you send the sequence of characters discussed
at the very beginning of this article, you can have the super-user terminal do
tricks for you again. 

Privs:
If you want superuser privs, you can either log in as root, or edit your
acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection.  The wonderful security conscious developers at bell made it
very difficult to do much without privs, but once you have them, there
is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are.
Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself.
Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation.
When you are finally sick and tired from hacking on the vax systems, just
hit your cntrl-d and repeat key, and you will eventually be logged out.
_______________________________________
The reason this file seems to be very sketchy is the fact that bell has 7
licenced versions of unix out in the public domain, and these commands are
those common to all of them.  I recommend you hack onto the root or
bin directory, since they have the highest levels of privs, and there
is really not much you can do (except develop software) without them.

Cr3dOv3r – Credential Reuse Attack Tool

Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.

Cr3dOv3r - Credential Reuse Attack Tool

 

You just give the tool your target email address then it does two fairly straightforward (but useful) jobs:

  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Then you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins.

So how would this Credential Reuse Attack Tool work?

Just imagine this scenario:

  1. You check a targeted email with this tool.
  2. The tool finds the email address involved in a leak so you open the leakage link.
  3. You get the leaked password after searching the leak details.
  4. You return to the tool and enter the password to check if there’s any website the user uses the same password in it.
  5. PROFIT

How to use Cr3dOv3r for a Credential Reuse Attack

 

You can download Cr3dOv3r here:

Cr3dOv3r-master.zip

Or read more here.

Secure Your Android! Using This VPN For Your Mobile – By Pro Hackers

If you’re using a VPN on your Android device because you want to improve your online privacy and security, that’s a great start!

 

VPN or Virtual Private Network

A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. VPNs are most often used by corporations to protect sensitive data. However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Privacy is increased with a VPN because the user’s initial IP address is replaced with one from the VPN provider. This method allows subscribers to attain an IP address from any gateway city the VPN service provides. For instance, you may live in San Francisco, but with a VPN, you can appear to live in Amsterdam, New York, or any number of gateway cities.

 

VPN Security

Security is the main reason why corporations have used VPNs for years. There are increasingly simple methods to intercept data traveling to a network. WiFi spoofing and Firesheep are two easy ways to hack information. A useful analogy is that a firewall protects your data while on the computer and a VPN protects your data on the web. VPNs use advanced encryption protocols and secure tunneling techniques to encapsulate all online data transfers. Most savvy computer users wouldn’t dream of connecting to the Internet without a firewall and up-to-date antivirus. Evolving security threats and ever increasing reliance on the Internet make a VPN an essential part of well-rounded security. Integrity checks ensure that no data is lost and that the connection has not been hijacked. Since all traffic is protected, this method is preferred to proxies.

 

 

Download GRIP VPN FOR FREE

 

dirsearch – Website Directory Scanner For Files & Structure

dirsearch is a Python-based command-line website directory scanner designed to brute force site structure including directories and files in websites.

dirsearch - Website Directory Scanner For Files & Structure

 

dirsearch Website Directory Scanner Features

dirsearch supports the following:

  • Multithreaded
  • Keep alive connections
  • Support for multiple extensions (-e|–extensions asp,php)
  • Reporting (plain text, JSON)
  • Heuristically detects invalid web pages
  • Recursive brute forcing
  • HTTP proxy support
  • User agent randomization
  • Batch processing
  • Request delaying

dirsearch Web Directory Structure Scanner & Wordlists

Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | --extension) passed as an argument.

Example:

Passing the extensions “asp” and “aspx” will generate the following dictionary:

 

You can also use -f | --force-extensions switch to append extensions to every word in the wordlists (like DirBuster).

 

You can download dirsearch here:

dirsearch-v0.3.8.zip

Or read more here.

WhatsApp Spy Tool

What is a WhatsApp Spy Tool?

Spy tool is something that is used to check all the data and details of any device anonymously. You can access to your target’s SMS, calls, and all the multimedia stuff virtually.

Spy software is widely used by parents for their child security from online scam and other +18 content. Parents can check out all the stuff from their child’s phone like web history call, their WhatsApp messages and they can Listen to the calls also. Spy software is critical because with this you can check out your child’s real-time location if your child is going to any restricted area.

Best WhatsApp Spy App

There are hundred of spy software available in the market at this time. But only a few are working fine. So we have selected the best available Whatsapp Spy software for you. This software can hack almost anything from your victim’s phone. You just need to download this Program and start WhatsApp hacking.

Online whatsapp Hacking

As you all Know that Whatsapp is the widely used these days by people of all age groups. So many people want to spy their friend/GF/bf ‘s Whatsapp account to get all of their Messages.We want to say that in many countries spying is not a legal act. So we are not responsible for any problem you will face. Please use this Spy software at your risk. This spy software works in a hidden mode, and you will not be caught quickly.

Are you ready For Spying on your Victim, If yes then you are at the right Place. You can easily get a WhatsApp Spy App here for you. As we had shared a very effective method to hack WhatsApp with Whatsapp Web.


We have provided an online WhatsApp hacking tool on this site HackingAdda, but if you want to get our hacker in your pocket, then you have to Whatsapp Spy Tool Download from here.Our online WhatsApp Hacker’s success rate is excellent, so if you do not want to download this Whatsapp Hacking Tool, then you only hack your friend’s account by using our online hacker.

How can I spy on someone’s Whatsapp account for free?

You May Be Searched For Whatsapp Hacking Tool then you are at right place. We are a Group Of Indian and Japanese hacker which works for Banks, Police, and all legal companies. Recently we have Developed our Personal tools for WhatsApp hacking and  And then Started this Blog For You.We have more than 20000 satisfied customers till now. Thank you all for showing your trust in us.

 

Click HERE To DOWNLOAD

WAFNinja – Web Application Firewall Attack Tool – WAF Bypass

WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation.

WAFNinja - Web Application Firewall Attack Tool - WAF Bypass

 

The tool was created with the objective to be easily extendible, simple to use and usable in a team environment.

What can WAFNinja Web Application Firewall Attack Tool Do?

Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool.

WAFNinja supports:

  • HTTP connections
  • GET requests
  • POST requests
  • Using Cookies (for pages behind auth)
  • Intercepting proxy

Using WAFNinja for WAF Bypass

Examples of Web Application Firewall Attacks

Fuzz:

Bypass:

Insert-fuzz:

You can download WAFNinja here:

WAFNinja-master.zip

Or read more here.

Root Android Without Pc Apk Free Download

  • Android rooting is the way to gain root access to various sub systems of your android mobile. There are lot of android apps available on the web to root android without pc.
  • In this post am sharing complete guide to root your android mobile without using pc or any other.
  • This process only based on apk android app which gives superuser permission to your android mobile.
  • By rooting android devices, you can get lot of features in your device like increasing android phone performance and boost battery life.

Root Android Without Pc

  • The below app is 100% trusted and easy to use. But follow all steps carefully. Because in this tutorial, you have chance to getting damage in your android software.
  • The below root android without pc method working for root lollipop, marshmallow, oreo and nougat. Here am sharing all step by step guide to root android without pc.
  • Once you follow below steps in your android mobile, You will get superuser permission that gives full access to your android mobile.

Kingo Root is one of the best app to root all android mobiles without using pc. This is android app and you can use it similar to other apps in your android apps. Kingo root gives 100% success result on most android apps. So that here am sharing this tutorial with kingo root android app.

How To Root Android Without Pc :

  • Download Kingo Root in your android mobile.
  • Now enable unknown sources in your android mobile and install kingo root.
  • Then enable data connection and open kingo root.
  • Click on the One Click Root button and wait for download the files.
  • Finally your device will get root permission after reach 100% in kingo root.
  • You will get superuser application in apps menu after rooting.
  • Enjoy rooted android and use all features of rooted android device.

Then you will get kingo root superuser in your android mobile and you can allow root permission for any android app which requires rooting using kingo superuser. Also you can try another superuser like supersu from play store and use it on your android mobile by update your current kingo superuser.

Root Android Without Pc Apk

  • This app requires internet connection for resource files from server. So you need working internet connection or wifi for root your android mobile with kingo root.
  • So guys, Then you can enjoy all rooted android features with kingo superuser. Also read my post about how to root bluestacks 3 with kingroot for enable root access in bluestacks.
  • Comment here, If you have problem while using this app in your android mobile. Most of android users getting successful root permission using this kingo root on their android mobile