Hackers and hacks

OSX Filecoder.E – the latest ransomware for MacOS systems

The new ransomware for MacOS systems was called OSX Filecoder.E by the ESET researchers. The virus is spreading through bittorrent websites and the users that fall into the trap of this ransomware are not able to recover their data or files back even if they pay the ransom. ESET researchers have noticed that the ransomware is very poorly designed.

OSX Filecoder .E ransomware

OSX Filedecoder.E is disguised as a cracking tool for commercial software like Adobe Premiere Pro CC or Microsoft Office for Mac operating systems. The programming language the virus is written into is Apple Swift and judging by the multiple mistakes made into its implementation, it seems that the developer was an inexperienced one. The installer is not signed with a development certificate issued by Apple, that’s the reason why it’s very difficult to install the malware on the new OS X and MacOS operating systems.

Yet another problem seems to be the one that it generates only one encryption key for all the files and then it stocks the files into encrypted ZIP archives and the malware does not have the ability to communicate with an external server. That way the encryption key will not reach the attacker before being destroyed. This means that even if the user pays the ransom by following the hackers instruction (usually located into a README!.txt file), the user will not get his data or files back.

The encryption seems to be strong, and it can’t be broken through alternative ways. „The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator. The key is also too long to brute force in a reasonable amount of time.“, researchers from ESET wrote in a blog post on Wednesday.

Even if OSX Filecoder.E seems to be the art of an inexperienced attacker, it still show us that MacOS is still a target for ransomware developers. Better safe than sorry we say! Stay safe!

Editorials and informational articles

Mozilla adds Pocket in its pockets

As you may know, Mozilla and Pocket have formed a couple for at least two years. The browser company has finally decided to acquire the service that permits the users to save web content for later reading.

In early 2015, Firefox has integrated Pocket in all the Firefox browsers for desktop, unlocking the Pocket functionality without requiring the users to install any extra extension.

After the acquisition, Pocket will continue to operate as a standalone organization and will continue to offer products for non-Mozilla platforms and browsers, as a subsidiary of Mozilla.

Both Mozilla and Pocket have announced the acquisition simultaneously, on each of the company’s websites (Mozilla, Pocket) but the financial details are still kept in the dark.

For those new to this app, Pocket was first called Read it Later and permitted users to save articles for later reading, offering an experience without ads or different text formatting, having similar functions like Evernote, Instapaper, Readability or Reading List created by Apple. After it got mature enough, it has been promoted from browser plugin to browser builtin functionality.

The Mozilla team will inspect the code and try to open-source pocket.

Piracy and internet pirates

2003-2017: All the Oscar movies are available on pirate websites

As you may know, all the Oscar movies, except the latest Star Wars, are available on pirate sites and torrent trackers and can be easily downloaded by internet users.

According to this spreadsheet created by Andy Baio, all the movies that were nominated or won prices at Oscars can be downloaded illegal at good quality, except for Star Wars The Force Awakens. The spreadsheet is very well documented and provides detailed data, including release dates of most of the movies and the Oscar screener release.

Star Wars The Force Awakens is also available online, but its best version is a poor-quality cam. The big irony is that even the copies specially sent to the members of the film Academy that vote for the Oscars get usually leaked on the internet, meaning that there are other interests.

This year, only 14 movies have landed online, before the Oscar ceremony, while the first screeners hit BitTorrent in early January, unlike the previous years, when the movies were leaked in mid-December.


Hackers and hacks

CloudBleed: Change all your passwords immediately

Due to a Cloudflare source code bug, a lot of sensitive user information may have been leaked on the internet. The biggest affected sites are Uber, Fitbit, 1Password and OkCupid, but it is estimated that over 4.2 million domains were using CloudFlare.

So, user passwords, sensitive information and crypto keys may have been out there in the wild. Google, Yahoo and Bing worked on scrubbing the data, in order to protect users against hackers, but tech guys still find samples of leaked data in search engine caches. According to Hector Martin, you can still find authentication cookies for sites affected by the bug and these cookies still work.

This was discovered by Google’s security researcher Tavis Ormandy, but the bug was there for at least 5 months. The GitHub user Pirate has compiled a full list of all the sites that use Cloudflare’s services and there is also the DoesItUseCloudflare tool that permits the users to insert the website’s domain and check if it uses Cloudflare services or not.

The best way to prevent data loss is to change all your passwords on sites that uses Cloudflare’s services and enable two step authentication methods where possible.

Hackers and hacks

Adwind Remote Access Tool is a malware that spreads via email attachments

According to Kaspersky Lab, Adwind Remote Access Tool has been used by hackers to target over 1500 organizations in 100 countries and territories.

Among the victims, 20% of them were activating in retail and distribution accounting, 9.5% of them in architecture and construction sector, 5.5% in shipping and logistics, 5% are doing insurance and legal services and other 5% work in consulting.

The victims receive fake mails pretending to be from HSBC Advising Service, using as a domain, containing a malware inside the zipped attachment. When the zip is opened, it reveals a JAR file that makes the malware self-install and communicate to the C&C server, permitting the hackers to have remove access over the computer. It is capable of running on Windows, OS X, Linux and Android platforms and provides the hackers remote desktop control, data gathering, data exfiltration, among others.

40% of the attacks aim to infect organizations from Malaysia, the United Kingdom, Germany, Lebanon, Turkey, Hong Kong, Kazakhstan, United Arab Emirates, Mexico and Russia.

As you may know, the Adwind Remote Access Tool (or RAT) is a cross-platform malware program known under AlienSpy, Frutas, Unrecom, Sockrat, JScoket and jRat, which hackers have to pay for in order to distribute it.

Starting with 2013, the guys from Kaspersky counted over 443000 of infected users around the world.

The biggest problem is that the infected Jar files inside the zipped attachments are not detected by any antivirus solutions, according to . For more information, see this post from Kaspersky’s .

Adwind Remote Access Tool is a malware that spreads via email attachments


Meizu’s mCharge 4.0 might charge your phone’s battery to 100% in 45 minutes

As you may know, Meizu is one of the most popular Chinese phone vendors and has started sending invites to gather people at its Mobile World Congress (MWC) booth.

Why we don’t know for sure if Meizu will unveil a new phone at MWC, the folks from AndroidPure announced that Meizu will present a new fast charging technology. mCharge 4.0 should fully charge a phone’s battery in about 45 minutes, using a 9V/4A charger. This means that the phone will charge at lower voltage (9V instead of 12V, which is default) but at higher amperage.

The new technology will be embedded inside Meizu’s new smartphones and the new technology will compete with Qualcomm’s Quick Charge 4.0 technology, which promises to provide battery for 5 hours in a 5 minute charging time.

Meizu's mCharge 4.0 might charge your phone's battery to 100% in 45 minutes

As you may know, Mobile World Congress is an anual technology event which takes place in Barcelona, starting with the 28th of February. A lot of big players the technology markets unveil new projects and concepts, in order to tease the public into buying their products.


Editorials and informational articles News

2016′ best antivirus was Avira Antivirus Pro, while Kaspersky Virus Removal Tool is the best for cleaning infected computers

The folks from AV-Test have conducted a 12-month endurance test, involving 897 evaluations for each security software for Windows 10 and took a conclusion.

They performed their research on two different stages: installed virus removal tools on infected systems and evaluated the results and disabled the security software so that the systems can get infected and again, evaluated the results.

Four of the tested solutions were capable of eliminating all the malware samples: Avira Antivirus Pro, Kaspersky Internet Security 2016/2017, Malwarebytes Anti-Malware and Avast! Free Antivirus 2016. Avira Antivirus Pro has also managed to remove all the registry keys so it scored best in all the tests.

Bitdefender Internet Security 2016/2017, Symantec Norton Security and G Data Internet Security have provided good performance as well, but missed malware in a few cases.

Among the bootable antimalware/recovery software, Kaspersky Virus Removal Tool ruled them all and managed to remove all the malware samples, while the others failed.

The screenshots below are self explanatory.

2016' best antivirus was Avira Antivirus Pro, while Kaspersky Virus Removal Tool is the best for cleaning infected computers

2016' best antivirus was Avira Antivirus Pro, while Kaspersky Virus Removal Tool is the best for cleaning infected computers

Personally, I am a fan of Malwarebytes Anti Malware when it comes to cleaning up infected computers, but I also use AdwCleaner, Zemana and HitmanPro, hoping to remove all the leftovers that were not spotted by my first virus scan. My favorite free antivirus is Avast!, because it is lightweight and has a lot of features.


Google Allo is coming to the desktop

As you may know, Google has been working a lot at Allo, their smart messaging app, tied to the user’s phone numbers. At first, Google made it clear that it was a “mobile first” service, but it looks like they are working towards making it accessible on the desktop, from the browser.

The desktop version of Allo is in its early development stages, but Nick Fox, Google’s VP of Communications Products, shared an image of the browser-based Allo on Twitter.

Google Allo is coming to the desktop

We can see from the screenshot that the app has an intuitive design, a list of chats on the left side of the screen, while the messages are shown on the right. It has video and GIF support as well and it is said that Google with integrate their new AI virtual assistant into the app.

On Android 7.0 Nougat, Allo has direct reply support, split screen and brings Google Assistant features to iOS. Despite Google’s effort, the app has dropped out from top 500 apps on Play Store, allegedly meaning that consumers did not appreciate it too much.

To my mind, the app was created as an WhatsApp alternative, but I cannot see how it will overtake it. There are other internet services like Telegram or Viber that did not succeed it, so why would Google?


An Xagent malware for macOS steals browser passwords, takes screenshots and grabs iPhone backups

The guys from Bitdefender have recently discovered an Xagent malware for macOS users, capable of stealing passwords, taking screenshots and stealing iPhone backups from the Apple computers.

Most likely, the malware is developed by the APT28 cybercrime group, but Bitdefender can’t be sure. The Malware contains some modules that can scan the computer for hardware and software configurations, find all the running processes and run malicious files. Also, it steals the passwords saved in the browser and takes desktop screenshots.

APT28 is the group that hacked the computers from the U.S. Democratic National Committee last year during the presidential election. For now, we don’t know how the malware spreads, but the best way to avoid it is to download software only from the Mac App Store or trusted sources.

Despite the fact that macOS is Unix-based and so, the user permissions are more restrictive, compared to Windows, hackers managed to create viruses and malware for Apple’s platform as well.


Avast created 3 new ransomware decryption tools

As you may know, the number of ransomware infections has increased a lot in the last six months, despite the fact that antivirus companies fight it. Last year, more than 200 new ransomware malware were discovered.

For example, Avast has released 14 decryption tool so far, in order to help users to recover their infected data for free. The latest 3 decryption tools created by Avast can decrypt the files infected by Jigsaw, HiddenTear and Philadelphia/Stampado.

Due to the fact that the ransomware gets updated frequently, the security firms need to update their decrypting tools as well.

For example, HiddenTear’s source code is hosted on GitHub and can be used and modified by everyone. It encrypts files under the extensions: .34xxx, .locked, .BUGSECCCC,.bloccato, .lock, .saeid, .unlockit, .Hollycrypt,.monstro, .lok, .razy, .mecpt, .암호화됨, .flyper, .kratos, .8lock8, .fucked,.CAZZO, .krypted, .doomed et cetera.

The antivirus companies fight side by side against this kind of threats, due to the fact that there is no tool to offer 100% safety. So far, decryption keys from Avast, AVG, Kaspersky, Emsisoft, McAfee, Trendmicro.

For more information, see this blog post from the Avast website.

We will keep you posted. Stay tuned.