- Victims of some versions of the Cryakl ransomware can decrypt their files for free
- Cybersecurity week Round-Up (2018, Week 6)
- CSE CybSec ZLAB Malware Analysis Report: Dark Caracal and the Pallas malware family
- 49% of crypto mining scripts are deployed on pornographic related websites
Posted: 12 Feb 2018 11:13 AM PST
Free decryption keys for the Cryakl ransomware were added to the free Rakhni Decryptor that could be downloaded on the NoMoreRansom website.
The Belgian Federal Police has located the command and control server used by a criminal organization behind the Cryakl ransomware. The server was located in an unspecified neighboring country, law enforcement seized it and shared the decryption keys found on the machine with the No More Ransom project.
“The Belgian Federal Police is releasing free decryption keys for the Cryakl ransomware today, after working in close cooperation with Kaspersky Lab. The keys were obtained during an ongoing investigation; by sharing the keys with No More Ransom the Belgian Federal Police becomes a new associated partner of the project – the second law enforcement agency after the Dutch National Police.” reads the statement published by the Europol.
“Led by the federal prosecutor's office, the Belgian authorities seized this and other servers while forensic analysis worked to retrieve the decryption keys. Kaspersky Lab provided technical expertise to the Belgian federal prosecutor and has now added these keys to the No More Ransom portal on behalf of the Belgian federal police. This will allow victims to regain access to their encrypted files without having to pay to the criminals.”
The "exponential" rise in Ransomware threat represents a serious problem for users online and it is a profitable business for cyber criminals. The operation NO More Ransom is the response of the Europol of the growing threat.
The tool works with most versions of the Cryakl ransomware, but researchers at MalwareHunterTeam confirmed that it doesn’t work with CL 1.4.0 and newer (so 1.4.0 is included in what can’t be decrypted).
It has been estimated that the tool has helped more than 35,000 victims of ransomware to decrypt their files for free, an overall loss for crooks of over €10m.
“There are now 52 free decryption tools on www.nomoreransom.org, which can be used to decrypt 84 ransomware families. CryptXXX, CrySIS and Dharma are the most detected infections.” continues the statement.
The Belgian authorities are still investigating the case.
(Security Affairs – Cryakl ransomware, cybercrime)
The post Victims of some versions of the Cryakl ransomware can decrypt their files for free appeared first on Security Affairs.
Posted: 12 Feb 2018 07:20 AM PST
Cybersecurity week Round-Up (2018, Week 6) -Let’s try to summarize the most important event occurred last week in 3 minutes.
Cyber criminals continue to target cryptocurrency industry with malware and phishing attacks.
Security researchers at Netlab have spotted a new Android mining botnet, dubbed ADB.miner, that targets devices with ADB interface open.
An international operation conducted by law enforcement allowed to dismantle the crime ring behind the Luminosity RAT. US authorities also announced to took down the global cyber theft ring known as Infraud Organization.
Good news for the Popular British hacktivist Lauri Love that will not be extradited to US, UK Court Ruled. The list of victims of the hacker includes the FBI, the Federal Reserve Bank NASA and the US Missile Defence Agency..
For the second time, CISCO issues a security patch to fix a critical vulnerability in CISCO Adaptive Security Appliance. The company confirmed that threat actors are already attempting to exploit itare already attempting to exploit itin the wild .
The source code of the Apple iOS iBoot Bootloader leaked online, while Apple downplays the data leak security experts warn hacker can use it for a future jailbreak.
Swisscom data breach Hits 800,000 Customers, roughly 10% of Swiss population.
Crooks and experts devised new methods to exfiltrate data from compromised systems. Researchers at Forcepoint discovered a new piece of malware dubbed UDPOS that exfiltrates credit card data DNS queries.
The week ended with the discovery of an unpatchable flaw in Nintendo Switch bootROM by fail0verflow hacker group that exploited it to runs Linux OS on the console.
(Security Affairs – cybersecurity, cyberweek)
Posted: 12 Feb 2018 05:30 AM PST
Researchers from CSE ZLAB malware Analysis Laboratory analyzed a set of samples of the Pallas malware family used by the Dark Caracal APT in its hacking operations.
The malware researchers from ZLab analyzed a collection of samples related to a new APT tracked as Dark Caracal, which was discovered by Electronic Frontier Foundation in collaboration with Lookout Mobile Security.
Dark Caracal has been active at least since 2012, but only recently it was identified as a powerful threat actor in the cyber arena.
The first analysis of the APT linked it to Lebanese General Directorate of General Security.
Dark Caracal is behind a number of stealth hacking campaigns that in the last six years, aimed to steal text messages, call logs, and files from journalists, military staff, corporations, and other targets in 21 countries worldwide.
One of their most powerful campaigns started in the first months of last year, using a series of trojanized Android applications to steal sensitive data from the victim's mobile device. The trojan injected in these applications is known in the threat landscape with the name Pallas.
Threat actors use the "repackaging" technique to generate its samples, they start from a legitimate application and inject the malicious code before rebuilding the apk.
The target applications belongs to specific categories, such as social chat app (Whatsapp, Telegram, Primo), secure chat app (Signal, Threema), or software related to secure navigation (Orbot, Psiphon).
The attackers used social engineering techniques to trick victims into installing the malware. Attackers use SMS, a Facebook message or a Facebook post, which invites the victim to download a new version of the popular app through from a specific URL
All the trojanized app are hosted at the same URL.
This malware is able to collect a large amount of data and to send it to a C&C through an encrypted URL that is decrypted at runtime. The capabilities of the trojan are:
Further details are included in the complete report published by CSE.
You can download the full ZLAB Malware Analysis Report at the following URL:
(Security Affairs – Dark Caracal, Pallas malware)
The post CSE CybSec ZLAB Malware Analysis Report: Dark Caracal and the Pallas malware family appeared first on Security Affairs.
Posted: 12 Feb 2018 12:18 AM PST
The number of crypto mining scripts discovered by security experts continues to increase, especially those ones illegally deployed by hacking servers online.
The experts from Qihoo 360’s Netlab analyzed crypto mining scripts online by analyzing DNS traffic with its DNSMon system. The experts were able to determine which sites load the scripts from domains associated with in-browser mining services.
According to the researchers, 49% of crypto mining scripts are deployed on pornographic related websites.
The study revealed that cryptocurrency mining scripts are also deployed on fraud sites (8%), advertising domains (7%), and cryptocurrency mining (7%).
“0.2% of websites have web mining code embedded in the homepage : 241 (0.24%) in Alexa Top 100,000 websites, 629 (0.21%) in Alexa Top 300,000 websites” reads the analysis published by NetLab.
“Pornographic related websites are the main body , accounting for 49% of these websites. Others include fraud (8%), advertising (7%), mining (7%), film and television (6%) and other categories”
The most used crypto mining script is Coinhive (68%+10%), followed by JSEcoin (9%).
The fact that cryptocurrency mining scripts are most deployed on porn websites is not a surprise because they have a large number of visitors that used to spend a lot of time watching their content.
Mining activities online are rapidly increasing, the following graph shows the mining site DNS traffic trends:
Below the categories of new actors most involved in mining activities:
(Security Affairs – crypto currency mining scripts, Monero)
The post 49% of crypto mining scripts are deployed on pornographic related websites appeared first on Security Affairs.
|You are subscribed to email updates from Security Affairs. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|