A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware.
Cybereason’s Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools — some of which are designed to exfiltrate data from a database through to cracks and product key generators that unlock full versions of trial software — and injecting a powerful remote-access trojan. When the tools are opened, the hackers gain full access to the target’s computer.
Serper said the attackers are “baiting” other hackers by posting the repackaged tools on hacking forums.
But it’s not just a case of hackers targeting other hackers, Serper told TechCrunch. These maliciously repackaged tools are not only opening a backdoor to the hacker’s systems, but also any system that the hacker has already breached.
“If hackers are targeting you or your business and they are using these trojanized tools it means that whoever is hacking the hackers will have access to your assets as well,” Serper said.
That includes offensive security researchers working on red team engagements, he said.
Serper found that these as-yet-unknown attackers are injecting and repackaging the hacking tools with njRat, a powerful trojan, which gives the attacker full access to the target’s desktop, including files, passwords, and even access to their webcam and microphone. The trojan dates back to at least 2013 when it was used frequently against targets in the Middle East. njRat often spreads through phishing emails and infected flash drives, but more recently hackers have injected the malware on dormant or insecure websites in an effort to evade detection. In 2017, hackers used this same tactic to host malware on the website for the so-called Islamic State’s propaganda unit.
Serper found the attackers were using that same website-hacking technique to host njRat in this most recent campaign.
According to his findings, the attackers compromised several websites — unbeknownst to their owners — to host hundreds of njRat malware samples, as well as the infrastructure used by the attackers to command and control the malware. Serper said that the process of injecting the njRat trojan into the hacking tools occurs almost daily and may be automated, suggesting that the attacks are run largely without direct human interaction.
It’s unclear for what reason this campaign exists or who is behind it.
Hackers have released a new jailbreak that can reportedly crack any iPhone
A new jailbreak has just been released that works across all iPhones, according to reports from Motherboard and TechCrunch.
- The jailbreak was reportedly made possible by a new vulnerability in Apple’s software that the company has not discovered yet.
- A jailbreak is a hack that makes it possible to overcome the iPhone’s security restrictions so that users can load apps and features that aren’t approved by Apple.
- Installing jailbreaks can pose security risks since doing so lifts Apple’s safeguards.
A vulnerability in Apple’s mobile software has made it possible for hackers to release a new iPhone jailbreak that supposedly works across all iPhones, according to Motherboard.
It’s the first time such a jailbreak that works so broadly at launch has surfaced since Apple launched its iOS 10 operating system in 2016, the report says. The jailbreak, known as unc0ver, should work on all iPhones that support iOS 11 and above, according to TechCrunch .
Apple did not immediately respond to Business Insider’s request for comment.
A jailbreak is a hack that makes it possible to overcome Apple’s security protocols so users can load onto their iPhones apps and software that the company hasn’t authorized. Jailbreaks were once very popular among iPhone owners that wanted to customize their devices, but they also pose serious security risks since they discard Apple’s built-in safety measures.
Apple has cracked down on jailbreaking in more recent iOS software updates, making them far less common.
The new jailbreak is the result of a zero-day vulnerability found in Apple’s iOS software, Motherboard reported. The term “zero-day” refers to a security flaw that has not yet been discovered.
Although jailbreaks are usually considered a security risk, the researcher who discovered the iOS vulnerability that makes the new jailbreak possible told Motherboard that Apple’s security mechanisms remained intact.
While the new jailbreak is said to be the first in years to work across all models right away, it’s not the first time jailbreaking has returned to the iPhone. Last August, Apple re-introduced a security vulnerability that would make jailbreaking possible , as Motherboard reported at the time. But that jailbreak worked on current and up-to-date iPhones, according to the report, while the new one is said to work across all models.
The news also comes as Apple has been investing more heavily in sourcing help from external cybersecurity experts and researchers through its bug-bounty program, which the company introduced in 2016.
For example, Apple updated its bug-bounty program in August to include a new million-dollar reward for researchers who can pull off a specific type of iPhone hack. The type of attack, known as a “zero-click full chain kernel execution attack with persistence,” gets to the core of Apple’s operating system and enables control of an iPhone without requiring any user interaction.
After Zoom, Hackers Turn to Microsoft Teams as Reports Show Spike in Cyberattacks
With working from home becoming the new norm, Microsoft Teams and other video conferencing platforms have seen an extraordinary spike in usage. However, the increase in popularity has also attracted the attention of hackers.
Recent, reports by security researchers have shown spikes in cyberattacks targeting Microsoft Teams users. According to the reports, researchers have observed thousands of cloned Microsoft Teams login pages being used in an attempt to harvest account passwords.
Hackers turn their sights to Video-conferencing Platforms
With the daily usage of Microsoft service at about 75 million after leaping from 44 million in the last two weeks of March, it’s no surprise that hackers have turned their sights to the platform.
However, Microsoft Teams is not the first video chat platform to receive increased attention from hackers. Last month, Zoom had about 530,000 account information stolen by hackers auctioned on the dark web.
This, together with Zoom’s several other security and privacy shortcomings, caused a backlash which resulted in few top organisations porting to rivals like Teams. However, the increase in cyberattacks directed at Teams shows that users porting from Zoom doesn’t necessarily mean they are off the radar of cybercriminals.
Impersonation attack threat to over 75 million users
Researchers have discovered that hackers are using a multi-prong Microsoft Teams impersonation attack. According to the team from Abnormal Security, convincingly-crafted emails impersonating the automated notification emails from Microsoft Teams are sent out to users, with the aim of stealing their Microsoft Office 365 login credentials when they try to use the fake website.
The Cybersecurity and Infrastructure Security Agency (CISA) on April 29 issued a warning that attacks using such methodology was going to increase given the speed of deployment as organizations migrate to Microsoft Office 365 during the COVID-19 lockdown.
However, Abnormal Security has said it discovered that no security configurations or vulnerabilities in Microsoft Teams were at fault. The hacker exploits human vulnerabilities by sending emails that are designed to look legit and professional to trick as many users as possible.
“The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider,” the researchers say.
This new phishing campaign is disguised as normal everyday mail you receive for business or work. However when you click on the link, it employs multiple URL redirects, concealing the real hosting URLs, and so aiming to bypass email protection systems, the hacker will eventually drive the user to the cloned Microsoft Office 365 login page.
Also, hackers use newly-registered domains that are designed to fool users into thinking the notifications are from an official source.
Over 50,000 users have been victims to this attack
Once the user enters his login details, it is already stolen without them even knowing it. This is usually the case when users enter their details in unsecured webpages and it bounces.
According to Abnormal security, the current situation of things, where people have become accustomed to receiving video invitations and notifications from collaboration software providers makes it easier for the phishing attack to work.
“Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials, given the current situation, people have become accustomed to notifications and invitations from collaboration software providers.”
Similar to Zoom, Microsoft Teams’ booming popularity has caught the attention of both security experts and hackers. Although everything looks fine pertaining to Microsoft Teams security and privacy, users have to play their part in being extra vigilant so that preying hackers won’t be able to steal their information.
Be vigilant about performing ‘security hygiene’ during coronavirus threat
Consumers should seek out information based on science and not just personal testimonies.
Many of the news stories discussing the global outbreak of the COVID-19 virus rightly stress the importance of practicing protective measures such as vigorous hand washing and avoiding crowded events. Authorities roundly agree that proper hygiene and adherence to your national health authorities such as the CDC is critical to containing the spread of the deadly virus.
Meanwhile, the coronavirus scare is posing other risks – some directly, others indirectly related to COVID-19. Consumers hell-bent on gathering the latest information about virus-protection techniques are being warned about phishing scams that prey on their fears. Workers holed up in home offices face ongoing threats from hackers looking to poke holes in the patchwork of home and workplace security defenses.
“It’s always important to keep our guards up, to protect ourselves against security threats,” said Martin Hron, senior researcher at Avast. “Just like we need to pay attention to our own hygiene during times like these, we should maintain a high level of security hygiene to ensure we’re keeping our risk levels low.”
Virus-related scams are on the rise. State attorneys general have put out notices to watch for illegitimate investment schemes and websites advertising coronavirus “miracle products” or vaccines. Consumers should seek out information based on science and not just personal testimonies.
Earlier this month, the World Health Organization (WHO) issued a warning about phishing emails being sent by hackers posing as WHO representatives. The agency is getting regular reports of coronavirus-related phishing attempts.
The Secret Service recently issued a warning about phishing scam from people purporting to be from a medical organization offering information regarding the virus. Clicking on a link could infect your computer. The agency called the coronavirus outbreak “a prime opportunity for enterprising criminals because it plays on the basic human conditions … fear.”
As more regions declare states of emergency in response to the coronavirus, workers that haven’t spent time working remotely suddenly have to reacquaint themselves with VPNs and document-sharing tools. Corporate remote-work rules can – and should – be stringent. Workers should review key practices with IT before embarking on long, and perhaps open-ended, remote periods.
Other corporate security measures could include the following:
- Arm employees with a list of phone numbers, so they can reach out to a human from their IT team or other responsible person in case they have any IT issues.
- Inform employees of the hardware, software, and services they can utilize that are not company issued, but could help to connect and share files with colleagues during the special circumstances.
- Lay ground rules for employees when it comes to using personal hardware while working from home, such as printers.
- Enforce two-factor authentication wherever possible to add an extra layer of protection to accounts.
- Make sure employees have limited access rights and can only connect to the services they need for their specific tasks, rather than giving employees access to the entire corporate network.
Other potential risks tie back to actual hygiene itself. Workers operating remotely in regions affected by the coronavirus have been trained to scrub their hands and cover their mouths to stop the spread of disease. But are they paying the same attention to their technology devices themselves? Phones, laptops, tablets and IT remotes can transmit viruses if they’re not properly wiped down.
“We have to be vigilant, to be sure we’re protecting ourselves in every facet of our lives,” Hron said.