hacking news

A Russian Hacker is selling Ransomware for few bucks on Dark Web

Ransomware is one of the threatening application made by some black hat hackers for the extortion among many people , businesses & hospitals. A threatening news of Russian Hacker selling Ransomware on dark web for just $175.

Russian Hacker selling Ransomware on Dark Web

Ransomware is one the easiest way to have money by threatening people after locking their data in the server & asking for money in lieu of money. Cyber criminals are very fond of using this tool for money.

The days of Trojan & malware are gone , now through some clicks you can lock someone & ask for money. The ransomware has evolved from just a software to a service. Now people are selling ransomware as a service in the dark web. Now ransomware is so easy to use that a person who is just able to use computer can throw a ransomware to any security service & demand money for it.

Recently security researchers have found a new ransomware of same nature. The interface of this ransomware is so easy to use that you can lock someone in just one infection.

This ransomware is built on open source malware toolkit popularly known as Hidden tear. This ransomware is sold by a Russian hacker for $175, named as Karmen. Karmen is being sold by Russian Hacker selling Ransomware service on the dark web

Karmen is a strong ransomware product that is based on AES-256 encryption which is almost impossible to crack until the victim pays the demanded money to the attacker & gets the encryption key.

Also Read : You can’t prevent yourself from this type of phishing attack

This ransomware has provided a web based interface on the web for the buyer to build a customized ransomware as needed by the customer.

How to Stay Safe from Ransomware

  • Browse the Internet safely.
  • Keep your anti-virus software up to date.
  • Always keep the data backup of important files.
  • Never open any e-mails from unknown sources.
Russian Hacker selling Ransomware
Russian Hacker selling Ransomware

The dashboard is even equipped with the calculation of money that you can generate by injecting it multiple times. Anyone with minimum knowledge is able to use the interface & earn the desired amount of money using the interface.

After the ransomware is executed in the computer , it encrypts all the data & displays the message that all the data is locked & don’t mess with it otherwise all the data will be lost.

The most interesting feature of Karmen is that it also detects the sandbox & anti-ransomware software that do not let anyone detect its existence.

Initially it was started in 2016 & attacked Germany & US. The commercialization of this software started in 2017 march. Until 20 customers have purchased it & 3 of them left a positive response for it on the Interface.

Also Read : How to hide your IP while downloading Torrents

I hope you like the list. If you like the information please like our Facebook Page or Subscribe us for our Daily Updates in your Inbox. Thank You.

Homograph Phishing Attacks is almost non detectable attack – IDN Homograph Attack

A Chinese researcher has found a totally new type of phishing attack. This homograph phishing attack can be used on all the Internet users even on those who are quite familiar with hacking attacks.

Homograph / PunnyCode  Phishing Attack

According to this Chinese researcher, a vulnerability of all popular web browser such as Chrome. Opera & Mozilla. A hacker can display the name of desired website to steal a website password & nobody is able to find out the phishing attack. A Hacker can display any website on the address bar like apple, Google or Amazon that will help to steal the sensitive information of a user.

Also Read :  Best Android Apps that you should install in your Phone in 2017

The best way to prevent you from phishing attack is that you check the address bar with a fake domain name. But what if the domain name is same which we tried to login.

Homograph Attack Chrome – IDN Homograph Attack Example

So if you like to see the details then you can click on this link to see the page. A heavy traffic is driven by this page as everyone is curious to see this. This webpage is developed by the Chinese researcher who shows the demo of this hacking attack.

In the official statement of Xudong Zheng in his blog. “It becomes impossible to identify the site as fraudulent without carefully inspecting the site’s URL or SSL certificate.”

So basically if you browser shows apple.com in the address bar & the content in the webpage is differnet than you browser is vulnerable to homograph attack.

The same demonstration is given by Wordfence where the domain shows epic.com & the contents of the webpage are different. Click here to see this.

homograph phishing attack
homograph phishing attack

History & working of Homograph Phishing attack

The concept of homograph attack emerges in 2001 when the using the Unicode characters replacing with characters. This shows the same legit url in the address bar but the domain is totally different which is asking for your login or sensitive data details.

Many uni-code characters which represent Greek, Cyrillic, and Armenian alphabet in international domain looks same in Latin words by people but are different in the sense of machines.

For example, Cyrillic “а” (U+0430) and Latin “a” (U+0041) both are different in machine level but the display ‘a’ same in every browser.

Browser use Punnycode to represent unicode characters & can defend from the homograph phishing attack. Punnycode is used to convert unicode to ASCII code supported by International Domain Names (IDNs) system.

Zheng said that the domain name is displayed correctly if all the unicodes are taken from same language.  But tends to display wrong url if multiple language unicodes are used.

As a result if you register a domain name as xn--80ak6aa92e.com & bypass the unicodes then the domain displayed will be apple.com by all the browsers vulnerable to this.

Zheng has reported this issue to all the leading browser to fix the issue.

Prevention from Homograph Phishing attack

For a Firefox user , follow these steps to do prevent you from the attack.

  1. Type about:config in address bar and press enter.
  2. Type Punycode in the search bar.
  3. Parameters in a browser setting will show network.IDN_show_punycode,
  4. Select & click the option to False.

Unluckily there is no option for Chrome & Opera users, you guys have to wait for the next updated version. So you can use some plugins to stay away from it.

You are advised to use a good password manager to stay safe from such homograph attack. So if a website which shows apple.com or amazon.com but your password manager is not responding then you know that the homograph attack is in progress & you can go back from there.

Also Read : Google Hire – A new Service for Job seekers & competition to Linkedin

If you like the information or have anything to add please write a comment below & tell us. If you like the information please like our Facebook Page or Subscribe us for our Daily Updates in your Inbox. Thank You.

Wikileaks new report in the series of Vault 7 : CIA Virus Control System “Hive”

The eye opener Wikileaks vault 7 has issued six documents that reveals some information about the Hive. Hive is a back-end software that is hidden as an HTTP in plain site. It is used to send information to implants while some commands are given to implants to execute them.

Wikileaks Vault 7 – CIA Virus Control System Hive

This Friday means on 14 April , Wikileaks have shown some more documents for vault 7. CIA must be very angry of Wikileaks. This can be seen from the CIA director’s speech. This time it is about the CIA project Hive.

This month many things about CIA are revealed by Wikileaks. You can read them from below.

Hive is a back end application which is made by CIA for keeping any eye on any of their leads. This application is made by CIA so that they can get the information from any target to the agents. These agents can also execute the commands in your PC & control the PC as they like.

Hive works on HTTPS Interface

The best feature of this app is that it works on HTTPS interface, which can cross any suspicious scan. There is almost no feature that can detect its presence.

According to these documents Hive has two basic functions i.e. “beacon” and “interactive shell”. Basically it works in two modes full featured mode & limited featured mode.

Wikileaks vault 7
Wikileaks vault 7

Hive works in various platforms like Windows, Linux & Solaris, Mikrotik, etc. These documents also give us a small clue that Researchers of Symantec have told us. During the research Symantec researchers have told that they have found a resemblance in the 40 cyber attacks made by LongHorn.

This all concludes that CIA is not working just with its own. Many other hacker group is also working with same intention as an ancillary unit for CIA. The researchers at Symantec has already told their results & mentioned it in a blog post.

This whole thing is happening from a month ago. In the series of these documents there will be more things to come out. If you have anything to add, then please write a comment in the comment box.

 

If you like the information please like our Facebook Page or Subscribe us for our Daily Updates in your Inbox. Thank You.

A Russian hacker was arrested in Spain for involvement in US Election Hacking

A Russian hacker was arrested in Spain on Friday as the suspect over last year US presidential election. He is suspect in hacking the election process.

Russian Hacker arrested in Spain

This Russian Hacker named Pyotr Levashov is arrested by the Police in Spain after a International warrant has been issued for his arrest.

Russian Ambassy has announced the arrest of Levashov on Sunday but the reason was not specified. This is the second arrest in the case after Stanislav Lisov was arrested by the Spain authorities.

Also Read : Most Popular Hacking Tools in Kali Linux

U.S authorities are trying to deport both the accused to US & detain them for information. According to the sources both of them are doubted to operate   NeverQuest Banking Trojan which affected the election & favor it to the Donald Trump.

Russian Hacker arrested
Russian Hacker arrested

Suspect in US President Election 

The doubt is also conformed by the wife of  Levashov. His wife Maria said “at the request of the American authorities in connection with cyber crime. something about a virus that was supposedly created by [her] husband”.

The security researchers have claimed Levashov as Peter Severa or Peter Levashov. He is listed as the Top 10 spammer of the world. He is positioned as 7th in the list.

Peter Carr , the Criminal Division of the US Department of Justice told media that Now they have nothing to say about the case, all the facts are sealed for now.

The US government has accused Russia for hacking the US president election. As the result Donald Trump become the President of US & real winner could not be known.

Also Read : What is the best way to backup your Smartphone data -Android phone or iPhone

The topic is very controversial, lets see what comes out after the investigation. Thank You.Like us on Facebook or subscribe us to get all the daily updates from us. Thank You.

Wikileaks claims a new document that shows CIA is hacking Windows PC using Grasshopper program

Th document leaked by Wikileaks in forwarding the vault 7 series has a new update. Wikileaks has released a new set of 27 documents that belongs to CIA Grasshopper Program.

Wikileaks reveals CIA Grasshopper Program

This set of 27 documents is named as grasshopper. It reveals a CLI framework that is developed by CIA that brings malware designed to breach Windows OS security & bypass anti-virus protection.

According to Wikileaks , all the 27 documents is a super manual which is a secret document for CIA. These documents can only be accessed by member of agency.

What is CIA Grasshopper Program

These documents provide enough knowledge to the member of CIA that can analyze a computer’s internal architecture & create a custom malware that can bypass all the security path & reach to the security of computer.

Also Read : Some Websites where you can code & compile your Programs

After the study of a system is complete, Grasshopper provides a custom windows installer program that needs to be installed in the computer of the victim.

CIA Grasshopper Program
CIA Grasshopper Program

The grasshopper executable has single or multiple exe files in the installer. All the exe files are working in the stack manner. One by one & in first in last out algorithm. The basic work of this malware will be to persist a payload.

The custom malware designed through Grasshopper can’t be detected by any anti-virus. The most efficient anti-virus like Kaspersky Lab, Symantec, and Microsoft are not able to detect its presence.

Wikileaks claims that the Grasshopper program is very easy to use and the malware that is generated by the program is very persistent in a Windows computer.

Grasshopper – Copied from a Russian Hacker’s program

One more thing that Wikileaks says is that the Grasshopper program is based upon the tool that is used by cyber criminals across the world. CIA took that hacking tool & modify the program for its own purpose.

The most popular that is doubted to be copied is a Russian Malware called Carberp. According to a statement of the official document “The persistence method and parts of the installer were taken and modified to fit our needs, A vast majority of the original Carberp code that was used has been heavily modified. Very few pieces of the original code exist unmodified.”

Wikileaks had not made clear that how much the tool was used but it was used in the year 2012 to 2015.

So far wikileaks has released many documents in the same series that are

  • Year Zero
  • CIA hacking exploits
  • Dark Matter
  • Marble

Also Read : Google launched a new Fake News Checking Tool for Google News & Search

Thank You.