Tag Archive for: Demanding

New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin

/in


Sextortion Emails

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency.

MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems.

Chief among its methods to evade detection and stay under the radar included a delay of 14 days before accessing its command-and-control servers and the facility to execute malicious binaries directly from memory.

Automatic GitHub Backups

MyloBot also leverages a technique called process hollowing, wherein the attack code is injected into a suspended and hollowed process in order to circumvent process-based defenses. This is achieved by unmapping the memory allocated to the live process and replacing it with the arbitrary code to be executed, in this case a decoded resource file.

“The second stage executable then creates a new folder under C:\ProgramData,” Minerva Labs researcher Natalie Zargarov said in a report. “It looks for svchost.exe under a system directory and executes it in suspended state. Using an APC injection technique, it injects itself into the spawned svchost.exe process.”

Sextortion Emails

APC injection, similar to process hollowing, is also a process injection technique that enables the insertion of malicious code into an existing victim process via the asynchronous procedure call (APC) queue.

Prevent Data Breaches

The next phase of the infection involves establishing persistence on the compromised host, using the foothold as a stepping stone to establish communications with a remote server to fetch and execute a payload that, in turn, decodes and runs the final-stage malware.

This malware is designed to abuse the endpoint to send extortion messages alluding to the recipients’ online behaviors, such as visiting porn sites, and threatening to leak a video that was allegedly recorded by breaking into their computers’ webcam.

Minerva Labs’ analysis of the malware also reveals its ability to download additional files, suggesting that the threat actor left behind a backdoor for carrying out further…

Source…

Learnt hacking on YouTube, 11-year-old caught demanding Rs 10 crore from father

/in


News Highlights: Learnt hacking on YouTube, 11-year-old caught demanding Rs 10 crore from father.

Lucknow: In what appears to be a bad effect of online classes during Covid times, an 11-year-old boy studying in Class V learned to hack from YouTube and victimized his own father by sending an extortion email for Rs 10 crore.

The minor had learned about cybercrime and security measures during the online computer lessons at school. To dig further into the topic, he took to videos on YouTube and learned how to hack email IDs and mobile numbers.

To test hacking techniques he picked up from YouTube, he hacked the email ID and mobile number of his father and other family members and started sending unsolicited threatening emails and messages on their mobile.

The bizarre case was reported from Indirapuram in Ghaziabad. The defendant’s father has a good position in the government. He and others in the family got scared and had sleepless nights when they started receiving these emails and messages.

The family was amazed that the person who sent them e-mails knew everything about them and their smallest household activities. Initially, the ‘tormented’ officer had sought help from his internet service provider, but found no help.

The ordeal of the officer’s family lasted a month from December 23 to January 24. His patience ended when he received an extortion email demanding Rs 10 crore or their secrets will be made public.

He went to the cyber cell and filed a complaint. When the cell investigated the case, it was found that the internet protocol (IP) address used by the hacker came only from their home. The cyber cell in charge, Sumit Kumar, questioned all family members individually to find out that the hacker was only their 11-year-old son.

During his questioning, he admitted to sending these emails and messages after becoming aware of cybercrime during online classes at school. The boy told the investigating officer that he learned to hack after seeing many videos on the subject on YouTube.

The cyber cell’s sleuths further question him to find out whether the minor has also sent such emails to his friends and relatives. The cell is also contacting school authorities to find out…

Source…

When coffee makers are demanding a ransom, you know IoT is screwed

/in

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

Security problems with Smarter products first came to light in 2015, when researchers at London-based security firm Pen Test partners found that they could recover a Wi-Fi encryption key used in the first version of the Smarter iKettle. The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices. The result: the researchers showed a hacker could probably replace the factory firmware with a malicious one. The researcher EvilSocket also performed a complete reverse engineering of the device protocol, allowing reomote control of the device.

Two years ago, Smarter released the iKettle version 3 and the Coffee Maker version 2, said Ken Munro, a researcher who worked for Pen Test Partners at the time. The updated products used a new chipset that fixed the problems. He said that Smarter never issued a CVE vulnerability designation, and it didn’t publicly warn customers not to use the old one. Data from the Wigle network search engine shows the older coffee makers are still in use.

Read 25 remaining paragraphs | Comments

Biz & IT – Ars Technica

Cyber Warfare Market Ongoing Trend with Most Demanding Players as Airbus, BAE System, DXC, General Dynamic, IBM, Intel, Lockheed Martin, Proofpoint, Raytheon, Zscaler – The Daily Chronicle

/in

Cyber Warfare Market Ongoing Trend with Most Demanding Players as Airbus, BAE System, DXC, General Dynamic, IBM, Intel, Lockheed Martin, Proofpoint, Raytheon, Zscaler  The Daily Chronicle
“cyber warfare news” – read more