Tag: developer | Page 2

Another Israeli Exploit Developer Caught Selling Malware To Blacklisted Countries

January 21, 2023/in Computer Security

from the quite-the-cottage-industry-you-got-there dept

Maybe it’s time for the Israeli government to put a moratorium on Mossad-based startups. Israeli intelligence services have been the petri dishes for a particular strain of techbro — ones who have the smarts to create zero-click exploits but none of the common sense needed to cull baddies from their customer lists.

The Israeli government is partly to blame. It worked closely with NSO Group (and presumably others in the same business) to broker deals with human rights abusers: diplomacy via malware sales.

Months of negative press got NSO blacklisted by the US government. It also got it investigated in its homeland, finally resulting in the Israeli government (reluctantly) limiting who the company could sell to.

NSO isn’t the only malware merchant with Israeli roots. Candiru — another recipient of US sanctions — calls Israel home. So does Cytrox, yet another exploit developer with ties to Israeli intelligence services. Cytrox was at the center of a recent domestic spying scandal in Greece, with its malware being used to target opposition leaders and journalists. This culminated in Greek police forces raiding Cytrox’s local office, presumably as part of the ongoing investigation.

Now there’s another Israeli spyware maker making the wrong kind of headlines, as Fanny Potkin and Poppy McPherson report for Reuters.

Israel’s Cognyte Software Ltd won a tender to sell intercept spyware to a Myanmar state-backed telecommunications firm a month before the Asian nation’s February 2021 military coup, according to documents reviewed by Reuters.

No matter who’s running the Myanmar government, they shouldn’t be trusted with powerful spyware. For most of the past 60 years, the country has been run by some form of military dictatorship. The 2021 coup simply reshuffled a bit of the military dictatorship organizational chart. Throughout this time period, residents (especially Muslim residents) have been on the receiving end of intense oppression. For Myanmar’s Muslims, oppression means death: ethic cleansing.

Given the fact that any malware sold to the Myanmar government was likely to be abused to target critics…

Source…

Bitcoin developer loses $3.3 million in massive hack

January 2, 2023/in Computer Security

❘ Published: 2023-01-02T15:33:29

❘ Updated: 2023-01-02T15:33:41

A Bitcoin core developer has had his server hacked after his security key was compromised. The hacker has supposedly stolen over 200 BTC, worth around 3.3 million dollars.

Luke Dashjr, a developer who works on Bitcoin Core, the technology and security behind the cryptocurrency, has lost over 200 Bitcoins in an apparent hack.

According to Dashjr’s Twitter, the PGP key (Pretty Good Privacy) was compromised and allowed the hacker to loot his Bitcoin from the computer they were being stored on.

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin

— @[email protected] on Mastodon (@LukeDashjr) January 1, 2023

A PGP key is an encryption method that utilizes two different keys to lock away information. Dashjr has identified the Bitcoin wallets that some of the money was sent to, but as of yesterday, claims it has all gone.

Article continues after ad

Dashjr had been targeted in an attempted smash-and-grab on his Bitcoin stash earlier in the year but brushed it off after investigating. On his Mastodon, Dashjr stated he had “purged the backdoors” implemented in the attack, but couldn’t find any evidence of it being used.

Dashjr also deleted a tweet in regards to his “cold wallet”. This is a type of Bitcoin wallet that is kept offline to ensure maximum security. Dashjr questioned whether or not it was “Maybe not as cold as intended?”

According to another developer, Peter Todd, Dashjr’s active PC runs a Linux distro called Gentoo. This was also where he stored his “hot” Bitcoin wallet. A hot wallet is one that is actively connected to the internet and can be accessed at any time.

Article continues after ad

If a compromised piece of software made it on, as Dashjr suspects, then it was an inevitability of it getting stolen and not a targeted attack.

Subscribe to our newsletter for the latest updates on Esports, Gaming and more.

FYI I’ve confirmed that this is real and not a Twitter hack via a mutual friend.IIUC he used Gentoo as his desktop and didn’t keep different activities separated. So backdoored…

Source…

Malicious App Developer Remains on Google Play

November 2, 2022/in Computer Security

A phone with multiple app icons including messages, Play Store, Phone, Settings and more — Google has been routinely notified about malware-containing apps listed on Play Store, but it has routinely failed at catching already-identified malware code.

Google is still failing to catch malicious apps from being listed on its app store, but it seems that some developers that have been cited aren’t even being kicked off the platform. Security software company Malwarebytes reported Tuesday that four apps listed by developer Mobile apps Group contain a well-known malware used to steal users’ information. As of the time of reporting, all four apps are still listed on Google Play Store.

Worse still, Malwarebytes wrote that the developer in question has been found deploying malware in its apps before, yet they’re still able to list their apps on Google’s main app store.

The apps are listed by the company Mobile apps Group, whose listing on Play Store includes the tagline “Using the smart app, you guarantee a strong and reliable Bluetooth pairing with any device.” The apps include:

Bluetooth Auto Connect
Driver: Bluetooth Wi-Fi, USB
Bluetooth App Sender
Mobile transfer: smart switch

As of time of reporting Wednesday morning, the developer’s malware-containing apps were still available on Play Store.

Nathan Collier, a malware intelligence analyst for Malwarebytes, wrote that when users first install Bluetooth Auto Connect, there’s a several-day delay before it starts opening phishing sites in Chrome. These sites run in the background even if a device is locked and open automatically when users unlock their phones. These phishing sites reportedly include porn sites that lead to phishing pages or other sites that spam users with messages that they’ve been hacked and need to perform an update.

Mobile apps group has been cited twice in the past for listing malware-infected apps, according to Collier. Other cybersecurity researchers have blogged about an earlier version of Bluetooth Auto Connect. Two days after that blog and subsequent delisting, the developers released a 3.0 version on Google Play, which means those malicious devs did not even receive a probation period. The devs released the current 5.7 version of the…

Source…

Turnabout is Fair Play? LockBit Ransomware Builder Leaked to Public by “Disgruntled Developer”

September 27, 2022/in Internet Security

LockBit has emerged as the biggest player in the “ransomware as a service” (RaaS) market in the past year. But the group may now be on the ropes as its newly revamped LockBit Ransomware Builder, the tool used to both build ransomware executables and decrypt locked files, is now available to the public via what the group claims is a “disgruntled developer.”

LockBit ransomware will undoubtedly be copied and used by other threat actors in the near term, putting the group’s business at risk. But the leak of the ransomware builder also gives security researchers valuable insights into bolstering the ability of cyber defenses to detect it and into decrypting locked files. The incident may end up finally dethroning LockBit, which became the premier RaaS group after major rivals such as Conti and REvil broke up under law enforcement pressure.

Newly overhauled LockBit ransomware compromised by insider

A new version of the LockBit ransomware (3.0) had just debuted in June, promising its criminal clientele that it would “make ransomware great again” with an assortment of new features. The ransomware builder that has made its way to the public is for this newly revised version, also sometimes called “LockBit Black” by the group.

The ransomware builder first appeared on Twitter on September 21, posted by a newly registered user under the handle “ali_qushji.” The Twitter user claimed that they had hacked several of the LockBit ransomware servers and located the new ransomware builder on one of them. Numerous security researchers examined the ransomware builder and confirmed that it was legitimate.

After this happened, the VX-Underground malware monitoring service came forward to share that a Twitter user by the name of “protonleaks” had privately shared a copy of the ransomware builder with them on September 10. However, this user had a different story; they claimed to be an angry developer leaking the ransomware builder due to differences with the upper echelons of LockBit.

With this tool, anyone with basic knowledge of these types of attacks could immediately create a knockoff service using the authentic LockBit ransomware. The ransomware builder automates all aspects of…

Source…

Tag Archive for: developer

from the quite-the-cottage-industry-you-got-there dept

Newly overhauled LockBit ransomware compromised by insider