Tag Archive for: family

New Android malware family has infected thousands of devices – here’s what we know

/in


Cybersecurity researchers from McAfee hae uncovered over a dozen malicious apps lurking in the Google Play Store. 

The researchers claim these apps were carrying a potent piece of malware, capable of stealing sensitive data from the infected Android devices and possibly even running ad fraud.

Source…

xorbot: A Stealthy Botnet Family That Defies Detection

/in


I. Background of xorbot

In November 2023, NSFOCUS Global Threat Hunting System detected that a type of elf file was being widely distributed and accompanied by a large amount of suspected encrypted outbound communication traffic. However, the detection rate of mainstream antivirus engines on this file was close to zero, which aroused our curiosity. After further manual analysis, we identified a novel botnet family with strong occultness. Given that the family uses multiple rounds of xor operations in encryption and decryption algorithms, NSFOCUS Research Labs named the Trojan xorbot.

Unlike a large number of botnet families secondary developed based on open source code, xorbot was built from scratch with a brand-new architecture. Developers attached great importance to the concealment of Trojan horses and even sacrificed propagation efficiency for better concealment effect. The latest version of Trojan horse added a large amount of garbage codes on the basis of the initial version, which increased the file volume by more than 30 times. On the traffic side, it also took painstaking efforts to randomly generate data sent during the initial online interaction stage, and introduced encryption and decryption algorithms to encrypt and store key information, thus invalidating the method of detecting character features in communication traffic.

II. Sample Analysis of xorbot

Version change

Shortly after the initial propagation version of xorbot, which first appeared in November 2023 with a file size around 30 KB, NSFOCUS Global Threat Hunting System detected another variant of the Trojan that soared nearly 30-fold to close to 1200 KB.

Figure 1 Comparison of file sizes in different versions of xorbot

Through further analysis, we confirm that the xorbot Trojan communicates in the new version by introducing _libc_connect() and _libc_recv() series functions of the libc library, but the core function modules remain unchanged.

Figure 2 xorbot core function module

Trojan developers have added a large amount of invalid code to mask malicious branches, making the current antivirus engine detection rate close to zero. Although junk code can oversize files and affect their propagation…

Source…

Life360 enhances family safety app with launch of new features and membership benefits in the UK

/in


The app trusted by one in ten UK families adds emergency dispatch, breakdown assistance, identity theft protection and more, to help keep families safe

LONDON, Oct. 30, 2023 /PRNewswire/ — Life360, the leading family locator app and safety membership, has today announced the rollout of new safety features and enhancements available for UK members. Building upon the Life360 experience that over 3.7 million UK members already depend on, the latest updates extend Life360’s comprehensive range of existing safety features to deliver complete peace of mind and exceptional value to families at home and on the move. This expanded safety offering is made possible through a triple-tier Membership offering – Silver, Gold, and Platinum.

Keep loved ones safe on every journey
Ensuring the safety of your loved ones on every journey has never been easier with Life360’s free Crash Detection feature, which can detect collisions over 25mph, promptly notify the driver or passenger involved, and alert their Circle members if there’s no response. Now, Crash Detection has the option to include Emergency Dispatch with Gold and Platinum membership. In the unfortunate event of an accident, Life360 will contact emergency responders, sharing precise location coordinates and staying on the line until help arrives.

Additionally, Emergency Dispatch is now available alongside Life360’s SOS feature. With a simple tap of the “SOS” button, users can send a silent alert to their Circle members, along with their location. Now, in addition to alerting users’ Circle members and emergency contacts, Life360’s dedicated third-party emergency dispatchers will also call the member, assess the situation, and liaise with the appropriate authorities, whether it’s the police or ambulance service, to ensure timely assistance if needed.

In 2022 alone, in the US and Canada, Life360 received over 2 million help alerts from its members and dispatched over 34,000 ambulances to help those in need.

“Life360 plays a very important role in our lives. With a family of avid motorbike…

Source…

Royal Family Website Faces Cyber Attack By Russian Hackers: Report

/in


Royal Family Website Faces Cyber Attack By Russian Hackers: Report

The Royal family’s website was up and running again by midday

The Royal Family’s official website went down for about an hour and a half in the early hours of Sunday morning after being targeted by a cyber attack, The Telegraph reported. As per the report, no access to the website, its systems, or its content was gained. Upon visiting the URL, royal. uk, the page displayed an error message, ”Gateway time-out Error code 504.” 

”We’ve just received breaking news that the Royal Family website has crashed after allegedly being targeted by Russian hackers who have reportedly taken responsibility for the attack on social media. “If you try to access the website, you get an error message,” Sky News host Caroline Di Russo said. 

Russian hacker group Killnet has claimed responsibility for the cyber attack. In a message shared on Telegram, a messaging app, the hacker added a link to the website which provided information about the monarch, the Firm, and the Royal Family’s role in the UK and the Commonwealth.  They added the supposed takedown was an “attack on pedophiles”.

Though these attacks don’t cause major damage, they can lead to outages lasting several hours or even days. However, it has not been confirmed they were behind it.

The Royal family’s website was up and running again by midday.

As per Express.co.uk, KillMilk is the leader of the Russian hacktivist DDoS collective Killnet. KillNet is known for its Distributed Denial of Service (DDoS) campaigns and has launched similar attacks against countries supporting Ukraine, especially NATO countries, since the start of the war in February last year.  A DDOS attack involves knocking a website offline by flooding it with traffic.

Killnet has in the past claimed attacks on US government websites and said it has taken action against other countries opposed to Russia’s invasion of Ukraine.

In November last year, the European Parliament website was also hit by a cyber attack claimed by Killnet shortly after lawmakers approved a resolution calling Moscow a “state sponsor of terrorism”.

Source…