Tag Archive for: remotely

This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe

/in


Hackers are beefing up their efforts to go after the best MacBooks as security researchers have discovered a brand new macOS backdoor which appears to have ties to another recently identified Mac malware strain.

As reported by SecurityWeek, this new Mac malware has been dubbed SpectralBlur and although it was uploaded to VirusTotal back in August of last year, it remained undetected by the best antivirus software until it recently caught the attention of Proofpoint’s Greg Lesnewich.

In a blog post, Lesnewich explained that SpectralBlur has similar capabilities to other backdoors as it can upload and download files, delete files and hibernate or sleep when given commands from a hacker-controlled command-and-control (C2) server. What is surprising about this new Mac malware strain though is that it shares similarities to the KandyKorn macOS backdoor which was created by the infamous North Korean hacking group Lazarus.

Just like SpectralBlur, KandyKorn is designed to evade detection while providing the hackers behind it with the ability to monitor and control infected Macs. Although different, these two Mac malware strains appear to be built based on the same requirements.

Once installed on a vulnerable Mac, SpectralBlur executes a function that allows it to decrypt and encrypt network traffic to help it avoid being detected. However, it can also erase files after opening them and then overwrite the data they contain with zeros.

Mac malware is on the rise

If you thought your Mac was safe from hackers and malware, I’ve got bad news for you. Cybercriminals may have preferred Windows machines in the past but now that Apple’s computers have seen a surge in popularity over the past few years, they’ve become a much more valuable target.

According to a blog post from the non-profit Objective-See (via The Hacker News), 21 new malware strains designed to target macOS were discovered in 2023 alone. This is a significant increase compared to the previous year when only 13 Mac malware strains were identified.

As such, expect to see even more Mac malware this year as hackers and other cybercriminals have seen firsthand just how valuable it can be targeting Apple’s computers over the best…

Source…

Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors

/in


Texas-based smart home product provider Nexx appears to have ignored repeated attempts to report serious vulnerabilities that can be exploited by hackers to remotely open garage doors, and take control of alarms and smart plugs. 

Nexx offers smart alarms, garage door controllers, and smart plugs, all of which can be controlled remotely from a dedicated mobile application. 

Researcher Sam Sabetan discovered that these products are affected by serious vulnerabilities in late 2022 and disclosed their details on Tuesday. 

The US Cybersecurity and Infrastructure Security Agency (CISA) has also released an advisory to warn individuals and organizations using Nexx products about the flaws identified by the researcher. The agency said the impacted products are used by commercial facilities worldwide.

Sabetan and CISA said their attempts to report the vulnerabilities to Nexx were ignored. SecurityWeek has also reached out to Nexx for comment.

The researcher has discovered five types of vulnerabilities, most of which have been assigned ‘high’ or ‘critical’ severity ratings. The list of issues includes the use of hardcoded credentials, authorization bypass flaws that can be leveraged to execute unauthorized actions, information disclosure issues, and improper authentication.

In a real world attack scenario, an attacker can exploit these vulnerabilities to open or close garage doors remotely over the internet, hijack any alarm system, and turn on/off smart plugs connected to household appliances. 

In order to conduct an attack, the hacker only needs the targeted user’s device ID, email address, name, or MAC address, depending on the type of device they are targeting.  

A video demo made by the researcher shows how a hacker can obtain the information of hundreds of users.

“It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted. Furthermore, I determined that more than 20,000 individuals have active Nexx accounts,” Sabetan explained. 

Related: Aiphone Intercom System Vulnerability Allows Hackers to Open Doors

Related: Vulnerabilities in HID Mercury Access…

Source…

New Warnings Show How Hackers in Nigeria Can Remotely Steal Cars – IT News Africa

/in


Image sourced from Car Throttle.com.

Nigeria’s Communications Commission (NCC) published a warning yesterday advising drivers in the West African country to beware of a new cybercrime method being used by hackers where car doors can be opened and vehicles can be started without keys, all done remotely while the criminals hide nearby.

According to the NCC, owners of Honda and Acura-model vehicles are the most susceptible to these kinds of new attacks.

The NCC discovered these new grand theft auto methods via investigations made by the Computer Security Incident Response Team (CSIRT), a cybersecurity body established to protect the country’s telecom sector by the NCC.

According to CSIRT’s report, released to the media by Dr Ikechukwu Adinde, Director Public Affairs at the NCC, there is an existing cyber-vulnerability with certain makes of vehicles that allows hackers to remotely unlock vehicles, start their engines wirelessly and then steal the cars. The only requirement is that the hackers be nearby the vehicles to allow the process to take place.

“CSIRT discovered that because car remotes are categorised as short-range devices that make use of radiofrequency to lock and unlock cars, there are immediate dangers in a new hacking method which sees hackers take advantage to unlock and start a compromised car,” said Adinde, quoted by Vanguard Nigeria.

According to CSIRT’s report, the cybercrime attack is what is known as a “Man-in-the-Middle” attack, or a reply attack, in which a threat actor intercepts the radio signal used by car remotes and manipulates the signal in order for the criminal to remotely unlock the car at a later time – like when the owner has lost sight of the vehicle – and gain access.

Some vehicles are more susceptible to these attacks than others, such as certain Honda or Acura models which can be started without ignition keys. These model vehicles can have their engines started wirelessly using the same reply attack method. By the time the owner returns, their car has vanished with no broken glass or alarm bells to tell the owner of what occurred.

“The attack consists of a threat actor capturing the radiofrequency…

Source…

How to Stop Octo Malware From Remotely Accessing Your Android

/in


Image for article titled How to Stop Octo Malware From Remotely Accessing Your Android

Photo: ymgerman (Shutterstock)

There’s a new strain of malware floating around the internet, and it’s looking to control your Android device. Once installed, “Octo,” as it’s colloquially called, can both remotely see your screen and control your device, all without you knowing. Let’s examine where Octo came from, how it works, and how you can avoid it.

What is Octo?

ThreatFabric was the first outlet to discover and report on Octo, who found the strain as an evolution of Exobot family of malware. Since 2016, Exobot malware primarily targets banking activity, and has evolved into different strains over time. Now, ThreatFabric has identified a strain it calls ExobotCompact.D: On the dark net, however, the malware is being referred to as “Octo.”

Many hackers attempt to break into your accounts from their personal devices, by phishing for your login information, as well as your MFA codes. However, Octo allows bad actors to remotely access your Android phone, in what’s called on-device fraud (ODF). ODF is extremely dangerous, since the activity isn’t happening from somewhere else in the world, but from the device your accounts and networks expect it to.

How does Octo work?

Octo takes over Android’s MediaProjection function in order to stream your smartphone’s activity remotely. While it’s not a perfect livestream (the video runs about 1 frame per second), it’s plenty fast for hackers to see what they’re doing on your device. In order to actually do anything, though, they’ll next use Octo to take over AccessibilityService.

G/O Media may get a commission

Shark Ion Robot Vacuum

23% Off

Shark Ion Robot Vacuum

Keep it clean
Features three different brush types, learns the layout of your home to avoid getting stuck and damaging things, and can be controlled via an app on your phone.

You won’t see any of this happening, however, because Octo employs a black overlay on your screen, in addition to silencing any notifications you may receive: From your perspective, your phone appears shut off, but to hackers, it’s open season on your Android device.

From here, hackers can perform an assortment of tasks remotely on your device, including taps, gestures, entering text, pasting text,…

Source…