Tag Archive for: Uncover

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?


Image Credits: Bryce Durbin / TechCrunch

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.

Now, two hacking groups have independently found the flaw that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers.

Switzerland-based hacker maia arson crimew said in a blog post that the hacking groups SiegedSec and ByteMeCrew identified and exploited the flaw in December 2023. Crimew, who was given a cache of TheTruthSpy’s victim data from ByteMeCrew, also described finding several new security vulnerabilities in TheTruthSpy’s software stack.

SPYWARE LOOKUP TOOL

You can check to see if your Android phone or tablet was compromised here.

In a post on Telegram, SiegedSec and ByteMeCrew said they are not publicly releasing the breached data, given its highly sensitive nature.

Crimew provided TechCrunch with some of the breached TheTruthSpy data for verification and analysis, which included the unique device IMEI numbers and advertising IDs of tens of thousands of Android phones recently compromised by TheTruthSpy.

TechCrunch verified the new data is authentic by matching some of the IMEI numbers and advertising IDs against a list of previous devices known to be compromised by TheTruthSpy as discovered during an earlier TechCrunch investigation.

The latest batch of data includes the Android device identifiers of every phone and tablet compromised by TheTruthSpy up to and including December 2023. The data shows TheTruthSpy continues to actively spy on large clusters of victims across Europe, India, Indonesia, the United States, the United Kingdom and elsewhere.

TechCrunch has added the latest unique identifiers — about 50,000 new Android devices — to our free spyware lookup tool that lets you check if your Android device was compromised by TheTruthSpy.

Security bug in TheTruthSpy exposed victims’ device data

For a time, TheTruthSpy was one of the most prolific apps for facilitating…

Source…

Researchers Uncover Major Surge in Global Botnet Activity


Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices.

Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with a high watermark of 20,000 devices. 

However, on December 8 2023, this number surged to 35,144 devices, signaling a notable departure from the norm.

According to the technical write-up, the situation escalated on December 20, with another spike reaching 43,194 distinct devices. Subsequent spikes, occurring in shorter intervals, culminated in a record-breaking surge on December 29, involving a staggering 143,957 devices, nearly ten times the usual levels. 

Disturbingly, this heightened activity persisted, with high watermarks fluctuating between 50,000 and 100,000 devices.

As the new year unfolded, the scale of the threat became even more pronounced, with January 5 and 6 witnessing spikes exceeding one million distinct devices each day – 1,294,416 and 1,134,999, respectively. A subsequent spike of 192,916 on January 8 affirmed the sustained intensity of this cyber onslaught.

Read more on botnets: Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

Further analysis revealed that this surge emanated from five key countries: the United States, China, Vietnam, Taiwan and Russia. 

“Analysis of the activity has uncovered a rise in the use of cheap or free cloud and hosting servers that attackers are using to create botnet launch pads,” Netscout wrote. “These servers are used via trials, free accounts or low-cost accounts, which provide anonymity and minimal overhead to maintain.”

Adversaries utilizing these new botnets focused on scanning global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808 and 8888. Additionally, signs of potential email server exploits surfaced through increased scanning of ports 636, 993 and 6002.

“These consistently elevated levels indicate a new weaponization of the cloud against the global internet,” reads the…

Source…

Researchers Uncover Latest P2PINFECT Botnet Threat


In the digital world, a team of experts from Cado Security Labs recently discovered a stronger version of a troubling cyber threat known as the P2Pinfect botnet. This sneaky software goes after routers, smart devices and other tech gadgets, especially those using a Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.

What makes this botnet scarier is its ability to dodge detection. It is like a cyber ninja that can slip past Virtual Machines (VM) and avoid debuggers. Plus, it is good at hiding its tracks on Linux computers.

The P2Pinfect story started in July 2023 when another group found a bug that attacked Redis servers on both Linux and Windows systems. This bug, written in a programming language called Rust, was like a ninja with a perfect score of 10.0. It could sneak into Redis servers on different operating systems.

Fast forward to September, and Cado Security Labs noticed a massive 600-times increase in P2Pinfect activity. It is like the cyber bad guys hit the turbo button, causing a 12.3% spike in just one week.

But here is the twist. The experts found a new version of P2Pinfect that specifically goes after smaller gadgets with 32-bit MIPS processors. These are like the mini-brains in routers and smart devices. The bug tries to break into them by guessing passwords.

The strange part is that it also likes to mess with something called Redis servers on these gadgets. The experts are scratching their heads because they are not sure why anyone would do this. But if they succeed, these mini-brains could become launching pads for more attacks.

To make matters trickier, the bug tries to cover its tracks by disabling certain features on computers. It is like the cyber bad guys are playing hide and seek.

Source…

Researchers uncover thriving market for malware targeting IoT devices


A thriving underground economy on the dark web offering exploits for zero-day vulnerabilities in IoT devices as well as IoT malware bundled with infrastructure and supporting utilities was uncovered by Kaspersky researchers.

The most notable service, in high demand amongst hackers, was found to be Distributed Denial of Service (DDoS) attacks orchestrated through IoT botnets.

Internet of Things or IoT devices are non–standard computing hardware used to extend internet connectivity beyond traditional internet devices. IoT devices include sensors, actuators, or appliances capable of connecting to the internet. These devices can be remotely monitored or controlled and are used in both industrial as well as end-consumer products including mobile devices, industrial equipment, and medical devices.

While the primary method of infecting IoT devices was found to be brute-forcing weak passwords, which has been the preferred method for some time, exploiting vulnerabilities in network services was also found to be a popular method of compromising the security of IoT devices.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

IoT devices were also found to be facing vulnerabilities due to exploits in the services they use. These attacks often involve the execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware.

The research also revealed that the cost of these services varies depending on factors like DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side, ranging from $20 per day to $10,000 per month.

“On average, the ads offered these services at $63.5 per day or $1350 per month,” Kaspersky said in a release.

“Kaspersky urges vendors to prioritize cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities,” Yaroslav Shmelev, a security expert at Kaspersky said.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every

Source…