Wannalocker: Android Users Wanna’Cry’

Wannalocker: Android Users Wanna’Cry’. After the terror we saw with the dangerous Wannacry ransomware, another ransomware is on play. Unlike the wannacry, those ransomware is specialized for infecting android phones. Although, now the attack is spread only among Chinese users.

Connection to Wannacry

When it infects, the message screen coming by may scare you. Because it has a most familiar look we all saw presently. That’s why it is called as a Copycat of Wannacry Ransomware. Also the security company Avast named it as “wannalocker”. But the point is, the ransomware could spread havoc among the infected people and it can easily get famous. Only the name is enough, WANNACRY. We can understand that the attacker expects a quicker transfer of money. That might be the reason why the attacker decided to design the message screen display to look alike wannacry.

wannalocker display photo: avast

The ransomware was first reported by the Chinese security company Qihoo 360. Wannalocker have spread through the Chinese gaming forums. It tricked the users to download the ransomware as they were downloading a plugin of the popular Chinese game “King of Glory”. When infected, the icon of the app first changes and then then the wallpaper.

Wannalocker Disguises as “King of Glory” Plug-in

Another thing is, the ransomware is designed to infect the external storage of the phone. It has a powerful AES encryption while the previously spreader android ransomwares were just showing the lock screens. So it is very dangerous. The attackers asks the victims a ransom of 40 Chinese yuan which will be equivalent to almost 5-6 US Dollars and 380 Indian Rupee.


Read More: Good News for Wannacry Victims: Your Files Are Easy to Recover!


The ransomware put some exceptions on the infection. That is, it does not affect files staring with “.”(dot) and does not affect the words “download”, ”DCIM”, “COM.”, “miad” included files and path bigger than 10kb. The cyber team from avast also explained that the ransomware adds a long weird extension which includes Chinese and Latin characters.

Wannalocker Extension Photo: Avast

Payment Not With CryptoCurrencies

The most interesting thing is that the ransom money is not asked in the form of any cryptocurrencies like bitcoins.  They asked the victims to pay using Chinese local transfer methods like QQ, AliPay and weChat through QR code. The police can easily trace that accounts when the transfer occurs. That too in a country, where the authorities has a deep access into the data of technological firms. It really confuses the tech world. They doubt that how the same hackers who created a sold encryption methods to lock the files could do such a foolishness. However, the assumptions are that the attackers might be Amateurs.

Payment Through QR Codes

Solution:

The cyber team of Qihoo 360 has already released a decryption tool.

[button color=”” size=”” type=”square” target=”” link=”https://22a2b2.lt.yunpan.cn/lk/cGVCamBZgR4fG”]Download[/button] [Code to download:0778]


Read More: 20 Best Hacking Apps For Android – Part 4


  • Try not to download anything from untrusted sources.
  • Keep an antivirus up-to date in each of your device.

The avast team has something for you,

To protect your phone and valuable photos, videos, contacts stored on it from ransomware, make sure you frequently backup your data and install antivirus on all of your devices.

Britney Spears’ Instagram Used By Russian Hacker Group

The social media giants like Instagram, which is on its way to hitting a billion users this years, surely have a number of harmless comments posted each day. But, will be there some occasional moments when some clever hacker posts some comments that instructing a malware how to get in touch with its controllers or servers?! A latest report says a Big yes! The Slovakian security company ESET said on Tuesday that a Russian espionage hacker group called, Turla has created such cleverly hidden comment. The interesting thing is that it was on the popular American singer Britney spears.

Instagram comments on the American singer just got used to store the location of a C&C server (command & control server) of the ‘Turla’ hackers. The shocking operation was made by using a Mozilla firefox extension, in which a hidden backdoor in it. The team said it is one of the tool owned by the group, which is believed to be funded by the Russian government.

Off course, The singer might not be aware of that one of the comments on her photo were doing something weird that it could pave a path to establish a communication between the hackers and the malware they created.

What Just Happened?!

The infamous Hacker group ‘Turla’ created a backdoor pretending to be a firefox extension and made the users to trickly download it. The Turla group’s method of attack is through a malicious site that forcibly makes the users to downloads files and allowing to execute the malicious codes in it, which is known as ‘Drive-By download method’. This drive-by download method is commonly used by exploit kits, malvertising campaigns and espionage groups.

Firefox Extension source: ESET

Here in Britney’s case, their attack were through a compromised Swiss security site. but, instead of drive-by download, this time the visitors of the compromised site were asked to install a firefox extension. The extension is called HTML5 Encoding. It was a javascript based backdoor which tracks user activities to its operators. As a part of tracking the user data, the malware should be connected with  command and control server( C&C Server), which is used to provide commands to the victim computer. So it must be linked with the URL of that server. What they did was something intelligent.

Read More: Warning! You Are Being Watched Without Your Knowledge

An account from the attacking group posted a random( spam look alike) comment on Britney’s Instagram post. There was a trackable hash that contained a string of characters hidden in that comment .

The comment is given below.

“#2hot make loved to her, uupss #Hot #X,” user asmith2155 wrote.

The comment, now deleted (account also deleted), was actually a web address that required a fairly complicated, multi-step process to decipher. When decrypts, it will become  ‘2kdhuHX’. The URL of the C&C server was resolved through a Bit.ly short URL. So the string combined with bit.ly link and made itself a URL link that would in turn connect with its command-and-control (C&C) server. Strange but unbelievable right?!

Explanation

In this case, the malware went through all of the comments on Spears’ Instagram photo and computed a number, or a “hash,” for each one, while it looked for a specific hash. When it found the comment with the right hash, it would check it out for particular characters, grab the letters that came after those characters and turn them it into a link. That link would then let the malware connect to its controllers.

Through the ESET team’s Explanation,


“Looking at the photo’s comments, there was only one for which the hash matches 183. This comment was posted on February 6, while the original photo was posted in early January. Taking the comment and running it through the regex, you get the following bit.ly URL:

http://bit.ly/2kdhuHX

Looking a bit more closely at the regular expression, we see it is looking for either @|# or the Unicode character \200d. This character is actually a non-printable character called ‘Zero Width Joiner’, normally used to separate emojis. Pasting the actual comment or looking at its source, you can see that this character precedes each character that makes the path of the bit.ly URL:

smith2155< 200d >#2hot ma< 200d >ke lovei< 200d >d to < 200d >her, < 200d >uupss < 200d >#Hot < 200d >#X

When resolving this shortened link, it leads to static.travelclothes.org/dolR_1ert.php , which was used in the past as a watering hole C&C by the Turla crew.”


Why This Method?

Hiding this sensitive information out in the open isn’t just a funny trick, but would have several uses. Since this information isn’t included into the malware itself, researchers have to go and find out the information themselves in the wild, assuming it is still comments there to be found. But more importantly, it means the malware’s controllers can change the secret destination without touching the malware itself. All they would have to do is delete the original comment and create a new one with the same hash and a new encoded URL. Instead of giving the malware a specific key to a specific lock, hackers told the malware how to find places where keys would be hidden, leaving them free to change either lock or key.

Conclusion

Its on a post of a popular celebrity, right. but, the main part is it demonstrates us the extend to which the cyber space could be spied. If the attackers could this through the instagram, what types of methods/spies might be happening in facebook, twitter etc?!

Top Indian Hackers You Should Know

Top Indian Hackers

Top Indian Hackers Computer hackers are almost always celebrated, whether they fall in the ‘black’ or ‘white’ side of the law. But you rarely get to hear about Indian hackers in our own media. And especially when these hackers are decisively helping organizations and governments in positive ways they ought to be celebrated. Here are 11 best Indian hackers we all should know of.

1. Rahul Tyagi

Top Indian Hackers
Top Indian Hackers
Rahul Tyagi | Source: twitte

Aside from being an expert on breaking and entering computers Rahul Tyagi is also an author and a talented actor. With over a hundred training sessions under his belt this guy is as versatile as it gets.

2. Pranav Mistry

Top Indian Hackers
Top Indian Hackers
Source: vulcanpost.com

This hacker extraordinaire is also famous for the invention of SixthSense-a technology that’s used by NASA and also the invisible computer mouse-yes, invisible.

3. Ankit Fadia

Top Indian Hackers
Top Indian Hackers
Ankit Fadia | Source: attrition.org

Writing a book titled ‘Unofficial guide to ethical hacking’ at the age of 15 is a far cry from playing football at that tender age. And yet, that’s exactly what Fadia did, and the rest is history when it comes to this world-renowned Indian ethical hacker.

4. Koushik Dutta

Top Indian Hackers
Top Indian Hackers
Koushik Dutta | Source: egglets.com

After completing his internship with Microsoft, Dutta left the firm and went on to hack Android cell phones. Don’t ask me why, that’s how these guys work. Presently working with Clockwork mod, he turned down an offer from Sony and is working independently for making mobile platforms safer for Android users.

5. Vivek Ramachandran

Top Indian Hackers
Top Indian Hackers
Vivek Ramachandran | source: vivekramachandran.com

Having won many awards including ones from both Microsoft and Cisco, Vivek is a force to reckon with in the field of computer security-his oeuvre spread across embedded systems security, e-governance, wireless security and computer forensics.

6. Trishneet Arora

Top Indian Hackers
Top Indian Hackers
Trishneet Arora | source: thecampusentrepreneur.com

If you wanna know how it feels like to be 20 years old and world-renowned, ask Trishneet Arora. The dude is actually against hacking and helps companies and industries to protect their security systems.

7. Sunny Vaghela

Top Indian Hackers
Top Indian Hackers
Sunny Vaghela | Source: udaipurtimes.com

Vaghela was responsible for spotting loopholes in SMS and call forging in mobile network, that too when he was 18. To his credit, he has also helped Mumbai and Ahmedabad police solve terrorist threats.

8. Benild Joseph

Top Indian Hackers
Top Indian Hackers
Benild Joseph | Source: twitter.com

This 23 year old Calicut-born guy used to be the director of the Cyber Crime Investigation Bureau, New Delhi. Benild has registered and pending patents in the arenas of cyber crime forensics and information to his name. He is also the current acting CEO of ‘Th3 art of h@ckin9.’ Sigh, and I though good things came only to those who wait!

9. Falgun Rathod

Top Indian Hackers
Top Indian Hackers
Falgun Rathod | Source: clubhack.tv

Considered as the leader in information security in the country, Rathod has played a pivotal role in spreading awareness about info security in India. And yeah, he’s also young-just 25.

10. Rajesh Babu

One of the most dynamic and most ‘secretive’ of all ethical hackers he used to free lance for many government and corporate agencies and now runs his own company in Kerala called Mirox. It’s said that Babu has created the best team of ethical hackers in the country.

11. Jayant Krishnamurthy

Top Indian Hackers
Top Indian Hackers
Jayant Krishnamurthy | Source: wikipedia.org

This real life hacker has interests ranging from information extraction to knowledge representation and common sense reasoning in Artificial Intelligence. He is also a computer theorist and researcher. And if those things don’t ring a bell with you, worry not, I can assure you that you’re not alone. I’m getting dizzy just hearing such terms.

These Indian hackers reveal the unending possibilities of the digital domain and also put the country on the global map of progress. A big geeky nod to all of them!

Grabhouse is 100% Broker-free platform that helps people find flats , shared accommodation and PG.

Urban Cocktail is Grabhouse’s initiative to build a community to connect with prospective users.

If you’re looking to change your rented flat in near future, let us know and we will help you find next broker-free house..

Click here provide your details

Good News for Wannacry Victims: Your Files Are Easy to Recover!

We all know about the panic made by the infamous ransomware worm wannacry. It hit more than 3lakhs of systems within 72 hours. The latest reports says that there are some errors found in the wannacry code and it might allow the victims to restore the files without any decryption keys.

Senior researcher at security company kasperkey lab Anton Ivanov, along with his team mates’ fedor sinitsy and orkhan mamedov explained thursday that some critical errors in the code made by wannacry developers. They made mainly 2 types errors.

  1. While deleting the original file.
  2. While processing the read-only files.

By utilizing these errors, the victims can restore their files using just a recovery software.

1.Error in the removal logic

When wannacry encrypts a file it first reads the original file, encrypts it and save it to an extension .WNCRYT. Then it moves to another extension .WNCRY and deletes the original file. Our issue resides in this area that is in the way the ransomware deletes the original file after encryption.

The deletion logic may vary depending on the location and the properties of the victim’s files.

The Files are located on the system drive c:

  • If the files is in the desktop or documents folder, the original file will be overwritten with random data before removal. In this case, there is no way for restoring the files.
  • If the files are stored outside the important folders(ie, Desktop and Documents), then the original files will be moved into a temporary folder(%TEMP%\%d.WNCRYT, where %d denotes a numeric value). In this case, the original files are not overwritten, but only deleted, it means there is a chance to recover it.

The files are located on other drive:

  • Ransomware creates a folder($RECYCLE folder) and intents to move the original files to it. The files In this folder will be also set to hidden attribute. But, in some case, due to the synchronization errors, the ransomware doesn’t move the files to that folder. Even if it, deletion is not in the secure way, which makes the restore of file into available.

The standard way a computer deletes a file is by designating the area of the hard drive as an area that other files can go. But until new data takes up the physical space of the old data the old remains on the hard disk.

In order to delete a file so that file recovery software cannot recover it, malware developers or security minded user must overwrite the original file with new disk. Wannacry did not do this in any but the desktop and documents folders. Instead it uses the normal mechanism to delete files, which can be undone.

2.Read-Only files processing error

The developers also found a bug in read-only file processing. If such files are there in the machine, it create an encrypted copy. But the original files are not deleted or overwritten. But set to the the hidden attribute.

The researchers concluded,

“From our in depth research into this ransomware, it is clear that the ransomware developers have made a lot of mistakes and, as we pointed out, the code quality is very low.

If you were infected with WannaCry ransomware there is a good possibility that you will be able to restore a lot of the files on the affected computer. To restore files, you can use the free utilities available for file recovery. We advise organizations share this article with their system administrators – as they can use the file recovery utilities on affected machines in their network.”

 

Warning! You Are Being Watched Without Your Knowledge

When NSA contractor the famous(‘infamous’, ‘the hero’) Edward Snowden revealed that the US government is watching us through the yahoo web chat in a project called, ‘Optic Nerve’, we got really scared. A Developer from AOL, Mr.Ran Bar Zik has reported the similar situation Now. He insists we could get spied, watched without our knowledge through a UX design flaw in google chrome. If any hacker with malicious intention exploit this flaw, yes. it is possible. User will be not aware that they are being spied.

How it Works

Presently the modern web browsers like google chrome and mozilla firefox uses a collection of protocols called, webRTC(Web real time communication) protocol for real time audio video communication. Web browsers doesn’t need a plugin if they are using webRTC.

To protect from unauthorized audio and streaming using this webRTC, browser requests the users to allow particular websites to use webRTC and then to access devices camera and microphone. The main and exploitable danger part of this is once granted, the website will have access until you manually cancel these webRTC permissions. So, the web browser alerts the user with and indication,mostly in the window header, whenever there is audio and video are being recorded. The only indication in google chrome too lies on the window header.

The danger part is, if any websites with malicious intention popups with headless windows, it can record audio and video secretly.

The developer Ran Bar Zik also provided a that demonstrates the situation. you too can check it with google chrome. just clicking on those 2 buttons are needed. don’t worry it is nothing to worry, it is safe.

Google Says,

The more interesting thing is when Mr. Ran Zik the flaw to google on April 10, 2017, they rejected it as a flaw. through their words,

Currently the flaw is reported to be affected in google chrome only. but off course it may other web browsers.

Prevention

Facebook CEO Mark Zuckerberg’s Post on Instagram
  • Disable webRTC if you really don’t need it.
  • If you require this on some sites, allow only trusted ones.
  • The funny but only safest solution is what Facebook CEO showed us,Tap the camera from our devices