Wednesday, March 27, 2024

Some VPN Applications Can Turn Your Android Device into a Zombi Device


 Some Free VPN apps can turn your Android device into a zombi device.

An investigation by Satori Threat Intelligence and Research Team revealed a set of 28 apps that utilized the ProxyLib library to convert Android devices into proxies, which are listed below:

1. Lite VPN

2. Anims Keyboard

3. Blaze Stride

4. Byte Blade VPN

5. Android 12 Launcher (by CaptainDroid)

6. Android 13 Launcher (by CaptainDroid)

7. Android 14 Launcher (by CaptainDroid)

8. CaptainDroid Feeds

9. Free Old Classic Movies (by CaptainDroid)

10. Phone Comparison (by CaptainDroid)

11. Fast Fly VPN

12. Fast Fox VPN

13. Fast Line VPN

14. Funny Char Ging Animation

15. Limo Edges

16. Oko VPN

17. Phone App Launcher

18. Quick Flow VPN

19. Sample VPN

20. Secure Thunder

21. Shine Secure

22. Speed Surf

23. Swift Shield VPN

24. Turbo Track VPN

25. Turbo Tunnel VPN

26. Yellow Flash VPN

27. VPN Ultra

28. Run VPN

(Source: BleepingComputer https://bit.ly/3TQhXmK)


The details of the analysis can be found in the below link:

https://bit.ly/3VBe4mV

Tuesday, March 19, 2024

Stanford University Was Victim of a Ransomware Attack

 

Being the 3rd best university in the world doesn't make you invincible to hackers. Stanford University, which is 3rd in the world university rankings in 2023, was victim of a ransomware attack, the university announced. The data breach first occurred on May 12, 2023 and could only be detected until September 27, 2023. (After 139 days)


It is not fully clear what information was compromised but Akira, the ransomware attacker group, claimed that they have stolen 430GB worth of data, including personal information and confidential documents from Stanford University.


It seems that only a few organizations will be an exception of being ransomware victims in the future.


Be aware that cyber security threats are real and they will have a cost for you if you will be hit by them. Take necessary countermeasures against cyber threats. Most of the people are not aware of this fact but yep, they are for REAL!


https://bit.ly/48YocJK


"...toward the end of October 2023 after Akira posted Stanford to its shame site..."


"...the data breach occurred on May 12 2023 but was only discovered on September 27 of last year..."


"Akira's post dedicated to Stanford on its leak site claims it stole 430 GB worth of data, including personal information and confidential documents."


"Akira has been in operation since March 2023 and according to previous negotiations with anonymized victims that have since been published online, the group's ransom demands were varied, from multiple millions of dollars to low six-figure sums."



Tuesday, March 12, 2024

Californian Court Ordered to Reveal the Source Code of Pegasus Spyware

Have you ever worried your phone conversations are being listened to? Pegasus spyware, developed by the Israeli NSO Group, can be installed remotely on iPhones and Androids. This spyware exploited the vulnerability CVE-2019-3568 in WhatsApp to gain access into your phone.


Some information about CVE-2019-3568:

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.


NSO Group has been ordered by a federal judge (Phyllis Hamilton) in California to share the SOURCE CODE for "all relevant spyware".


The US has sanctioned commercial spyware vendors like NSO Group, Intellexa and Cytrox. The US government has accepted these vendors as possible threats to their national security.


Spyware companies and other malicious actors need to understand they can be caught and will not be able to ignore the law.


https://bit.ly/48MhDtr


"The order from Judge Phyllis Hamilton at the end of last month stems from WhatsApp's 2019 lawsuit against NSO for allegedly spying on 1,400 WhatsApp users.


The spyware maker is accused of sending carefully crafted data over the internet to select people's phones that, via a vulnerability in the chat app's VoIP stack, allowed malicious code to silently run on those devices, code that in turn allowed victims' conversations and other sensitive information to be accessed remotely. NSO marketed this surveillance service to governments around the world.


Judge Hamilton's ruling covers Pegasus and other relevant NSO spyware during the period from April 29, 2018 to May 10, 2020..."


"During the period from January 2018 through May 2019, NSO Group allegedly created WhatsApp messaging accounts, set up a series of proxy and relay servers using cloud service providers, and used this infrastructure to send maliciously crafted network packets, via WhatsApp's systems, to mobile devices to exploit CVE-2019-3568."


"'Defendants caused their malicious code to be transmitted over WhatsApp servers in an effort to infect approximately 1,400 target devices,' WhatsApp's complaint claims. 'The target users included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.'"


"Since WhatsApp filed its lawsuit in 2019, pressure has been mounting to curtail the sale of sophisticated spyware. The US has sanctioned commercial spyware vendors like NSO Group, Intellexa, and Cytrox..."


"...However, Amnesty International contends that the software, among other harms, played a role in an infamous assassination. It notes that 'family members of Saudi journalist Jamal Khashoggi were targeted with Pegasus software before and after his murder in Istanbul on 2 October 2018 by Saudi operatives, despite repeated denials from NSO Group.'"