Archives for 

Security

First Mac malware of 2017 Quimitchin /Fruitfly was discovered targeting biomedical research centers

Security researchers from Malwarebytes have identified strange traffic originating from a Mac. The unusual traffic was identified by IT admins when investigated led to espionage malware describes as Quimitchin. (Apple calls this as ‘Fruitfly’) The malware appears to have been existed for a while and undetected for quite a long time. One of the timestamp was dated back to Jan 2015, however there are lot of unknowns about its origin at this time.

The purpose of this malware appears to be performing screen captures & webcam access which is a characteristic of most espionage tools. As per investigation, this tool has been targeting primarily scientific research hence it’s unsure who is behind this espionage malware.

The Mac malware primarily has  two files, .client & .plist files.

  1. .plist files keeps .client running all times
  2. .client has the actual payload which is minified& obfuscated perl scipt. The perl script communicates with CnC servers.

The script primarily takes screenshots via shell commands. It has code to the same operation using Mac screen capture command & Linux ‘xwd’ command. It can even get system uptime information using the Mac ‘uptime’ command and Linux “cat/proc/uptime” command.

“The most interesting part of the script can the found in the __DATA__ section at the end. Found there are a Mach-O binary, a second perl script and a Java class, which the script extracts, writes to the /tmp/ folder and executes. In the case of the Java class file, it is run with apple.awt.UIElement set to true, which means that it does not show up in the Dock.” – Malware bytes explained.

These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days,” he wrote in the blog post. “In addition, the binary also includes the open source libjpeg code, which was last updated in 1998.” List below

  •  SGGetChannelDeviceList
  • SGSetChannelDevice
  • SGSetChannelDeviceInput
  • SGInitialize
  • SGSetDataRef
  • SGNewChannel
  • QTNewGWorld
  • SGSetGWorld
  • SGSetChannelBounds
  • SGSetChannelUsage
  • SGSetDataProc
  • SGStartRecord
  • SGGetChannelSampleDescription

(Quimitchin – were Aztec spies who would infiltrate other tribes. Given the “ancient” code, we thought the name fitting.)

Detailed technical details is available at Malwarebytes

Apple has released an update for Quimitchin malware that will be downloaded automatically and installed to protect against such infections.

Share Button

Whatsup which is now Facebook, backstabs its users by sharing users data

It was long due before Facebook made its move to share data between Whatsup app and Facebook after the acquisition. Facebook is known to invade its users privacy with a claim of openness by its CEO Mark Zuckerburg and it did it again last week to monetize as much as possible with a decision to […]
Share Button
Continue reading →

The Eleventh HOPE conference attracts audience from a broad areas of interest at New York City

The most admired and well known hacker convention “HOPE” which takes place every two years in the heart of New York City attracted some of the greatest security experts from various disciplines. Hope – 2016  (The Eleventh HOPE) had some of the great speakers from various areas of security and tons of hacker talks about how […]
Share Button
Continue reading →

Credentials of 13 million users breached from 000Webhost, a free webhosting company

The Lithuanian 000Webhost is one of the most popular free webhosting services and has over 13.5 million users. It ranks among the top search results in Google and is quite popular for its services. However, according to a report from Forbes, the login credentials of these users, that includes their usernames, passwords, email addresses, last […]
Share Button
Continue reading →

Two new Point of Sale malware targeted on Small and Medium Business in the United States

Two new malwares that affect point of sale (PoS) machines have been detected by the researchers at Trend Micro. The malware have been affecting small and medium sized businesses or SMBs, primarily in the United States. These two malwares have been named Katrina and CenterPoS by their developers. Trend Micro researchers had earlier reported PoS […]
Share Button
Continue reading →

Chevrolet Corvette can be hacked by using a text message via tracking dongle( insurance dongle)

  Researchers from University of California, San Diego have demonstrated to hack Corvette by sending specially crafted SMS messages to a tracking dongle plugged to the car’s OBD-II (On-Board Diagnostics port). In a youtube video ( below) demonstrating the exploit, the researchers operated the windshield wipers,  applied and deactivated the brakes at lower speeds. ( Dongle is a […]
Share Button
Continue reading →

3 Key Take Away’s from RSA Conference 2014 – San Francisco for CISOs and Security Enthusiasts

Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month  Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions  and lot of new […]
Share Button
Continue reading →

EC-Council, Security Certification Group website hacked and defaced

“Although EC-Council has been respected by corporations and governments, many in the in the security community don’t agree the way they certify and considered it as useless certification ”  Analysts predict that Passports of more than 60,000 US military and government IT professionals at risk Hacker went by the name of Eugene Belford, claims to […]
Share Button
Continue reading →

First TOR-Based Android Malware Spotted by Kaspersky !

Researchers from Kaspersky have spotted Tor-based Andorid Malware in the wild. Hackers have started creating Android based Trojans in mass scale. A new mrthod of Windows Trojan malware is implemented under Android has been spreading lately. The Android based Trojan, who as a C & C uses the domain of pseudo-zone- Onion. The Trojan uses the anonymous […]
Share Button
Continue reading →

Careto/Mask APT cyber-espionage operations running and undetected for 7 long years

Its almost sounded unbelievable when Kaspersky research published a cyber espionage APT campaign MASK (Careto) that’s been running in the wild since 2007, undetected, targeting 31 countries.   The complexity of the tools used for MAST by the attackers are very sophisticated which makes its very special. This includes an extremely sophisticated piece of malware, a […]
Share Button
Continue reading →