Banking Trojan Escelar Infects Thousands In Brazil and the US

Attackers deliver the Trojan using generic Portuguese language phishing emails and are currently targeting seven Brazilian banks. Once delivered, Escelar has multiple installation stages where malware is downloaded using direct connections to multiple Microsoft SQL servers. These SQL servers are also used for command and control (C2) functionality.

Escelaris is designed to steal online banking authentication credentials and further compromise the accounts of victims. Even worse, Escelar is capable of manipulating the victim’s banking web session, and also executing fraudulent transactions. Also, Escelar forces the user to connect to the Internet via Internet Explorer (IE). If the victim attempts to use other browsers (e.g. Google Chrome) to access online banking accounts, Escelar generates a false error code which makes the victim return to IE.

The most recently discovered Microsoft SQL server being used as Escalar infrastructure contained records of 1660 infections that all connected in a two-day time frame.

Escelar is distributed almost exclusively through phishing emails. Organizations should monitor their networks for unexpected outbound Microsoft SQL traffic (App-ID mssql) that may indicate an Escalar infection.

Encryptor RaaS (Ransomware as a Service)

A new Ransomware-as-a-Service (RaaS) advertisement called “Encryptor RaaS”. The service is advertised on an onion-based domain via Tor2Web service.

The seller explicitly calls its website “Ransomware as a Service”, an AV industry language, where the advertised business model closely resembles the recently discovered “Tox” RaaS. The seller earns a 20% commission per infected user who opts to pay ransom. Additionally, all transactions are made via Bitcoin where affiliates or “customers” of this RaaS signs up via their Bitcoin address and victims need Bitcoin to recover their files. Below is a screenshot of the advertisement.They will encrypt all the files (not system files) and then show an ad for you to paythem 99usd for the key to decrypt.

It is always a good idea to regularly back up your files to prevent losing your files in case of a ransomware infection. Max Total Security now offres a Data back up tool which is scheduled to back your data on your hard drive for recovery in such cases of data loss.

24 Chinese Android Smartphone Models Come with Pre-Installed Malware

Security firm G Data has uncovered more than two dozens of Android smartphones from popular smartphone manufacturers — including Xiaomi, Huawei and Lenovo — that have pre-installed spyware in the firmware.

This report is about the devices purchased primarily through third-party websites & not from the Official stores. There are many International websites like AliExpress, Tinydeal, Gearbest, Geekbuying, etc., where the middlemen might be able to install malwares without the information of any entities.

The pre-installed spyware, disguised in popular Android apps such as Facebook and Google Drive, can not be removed without unlocking the phone since it resides inside the phone’s firmware.
The spyware is capable of doing the following actions:

Listening in to telephone conversations
Accessing the Internet
Viewing and copy contacts
Installing unwanted apps
Asking for location data
Taking and copying images
Recording conversations using the microphone
Sending and reading SMS/MMS
Disabling Anti-Virus software
Listening in to chats via messaging services (Skype, Viber, WhatsApp, Facebook and Google+)
Reading the browser history
The affected Smartphone brands include Xiaomi, Huawei, Lenovo, Alps, ConCorde, DJC, Sesonn and Xido. Most of the suspected models are sold in Asia and Europe.

WhatsApp bug could affect millions of users

The flaw allows hackers to distribute malware, including ransomware, which demands victims pay a fee to regain access to their files. All an attacker needed to do to exploit the vulnerability was to send a user a seemingly innocent vCard containing malicious code.

it was possible to change the file extension for a vCard to .bat, or a batch executable script. WhatsApp thinks a user is just receiving a vCard, but it’s actually executable code.

Discovered last month, the flaw which affected the messaging service’s web app allowed hackers to distribute ransomware, which demands victims pay a fee to regain access to files. WhatsApp has quickly fixed the flaw.

Make Smartphone safer

Smartphones these days can do everything that a personal computer can do. With the increase in number of Apps available , security risks are also increasing. We are not only playing Games on Smartphones but also doing Bank transactions, keeping al of our personal data such as Photos, Contacts, Emails, SMS and notes on the phone.
1. You must keep your phone locked so that even if you loose it not much is lost except for economic factors.
2. Monitor and check everyApp that you install using some tools such as maxprivacymanager on Google Play. This fantasic App will tell you about the privacy risks posed on yor device by instlled Apps.
3. Swith Off Bluetooth to avoid unnecessary access,
4. Use a reputable Anti Virus prouct such as Max total Security o keep all malware out of your device.
5. Do not jailbreak your device as thi exposes to even more threats.
6. Use a secure password manager program to hide data on the phone and no need to fill form everytime..

Malware steals 225,000 Apple accounts

KeyRaider distributed through Chinese Cydia repositories.

A large amount of Apple accounts on jailbroken iOS devices appear to have been compromised by a new malware dubbed KeyRaider.

KeyRaider is distributed through third-party Cydia repositories, primarily in China. It hooks system processes through MobileSubstrate and steals Apple account usernames, passwords and device GUIDs by intercepting iTunes traffic. It also steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.

The stolen data is uploaded to a command and control server and used by two jailbreak tweaks (iappstore and iappinbuy) to facilitate free App Store purchases.

Apart from the valid Apple accounts, KeyRaider is said to have grabbed thousands of digital certificates, private encryption keys and software purchase receipts and uploaded them to command and control servers in China.

Windows 10 compatibility

windows_10
At last the wait is over, Max Secure Software has launched products with Windows 10 compatibility. Right now Max Total Security and Max Secure Anti Virus plus have been updated. Rest of the products will roll out this week or beginning of next week. Now you can update your existing Windows worry free to Windows 10. We have noticed one issue and that is for some people these products get unregistered after update to windows 10 if pre-installed. This is due to changes in the windows registry access rights for the users given by Microsoft for Windows 10, all you need to do is open user interface with “run as administrator” and register one time.

Product Updates will take care of this issue.

On Windows 10 some Firewall components may not work properly as Microsoft has provided limited access to services and drivers to programs. We are working on finding some solution to this issue.

There are many goodies in this bag of updates including Data back up, both automatic and scheduled to safe guard your data files. Highly configurable and intelligently built, this feature will protect your file and you can recover them later from this vault. This will also prevent your useful data from getting infected by Cryptolocker or any other viruses.

Experience, a better, faster Security products for your Windows operating system.

Android-Stagefright vulnerability

Stage_Fright_Wubzzy_SFox_ve
A user installs a vulnerable app that contains a remote access backdoor onto their Android device. A remotely-controlled server takes control of this app by exploiting its insecure backdoor. The Stagefright exploit is definitely not a minor problem, and it potentially affects basically any device going back to the early years of Android.

Google issues second patch for Android flaw after first attempt fails. Google is rolling out the Stagefright patch to Nexus devices as promised, but the bigger news alongside that announcement is a new update policy for Nexus devices. Going forward Google will release security patches for Nexus phones and tablets about once per month.

Email Spam-if it is too good to be true…

Email spamming is not behind phishing attacks in any way. Increasingly, e-mail spam today is sent via “zombie networks”, networks of virus- or worm-infected personal computers in homes and offices around the globe. Many modern worms install a backdoor that allows the spammer to access the computer and use it for malicious purposes.

This morning only , a very interesting mail arrived in my inbox which reads like this:

————————————————
“Good morning my dearest one,
My name is Mrs. Onon Nafi Taroure. I am a banker. It is true that we have not met each other in person, but I strongly believe that no trust or friendship in every business. I have a deceased customer’s abandoned fund, which I am his personal financial adviser before his accidental death and that has being the main reason why I contacted you and i would like to share this information with you in line with this inheritance fund of (USD $19.3 Million Dollars) which you will be rewarded with 39% of the total sum, 9% to the less privilege & charity organization home. Therefore before I disclose the full details to you, I will like to know your interest and willingness to assist me with assurance of trust.

My best regards,
Mrs. Onon Nafi Taroure.
Private Phone number: 00000232322 ”

———————————————–

Dear Readers , I am sure you are getting lot of such emails , but do not respond to them, do not call them , you don’t even need to say “Ha, Ha!!, I know you are fooling me, I do not need any share in $19.3 million dollars !!!”

Increase in phishing attacks

An evolution in the social engineering tactics used to dupe web users to click on the infected URLs or download the malicious documents, with many masquerading as legitimate big-name companies. In total, 30 percent of all identified phishing links led to webpages mentioning ebay, Yahoo, Facebook, Google, and Amazon. The next most common targets included banks and other financial organisations.

Phishing is a kind of malicious attack where cybercriminals create a fake website — meant to look
like a popular online resource (a social network, online banking services, or online games) and use
various social engineering methods to attempt to lure users to the website. Users are tricked into visiting a falsified page of a social network, typically, a phishing page contains text fields for users to enter their personal data. The type of data of interest to the cybercriminals will ultimately determine the type of phishing attack.

Overall, the effectiveness of phishing, combined with its profitability for criminals and the simplicity
of the process, has led to a steadily rising number of these types of incidents. Users have to be careful while filling their personal data in emails , no Bank or institute will ever ask you to send them your personal data.