In the cyber-world, not only are everyday users at risk of having their personal details stolen, but so too are new cybercriminals as was evident on the underground site leakforums, writes PAUL DUCKLIN, Senior Security Advisor, Sophos.
Not all malware is ransomware, even though ransomware hogs the spotlight these days.
Keyloggers are still popular in the cybe runderworld, because they help crooks to steal passwords. Armed with email passwords, for example, crooks can pull off much more audacious crimes than ransomware, such as business email attacks, also known a CEO fraud or wire-wire scams (that’s where a crook logs in with a stolen password to send an email that doesn’t just look as though it came from your CEO’s account, it really did come from her account.)
The fraudulent email in a wire-wire scam won’t be a demand for $300 in bitcoins, which is a typical price-point in ransomware, but an official-sounding corporate instruction to put through a massive funds transfer. The amount may be $100,000 or even more, and the email will typically claim that that the funds are part of time-critical business venture such as an acquisition, to justify both the large sum and the urgency.
In other words, there’s still big money in Keyloggers, and one of the most popular keyloggers these days is KeyBase, a product that was originally sold as a legitimate application before being abandoned in apparent disgust by its author.But KeyBase lives on, with cyber crooks giving it a new home all over the cybercriminal underground.
Dishonour among thieves
Sometimes crooks turn on their own kind, as happened in this story. A user on the popular underground site leakforums, going by the name pahan12, popped up offering a PHP Remote Access Trojan called SLICK RAT.But newbie crooks who ran the installer didn’t get what they paid for. Instead, they ended up infected with the KeyBase data stealer instead, and their stolen passwords were sent off to a data-collection website. (The “Pahan” connection continued here, because the URL contained the text pahan123.)
My guess is that Pahan was after his victims’ logins for leakforums and other hacker sites, in order to build up his rank in the underground, and went after users on other crime forums, too.,
(Interestingly, Pahan has a history of this sort of double-cross, promoting one cybercrime tool but infecting it with another. In November 2015, Pahan was offering a malware scrambling tool called Aegis Crypter).
Cryptors take an existing malware program as input, and churn out a modified, scrambled, compressed and obfuscated program file as output, in the hope that this will bypass basic virus-blocking tools. But Pahan’s version of Aegis included its own “secret sauce”: a zombie Trojan called Troj/RxBot than hooks up infected computers to an IRC server from which remote command-and-control instructions can be sent to the network of zombies. The IRC channels on the server that were used by Pahan’s zombie were pahan12 and pahan123.
And in March 2016, a user going by pahann was promoting a version of the KeyBase toolkit, which can be used to generate keylogger files to order.
This KeyBase malware generation toolkit was itself infected, in a weird sort of “malware triangle”.
By this time, things were getting quite complicated for Pahan, who had samples of SLICK RAT for sale that were infected with KeyBase; of Aegis Crypter infected with Troj/RxBot; and of KeyBase infected with COM Surrogate, which delivered Troj/RxBot and Cyborg.
Things didn’t go so well for the duplicitous Pahan, a.k.a. Pahan12, a.k.a. Pahan123, a.k.a. Pahann, after that… Just last week, when our team of experts were looking around to see what Pahan had been up to recently, we found a number of intriguing data and postings relating to him. Amusingly, (if cyber criminality can ever be truly funny), it seems as if Pahan/12/123/n has managed to infect himself with one or more of the malware samples he’s been juggling recently.
So, if you’ve ever wondered what a cybercrook keeps up his sleeve, this might give you some ideas: we can see a ransomware sample, various pre-prepared malware binaries, scanners, a sniffer, remote access tools and more. Maybe his next step will be to scramble his own files with the ransomware we can see stashed there in his Google Drive account?
So, if you had to write the story “What Pahan did next?”…
…what would you say? (And if you could choose, what would you wish for?)
(This article first appeared on Sophos Naked Security, August 16, 2016: https://nakedsecurity.sophos.c
Nintendo announces Stranger Things 3 game
The Netflix Original show is set to launch a retro-style game on the Nintendo Switch.
In collaboration with Netflix, developer BonusXP has created Stranger Things 3: The Game. It is the official companion game to Season 3 of the hit original series. The game and latest season are expected to launch on US Independence Day, the 4th of July, a date that will, of course, stick in American gamers’ memories.
This adventure game blends a distinctively retro 16-bit art style, reminiscent of games from the time when the series was set. It is claimed to have modern gameplay mechanics to deliver nostalgic fun with a fresh new twist. Players will be able to experience their favourite show through a mix of exploration, puzzles, and combat.
Just ad in the show, teamwork is at the heart of Stranger Things 3: The Game. Players can team up in a two-player local co-operative, or in single player mode alongside an AI partner. Players can choose to play as one of twelve characters from the show, each with different abilities and attributes. Together, they’ll play through familiar events from the series, while also uncovering never-before-seen Stranger Things secrets, ensuring a fun experience for those new to the world of Stranger Things as well as for those familiar with the series.
- Experience the show in a new way, exploring the eerie world of Hawkins to uncover new mysteries beyond what’s seen in Season 3.
- Jump right into the action of this pick-up-and-play adventure: gameplay mechanics that allow players from beginner to advanced skill levels to get in on the fun.
- Take your game to a higher level by trying out different character combinations and collecting all the secrets the expansive world of Hawkins has to offer.
- Team up with a friend, leveraging drop-in/drop-out local co-op to take on the mysterious monsters of Hawkins together. While playing solo, use a collection of “buddy commands” to control both characters and still experience all the fun.
- Choose from 12 playable characters, each with their own unique talents and stats.
New AirPods and iMac in iStore this weekend
iStore has announced availability of the new second generation AirPods and iMac, unveiled this week, in store this weekend.
“AirPods revolutionised the wireless audio experience with a breakthrough design and the new AirPods build on the magical experience customers love,” said iStore in its announcement. “The new Apple-designed H1 chip, developed specifically for headphones, delivers performance efficiencies, faster connect times, more talk time and the convenience of hands-free ‘Hey Siri’.”
AirPods come with either a standard charging case or a new wireless charging case that works with Qi standard chargers. The wireless charging case can be ordered for R3 699. The case can be used with the first or second generation AirPods.
The iMac line now has up to 8-core Intel 9th-generation processors and powerful Vega graphics options, delivering dramatic increases in both compute and graphics performance. The new iMac is faster for everyday tasks, up to demanding pro workloads. It includes retina display, all-in-one design, quiet operation, fast storage and memory, modern connectivity and macOS Mojave.