Pre-installed  Android  malware found in over  5 million Android Devices

Pre-installed  Android  malware found in over  5 million Android Devices

Malware covered up as 'wifi system' app, just about 5 million mobile devices have already been infected worldwide. Over the last 10 days, Malware alone has made its developers over $115,000. Dozens of IoT devices already were transformed into a massive Botnet network.

 The researchers believe that all devices affected were dispatched to Tian Pai, a cellphone dealer premised in Hangzhou. That malicious ads malware pushes an adware feature to all infected android smartphone, which shows ads upon this main screen of the device, either pop-up windows or full-screen advertising to gain fraudulent advertising revenue for it developer.

 CheckPoint noticed two bits of pre-installed malware compromised with Samsung , LG, Htc, Asus, Nexus, Oppo and Lenovo. Below are the affected app with the android adware 
Go to Android  Settings > application and check if any of this app is on your mobile device just uninstall 

  •  Androï
  • com.changmi.launcher
  • com.system.service.zdsgt

1-800-FLOWERS Canadian Website Injected With Credit Card Stealing Malware

            1-800-FLOWERS Canadian Website Injected With Credit Card Stealing Malware
1-800-FLOWERS e-commerce platform fell victim to Magecart for over 4 years. The California Attorney General's Office reported the infringement to by the Canadian company which stated that over 500 Californians had been affected. In its results for the third quarter of 2018, the company announced $238.5 million.

The total number of users impacted still has not been reported, "says Stephan Chenette, AttackIQ co-founder and CTO." Pay card skimming malware remains a safety threat for retailers around the world. British Airways, Newegg, Kitronik, were victimized all this year Chenette said.

Investigation results indicate that your first and last name, payment card number, expiration date as well as card security code were included in information collected by the attacker

Check back with the Hackers Review for the latest updates on this story

Hackers Exploiting old Vulnerabilities in Magento

                            Hackers Exploiting old Vulnerabilities in Magento
According to the Federal Bureau of investigation, hackers exploiting a flaw in a plugin from Magento to hack online shops. The vulnerability found in Magneto is cross-site scripting (XSS) that allows the hacker to inject a malicious script inside the online store source code.

 Payment  Information which been recorded from user purchases is then encrypted in a Base64 format, enclosed inside a JPEG image and submitted towards the attacker server. Such form of attack is referred to as web skimming or e-skimming. 

The Plugin found with the bug is Magmi which was found three years ago more or less an update is available  Magmi-git 0.7.23 to fix XSS bug that enables initial storage access for attackers.

The FBI alert provides compromise (IOC) indicators which Magento provider can be used to prevent attachments to their websites in their web application firewalls.


  • Check all applications for critical vulnerabilities and prioritize the early patching of network-connected server for identified vulnerabilities and Internet data processing tools such as web browsers.
  • Weblogs and web applications are being constantly checked and monitors for unauthorized entry, alteration and anomaly.

  • Perform network penetration checks, code integrity controls and dynamic device safety measures on websites to detect faults or misconfigurations on regular basics

Zloader "UZUS" Banking Malware Resurrected Amiding At COVID-19

Since the beginning of the year, cybersecurity researchers have identified in over 100 e-mail advertisements on the Zloader Malware known has zues.

The malware seems to be under active development ever since it returns in Dec 2019, with 25 varies. This is a version of the notorious Zeus which used to steal millions of dollars from a large theft ring leading up to their takedown. Web injects are used for theft of victimization banking logs or credentials and confidential banking information as well as confidential client data such as cookies and login details. Attackers Behind use PDF files which link the zloader version to a Microsoft Word set down with the macro script. The whole month 's recent analysis varies  from more than one source

Ukraine Hacker arrested For Selling Billions of Stolen Credentials

                Ukraine  Hacker arrested  For Selling Billions of Stolen Credentials
Yesterday Ukraine Secret Service 'SSU' have arrested a hacker known has Sanix (a.ka. Sanixer), accused of selling billions of stolen records on Hacking forum, dark web and on telegram. SSU stated they arrested sanix in western Ukraine a city called  Ivano-Frankivsk. Data broker is what cybersecurity expert will call sanix meaning; when data from hacked companies were collected from public records.

Sanix assembles a collection of Collection # 1, # 2, # 3, # 4, # 5, Antipublic, and others, first known as a user and password combos. Such samples were terabytes of data and billions of identical combinations of username and password.
However, USS stated it clear that most of the Credentials leaks are from other data broker called Azatej who has a member of the infinity Black hacking group who got busted by Europol two weeks ago.

Copies of Collection # 1 were found on the computer of Sanix by SSU together with at least 7 related databases of hacked and broken login credentials. Investigators in Ukraine said Sanix 's computer not only stored information on PIN codes for bank cards but crypto-currency wallets, has well has PayPal accounts said SSU officers who retrieved 2 TB of data ($3000) from the Sanix residence after the home investigation. SSU agency said they searched the Ukrainian hryvnia (~$7,000) from the Ukrainian house. 


Romania Police Busted PentaGuard Hackers Crew

 Romania Police Busted PentaGuard Hackers Crew
 Romania authority DIICOT announced that 4 Hackers from the PentaGraud hacking group have been arrested on Saturday. This group have been known since 2000, this group became famous when they successfully launch an attack on a series of  Australia Government website.

In the Arrest 3 hackers of the Group where the arrested of in Romain while the fourth one was held in the Republic of Moldova.

The data collected up until now revealed that they are intending to begin ransomware attacks in the foreseeable future, in some public health institutions in Romania, usually in hospitals, using a social engineering toolkit. They also wanted to submit a malicious and executable code from the families of computer viruses Locky or BadRabbit. The malicious script code is then downloaded automatically to the existing computer, creating data encryption and thereby eliminating the computers to communicate, DIICOT stated in their post

DIICOT also stated that PentaGraud During their long term in operations, PentaGuard hackers considered themselves untraceable. This is why they never bothered in covering their digital footprints online. 

The New Android Malware "Mandrake" To steal Your Data

Each and everyday there  are different malware that shows up and each with it own unique style. On the 15-05-20  Cybersecurity firm Bitdefender reported a new Android  Malware called Mandrake of which to the report have been there since 2016(Google Playstore).

List of App Affected With The Mandrake Malware

  • Abfix
  • Coincast
  • Car News
  • Noroskrope
  • SnapTune Vid
  • Office Scanner
  • Currency AE Conventor
All this apps where found in different sections on Google Playstore Category and the most interesting part os that the hackers behind this malware  also have a facebook page which they always respond  to every user complaint and fix  the issues which been reported making the app  look legits  .

Once activated, it can steal cryptocurrencies and applications credentials such as Facebook, manipulate text messages, enable screen recording, send notifications, track the user's location, initiate calls along with even factory-resetting a phone to remove any traces of its existence.

 This is an example of the lisense agreement  asking the user to agree( but in terms the only thing the user is agreeing on is allowing the hacker to gain android systerm authority or full control of the device  .

For now all the app affect have been removed from the Playstore but this still tells has that if such an app can remain undetected for such a long time 2016-2020 affecting million of users .

Tip:Alway check the app you wanna download even if it from Playstore or Appstore and make sure you needed that app.Advice is to install an Antivirus to keep your Mobile safe from this treat.

Iran Hackers Uses Telegram and other chat App to Spy

A cybersecurity researcher  Bob Diachenko discovered over 40 million Iranians personal details & information posted on darweb forum  by a group called Hunting System .In our review on this issue, we contacted Telegram to explain why they left their users exposes to suck treats of which they said

" the data came from unofficial  version  Telegram's  that is not associated with the business."Unfortunately , people in Iran continue to use unverified apps despite our warnings

 Has we all know a telegram is an open-source software which allows third-party to create and modify their own version of the app. Also stated because of telegram official app been banned by the Iran Govt most user who prefer to still use telegram have to go for the unofficial version of the app which leads to this masaca  of Spy.
The Database consists of Username , Phone number , Secret keys & Account Id, though telegram explains that the secret can not be used to access the account but works inside the app.

The details in this revealed database represent a clear danger for users. This not only exposes who uses Telegram in Iran it also makes them vulnerable for attack. The data can also be used to duplicate accounts of persons , spy on private conversations, recognise  & identify  people using Telegram securely or spread disinformation or misinformation to particular groups

“EventBot” Android Malware Which Steal your Credentials and Personal Information

Researchers from CERT-In discovered the most Dangerous malware in Android history. Researchers say once it been installed the malware will be able to affect more than 200 various financial applications, including, Remittance, cryptocurrency wallets, banking, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise and Coinbase, etc. If you have been on the internet for a while you will probably no that this information which been collected by the app could be used for Identity theft.

Hacker disguised the malware with several icons as a legitimate program and uploaded it to the rebel APK stores as well as other questionable websites

The app is known to be targeting users from the Unites State & Europe at the time of writing, the hackers can access the victim's bank accounts using a password and two-factor code, they obtain.
The malware secretly monitors each touch of both the tap and key and can read messages from other installed devices, allowing the hackers a window on what is happening on the phone of a victim.

tip: Always Install apps from Authorize / Approved App store 

Hackers Hijacking 2FA App on Mac OS to Distribute Dacls Malware

North korean hacker 2fa hack macos

Hackers have hidden malware in 2FA app to spread Dacls, a remote access trojan linked to the North Korean Lazarus hackers, A legitimate (2FA) software for macOS Dacls has been used to attack Linux and Windows systems, and the recently found macOS RAT version borrows much of the features and code from them, The malware was hidden in TinkaOTP of which the Original version the software is MinaOTP also known to be popular among most Chinese users.

Dacls tasks are to implement commands, handling data in the system, controlling processes in the system, proxying traffic, and detecting worms. Just after your data has been obtained, its encrypts the data then connects to its C2 server via a TLS connection.

The Malware was discovered after the Creator modified it and uploaded it to virustotal last month . It passed completely unnoticed at a certain time, April 8, claim Malwarebytes. At the moment 23 out of 59 antivirus programs are detecting the malicious file.
The malicious software runs after the device has been rebooted, as it is added to a properties lists (plist) file used by LaunchDaemons and LaunchAgents to run applications when starting

Hacker Hide Cryptominer Script in Taylor swifts Photos

 Hacker Hide Cryptominer Script in Photos
Security Reachers from Sophos a cybersecurity firm discovered a crypto-miner(monero) payload malware was hidden Taylor swifts photo which been widely shared on social media & emails

Researchers noted that the MyKingz team are currently using techniques in encryption the conceal malicious files inside genuine ones. The group hiding a malicious EXE within a JPEG photo of Taylor Swift has been uncovered.

Sophos claims attackers behind is the  MyKingz group who are targeting Windows computers to install various cryptocurrency-mining applications. The group detects weak hosts to deploy malware payloads on vulnerable systems and gets access to infected computers.

According to the security firm Japan, China, Taiwan, Russia, Brazil India and the USA are the top countries which are widely affected by MyKingz payload.

MyKingz isn't the only group to use this technic called steganography(the practice of concealing messages or information within other non-secret text or data.)
Hackers use steganography to hide malicious code within an image/audio/text file that is primarily used to mask their malvertising activity by using kits.

Mykinz botnet has been to have affected over 500 thousand windows machine with the first month of its release which the creator earns over $2.3 million worth of monero .

Nursery School Teacher has been arrested for abusing & selling child porn on Darkweb

     Nursery School Teacher has been arrested for abusing & selling child porn on Darkweb
A nursery school teacher has been arrested by Hungarian national police for sexual abuse of kids. It all began when Europol was alerted over the role of the teacher in selling the content of child sex abuse on the deep web. Europol instructed police to investigate the matter in 2019, and it has been discovered that the teacher's husband was assisting her in this horrific crime when the material was being produced at the teacher's home.

Additional sexual exploitation material including videos and images was exposed in a further investigation. After completion of the investigation, the investigators got a search warrant and invaded the couple's household where they seized IT equipment and arrested the perpetrators. The teacher and her partner are in Hungarian jail awaiting trial now and would be charged in Hungary.

Europol state they seized 15TB of files which include images, audios and videos and has been one of their successful  investigation  child sex Abuse 

Europol Busted 5 Hackers Behind Infinity Black Hacking Group

Europol Busted  5 Hackers Behind Infinity Black Hacking Group

Europol announce that 5 hackers from the Infinity black hacking group have been arrested on  tuesday the 5th of May 2020. This group was primary for operating the INFINITY.BLACK where they sold million of user credentials ; ex. Usernames ,Password etc. and also creating and distribution of malware.

According to Europol the hacking group  mainly targets website which are runs on loyalty program ,they would then try and again access to the website database and sell the the users accounts on darkweb forums or exchange it for e-codes or electronics.

led to the arrest of InfinityBlack hackers

Swiss Criminal intelligence  said their investigation started when Hacking Group gain access to Huge number of Switzerland's Citizens data.
"The fraudsters and hackers, among them minors and young adults, were unmasked when using the stolen data in shops in Switzerland." Europol stated .

 Polish authorities said they seized electronic devices, external hard drives, and crypto-currency hardware wallets, all worth around €100,000 during the arrests and house searches.

Lineage OS hacked via Unpatched Vulnerability

Lineage OS which know to built the best custom Rom for outdated or devices which no longer received Software   update from it manufacture.Last  week on the May 2nd, 2020 Lineage Os Announce on twitter that on 8pm an attackers gain access to their server using two  unpatched vulnerabilities in Salt which is an open source framework by saltslack. Which is used to manage server in a cloud server or data centre .  The vulnerabilities are  CVE-2020-11651 which allow hackers to access the servers without any login credentials  CVE-2020-11652  allow hackers /attacker to read arbitrary files

Lineage OS which know to built the best custom Rom for outdated or devices which no longer received Software   update from it manufacture.Last  week on the May 2nd, 2020 Lineage Os Announce on twitter that on 8pm an attackers gain access to their server using two  unpatched vulnerabilities in Salt which is an open source framework by saltslack. Which is used to manage server in a cloud server or data centre .
The vulnerabilities are
  • CVE-2020-11651 which allow hackers to access the servers without any login credentials 
  • CVE-2020-11652  allow hackers /attacker to read arbitrary files

But in the post Lineage confirmed  none of their Os has been affected and they were able to detect  the hack on time and all their signing key ,builds and source are intact .

Hackers Stole $400,k South Korean & USA Credit Card Data

Cyber Security company known has GROUPIB Hackers Review they have recorded over 400k payment card  which bring sold on Joker stash one of  the world largest credit card market place on  for Carder/Carding on dark web.

Cyber Security company known has GROUPIB told Hackers Review they have recorded over 400k payment card  which being sold on Joker stash one of  the world largest credit card market place on  for Carder/Carding on dark web.

GROUPIB recorded the total of 397,365 payment card of which 199,132 (49.9%) are from US and 198,233(49.9%) are from South Korean.Records shows that the cards are being stole for $5 per card
Hackers Stole  400,000 South Korean & USA Credit Card Data

of which the Hacker knows that not all would work so reported a validation rate of only 30-40%
However this the payment card got hacked from remains a mystery , though is worth knowing Joker stash is the same market place where millions Wawa payment details were sold .

 The Fbi advise that any one in posection of a credit card need to at least change their card pin or their credit card it self at lest  once a month to prevent fraudulent transaction

Hackers Stole Over $25 Million Worth of Crypto-Currency on Two Exchange

Hackers Stole Over $25 Million Worth of Crypto-Currency on Two Exchange

Hacker Stole Over $25 million worth of cryptocurrency from lend  a lending platform & uniswap cryptocurrency exchange.Both Attack took place on the weekend Saturday & Sunday, and researcher believed the two attack was carried out the same individual or a group .

The hackers exploited a vulnerability in reentrancy due to the incompatibility of ERC-777 with both smart contracts, in an article provided by PeckShield, a blockchain security company.
Researcher  claims that perhaps the hackers used a vulnerability that OpenZeppelin, (a company that conducts penetration testing for crypto currency platforms), posted on GitHub in July 19. They first used the vulnerability against Uniswap and again used it against Lendf following morning for better result which they succeed , stealing about 99.5 percent of the platform's funds in the process.

The attackers have so far returned all of stolen funds once an IP address was unexpectedly leaked after the attack. Since as well as the dForce Foundation arranged blockchain transactions with the hackers the funds were recovered.

New Discover Apple Bugs Steal Your private Message(0-click)

Recently researcher from ZecOps discovered critical most threating bug  found in the bulit in mail app for the apple  devices , Which cloud allow the hacker to take full controll of you email account ex: read ,delete , and modify your email account.
Zuk Avraham chief executive officer said over 5 companies have been targeted by attackers using this  0-click vulnerability found in Mail app.

 Zecops told Hackers Review that the only way this threating attack Cloud came to live(you been affected )  is through a Custom email which contain malicious code sent by the Attacker to it victim.Also said Apple has spend millions of $$$$ just to secure their Iphone when it got launch in 2007 ,all am just saying is Apple bug is difficult to find which make it vulnerable to hackers.

Apple Annouce in a blogpost on the Tuesdays  that a patch will be  released in the next version of their IOS update 13.4.5 .Which they made it care to their users saying until the security issue in the Mail App is fix it advisable to disable it and use the Gmail or Outlook Application.

Critical Vulnerability Found In FPGA Computer Chips

Researcher from Ruhr-Universitat Bochum's Horst Gortz Institute and the Max Planck Institute has made a recent discovery on the field-programmable gate array (FPGA) chips.This Vulnerable allow any Attacker to gain full control of the chip and it functionalities, this type of bug is called the 'StarBleed " vulnerability.

The researchers were able to successfully penetrate the bitstream encryption of Xilinx 7-Series and Virtex-6 devices in their analysis.

The FPGA chips are mostly none to be used in medical field or the Aviation , since the vulnerable exist in the hardware this critical security bug can only be fixed by replacing the chips .

If an attacker has access to the bitstream and breaks its confidentiality, he can reverse-engineer the design, clone intellectual property, or gather information for subsequent attacks e.g., by finding cryptographic keys or other design aspects of a system. If the adversary succeeds in violating the bitstream authenticity, he can then change the functionality, implant hardware Trojans, or even physically destroy the system in which the FPGA is embedded by using configuration outside the specifications. Abeerah Hashim said 

Over 500,000 Zoom Accounts Info Sold on Darkweb Hacking Forum

Thousand of Zoom Account sold  on Darkweb for less than a penny(each zoom account cost $0.002). This account credentials include Email,Password , meeting ID and hotkeys. Cyble a cyber-security firm was able to to purchase a large some of the account(530,000) to be able to warning zoom users of their Info leaked .
The hacker who then want to build his Reputation on the forum started to post some of the account for free.
This Account Info (email & password) where shared in a plain text, this account include University of Vermont,University of Dartmouth, University of Florida and many more Institutions etc.
 BleepingComputer   is a cybersecurity news website who told Hackers Review " they where able to contact  the email address leaked on the darkweb hacking Forum ,

They some user told them that the password listed is an old one, It means that some of those credentials are likely to have suffer from older stuffing attacks.

World Popular Hacking Forum "OGUsers" got Hacked Again

OGUsers databased Hacked

OGUsers  most popular hacking forum in the world announce on April 2, 2020 that their database has  been hacked and Database Leaked .The Forum is None has a training Ground for Hackers or Cyber Criminal who mostly deals in Sim Jacking .  The Forum Admin(Ace) said
It appears someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database
The hacker is believed to have stolen over 200,000 users info including Username ,Email ,IP Address ,Password ,Source code ,Website Data, And User Private messages. IP address  was one of the most user was mostly think off Cause OGUser has strict rules on The use of Vpn ( mean if your account got login in from other ip address other than the prevision you used to create the account , the account will be banned ) meaning 50% of OGUSER uses their real IP Address
The Hacker who hacked Oguser  uploaded the Database for Download  on rival Hacking Forum

But has i said early this is not the first time OGUsers  have been hacked