Pre-installed  Android  malware found in over  5 million Android Devices

Pre-installed  Android  malware found in over  5 million Android Devices

Malware covered up as 'wifi system' app, just about 5 million mobile devices have already been infected worldwide. Over the last 10 days, Malware alone has made its developers over $115,000. Dozens of IoT devices already were transformed into a massive Botnet network.

 The researchers believe that all devices affected were dispatched to Tian Pai, a cellphone dealer premised in Hangzhou. That malicious ads malware pushes an adware feature to all infected android smartphone, which shows ads upon this main screen of the device, either pop-up windows or full-screen advertising to gain fraudulent advertising revenue for it developer.

 CheckPoint noticed two bits of pre-installed malware compromised with Samsung , LG, Htc, Asus, Nexus, Oppo and Lenovo. Below are the affected app with the android adware 
Go to Android  Settings > application and check if any of this app is on your mobile device just uninstall 

  •  Androï
  • com.changmi.launcher
  • com.system.service.zdsgt

1-800-FLOWERS Canadian Website Injected With Credit Card Stealing Malware

            1-800-FLOWERS Canadian Website Injected With Credit Card Stealing Malware
1-800-FLOWERS e-commerce platform fell victim to Magecart for over 4 years. The California Attorney General's Office reported the infringement to by the Canadian company which stated that over 500 Californians had been affected. In its results for the third quarter of 2018, the company announced $238.5 million.

The total number of users impacted still has not been reported, "says Stephan Chenette, AttackIQ co-founder and CTO." Pay card skimming malware remains a safety threat for retailers around the world. British Airways, Newegg, Kitronik, were victimized all this year Chenette said.

Investigation results indicate that your first and last name, payment card number, expiration date as well as card security code were included in information collected by the attacker

Check back with the Hackers Review for the latest updates on this story

Hackers Exploiting old Vulnerabilities in Magento

                            Hackers Exploiting old Vulnerabilities in Magento
According to the Federal Bureau of investigation, hackers exploiting a flaw in a plugin from Magento to hack online shops. The vulnerability found in Magneto is cross-site scripting (XSS) that allows the hacker to inject a malicious script inside the online store source code.

 Payment  Information which been recorded from user purchases is then encrypted in a Base64 format, enclosed inside a JPEG image and submitted towards the attacker server. Such form of attack is referred to as web skimming or e-skimming. 

The Plugin found with the bug is Magmi which was found three years ago more or less an update is available  Magmi-git 0.7.23 to fix XSS bug that enables initial storage access for attackers.

The FBI alert provides compromise (IOC) indicators which Magento provider can be used to prevent attachments to their websites in their web application firewalls.


  • Check all applications for critical vulnerabilities and prioritize the early patching of network-connected server for identified vulnerabilities and Internet data processing tools such as web browsers.
  • Weblogs and web applications are being constantly checked and monitors for unauthorized entry, alteration and anomaly.

  • Perform network penetration checks, code integrity controls and dynamic device safety measures on websites to detect faults or misconfigurations on regular basics

Zloader "UZUS" Banking Malware Resurrected Amiding At COVID-19

Since the beginning of the year, cybersecurity researchers have identified in over 100 e-mail advertisements on the Zloader Malware known has zues.

The malware seems to be under active development ever since it returns in Dec 2019, with 25 varies. This is a version of the notorious Zeus which used to steal millions of dollars from a large theft ring leading up to their takedown. Web injects are used for theft of victimization banking logs or credentials and confidential banking information as well as confidential client data such as cookies and login details. Attackers Behind use PDF files which link the zloader version to a Microsoft Word set down with the macro script. The whole month 's recent analysis varies  from more than one source

Ukraine Hacker arrested For Selling Billions of Stolen Credentials

                Ukraine  Hacker arrested  For Selling Billions of Stolen Credentials
Yesterday Ukraine Secret Service 'SSU' have arrested a hacker known has Sanix (a.ka. Sanixer), accused of selling billions of stolen records on Hacking forum, dark web and on telegram. SSU stated they arrested sanix in western Ukraine a city called  Ivano-Frankivsk. Data broker is what cybersecurity expert will call sanix meaning; when data from hacked companies were collected from public records.

Sanix assembles a collection of Collection # 1, # 2, # 3, # 4, # 5, Antipublic, and others, first known as a user and password combos. Such samples were terabytes of data and billions of identical combinations of username and password.
However, USS stated it clear that most of the Credentials leaks are from other data broker called Azatej who has a member of the infinity Black hacking group who got busted by Europol two weeks ago.

Copies of Collection # 1 were found on the computer of Sanix by SSU together with at least 7 related databases of hacked and broken login credentials. Investigators in Ukraine said Sanix 's computer not only stored information on PIN codes for bank cards but crypto-currency wallets, has well has PayPal accounts said SSU officers who retrieved 2 TB of data ($3000) from the Sanix residence after the home investigation. SSU agency said they searched the Ukrainian hryvnia (~$7,000) from the Ukrainian house. 


Romania Police Busted PentaGuard Hackers Crew

 Romania Police Busted PentaGuard Hackers Crew
 Romania authority DIICOT announced that 4 Hackers from the PentaGraud hacking group have been arrested on Saturday. This group have been known since 2000, this group became famous when they successfully launch an attack on a series of  Australia Government website.

In the Arrest 3 hackers of the Group where the arrested of in Romain while the fourth one was held in the Republic of Moldova.

The data collected up until now revealed that they are intending to begin ransomware attacks in the foreseeable future, in some public health institutions in Romania, usually in hospitals, using a social engineering toolkit. They also wanted to submit a malicious and executable code from the families of computer viruses Locky or BadRabbit. The malicious script code is then downloaded automatically to the existing computer, creating data encryption and thereby eliminating the computers to communicate, DIICOT stated in their post

DIICOT also stated that PentaGraud During their long term in operations, PentaGuard hackers considered themselves untraceable. This is why they never bothered in covering their digital footprints online. 

The New Android Malware "Mandrake" To steal Your Data

Each and everyday there  are different malware that shows up and each with it own unique style. On the 15-05-20  Cybersecurity firm Bitdefender reported a new Android  Malware called Mandrake of which to the report have been there since 2016(Google Playstore).

List of App Affected With The Mandrake Malware

  • Abfix
  • Coincast
  • Car News
  • Noroskrope
  • SnapTune Vid
  • Office Scanner
  • Currency AE Conventor
All this apps where found in different sections on Google Playstore Category and the most interesting part os that the hackers behind this malware  also have a facebook page which they always respond  to every user complaint and fix  the issues which been reported making the app  look legits  .

Once activated, it can steal cryptocurrencies and applications credentials such as Facebook, manipulate text messages, enable screen recording, send notifications, track the user's location, initiate calls along with even factory-resetting a phone to remove any traces of its existence.

 This is an example of the lisense agreement  asking the user to agree( but in terms the only thing the user is agreeing on is allowing the hacker to gain android systerm authority or full control of the device  .

For now all the app affect have been removed from the Playstore but this still tells has that if such an app can remain undetected for such a long time 2016-2020 affecting million of users .

Tip:Alway check the app you wanna download even if it from Playstore or Appstore and make sure you needed that app.Advice is to install an Antivirus to keep your Mobile safe from this treat.

Iran Hackers Uses Telegram and other chat App to Spy

A cybersecurity researcher  Bob Diachenko discovered over 40 million Iranians personal details & information posted on darweb forum  by a group called Hunting System .In our review on this issue, we contacted Telegram to explain why they left their users exposes to suck treats of which they said

" the data came from unofficial  version  Telegram's  that is not associated with the business."Unfortunately , people in Iran continue to use unverified apps despite our warnings

 Has we all know a telegram is an open-source software which allows third-party to create and modify their own version of the app. Also stated because of telegram official app been banned by the Iran Govt most user who prefer to still use telegram have to go for the unofficial version of the app which leads to this masaca  of Spy.
The Database consists of Username , Phone number , Secret keys & Account Id, though telegram explains that the secret can not be used to access the account but works inside the app.

The details in this revealed database represent a clear danger for users. This not only exposes who uses Telegram in Iran it also makes them vulnerable for attack. The data can also be used to duplicate accounts of persons , spy on private conversations, recognise  & identify  people using Telegram securely or spread disinformation or misinformation to particular groups

“EventBot” Android Malware Which Steal your Credentials and Personal Information

Researchers from CERT-In discovered the most Dangerous malware in Android history. Researchers say once it been installed the malware will be able to affect more than 200 various financial applications, including, Remittance, cryptocurrency wallets, banking, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise and Coinbase, etc. If you have been on the internet for a while you will probably no that this information which been collected by the app could be used for Identity theft.

Hacker disguised the malware with several icons as a legitimate program and uploaded it to the rebel APK stores as well as other questionable websites

The app is known to be targeting users from the Unites State & Europe at the time of writing, the hackers can access the victim's bank accounts using a password and two-factor code, they obtain.
The malware secretly monitors each touch of both the tap and key and can read messages from other installed devices, allowing the hackers a window on what is happening on the phone of a victim.

tip: Always Install apps from Authorize / Approved App store