Digital Textbooks Now Offer Malware and Viruses  

digital_textbooks-crimeshop

Back to School Woes 

Cristal M Clark 

We love digital anything, news, magazines, textbooks and essays. Kaspersky Labs is now alerting college students to be on the lookout for malware and viruses in some pretty unlikely places. 

malware-crimeshop

According to research conducted by Kaspersky Labs has shown that it’s not just illegal movie and software downloads that are riddled with viruses, but educational materials, as well.

Due to the high cost of textbooks even digital one’s cash strapped students look online for less costly alternatives and that is when students looking to save a few bucks end up paying even more than they originally bargained for. 

Kaspersky scanned school and student related filenames to then determine the number of times viruses had been downloaded by users. 

This should not come as a huge shock, Kaspersky discovered that in the past academic year, there were 356,000 cases of attack attempts, malware and viruses trying to infect the users computer.

essays-digital-crimeshop

The majority of the examples found came happened to from essays, with 233,00 instances of them being downloaded by more than 74,000 users and more often than not, when essays were downloaded students didn’t just download one at a time of course. 

Textbooks came in second, with 122,000 registered attack attempts. Among them, English textbooks were the most likely to have an infection, followed by maths and literature. Subjects such as natural sciences and foreign languages were also found to harbor viruses but not as many. 

malware-infects-digital-textbooks-crimeshop.jpg

While it’s easy to tell students not to download less costly alternatives, the reality is unless the cost of textbooks, essays and other needed digital materials for students is lowered to more reasonable prices, they are going to continue to run the risk of downloading infected files. 

Hopefully, the news encourages students to download antivirus software and double and triple check the site they intend to download from. 

May your back to school year start off with no malware. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Flame Malware – I’m Back

stuxnet-flame-malware-back-for-good-crimeshop

Stuxnet, Flame Malware Making a Comeback

Cristal M Clark

Flame malware, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware that attacked computers running the Microsoft Windows operating system. The program was used for targeted cyber espionage in Middle Eastern countries. It was once what researchers referred to as a sophisticated little gem of malware, created as nation-state spy tools, once outed by Kaspersky Labs, it was quickly and quietly shuttered and forgotten about, until now.

flame-malware-crimeshop.jpg

It is believed to have been created by Israel, Flame was the first modular spy platform discovered in the wild, it came with multiple plug-ins that could be swapped out according to whatever tools were needed for each victim.

It had a lot of capability that was unique at the time it was discovered, and also used a highly sophisticated technique for spreading.

The attackers tricked Microsoft into issuing them a legitimate Microsoft certificate, which they then used to sign their malicious files. Then they subverted the trusted Windows Update mechanism, through which Microsoft distributes patches and software upgrades to customers, to deliver those malicious files to targeted victims instead, doing so in a way that made it look like they came from Microsoft’s server.

The attackers also managed a fleet of 80 command-and-control domains to communicate with infected machines then they faked Flame’s death back in May 2012, pushing out a kill module to infected machines and closing shop on the command-and-control servers.

Most researchers thought that the creators in a panic just shut things down but are not realizing that it may never have been truly shut down, just ehhh more or less running in the background unbeknownst to virtually everyone in the security world.

The original Flame attacked systems in Iran as well as other parts of the Middle East it would do things such as turn on the internal microphone of an infected machine to record conversations the user conducted near the computer or over Skype or, using the infected computer’s Bluetooth functionality, scan for other Bluetooth-enabled devices in the vicinity, such as a mobile phone, and siphon the contacts folder from it.

Great little piece of spyware honestly.

The attackers appear to have re-tooled their little spy kit and added strong encryption to make it harder to detect and reverse engineer according to researchers at Alphabet’s Chronicle Security labs who discovered that a new version of Flame appeared in 2014 (the original was back in 2012), and likely remained active until 2016 and beyond, giving them just enough time to steal and deploy whatever they would like.

Juan-Andres Guerrero-Saade, one of the Chronicle security researchers who made the discovery; “Nobody ever expected to see Flame again. We figured it was too old and expensive for the attackers to waste time retooling rather than just build a whole new platform.”

stuxnet-crimeshop

Juan-Andres did not just stop with that either, he went on to explain that he and his team also found evidence that Stuxnet, you know the virus/worm created by the US and Israel to sabotage Iran’s nuclear program in 2007, but ended up infecting virtually every PC in the US as well as globaly, has connections to another malware family known as Flowershop.

Oh Flowershop, Flowershop was operating as early as 2002, several years before Stuxnet was developed, and it appears that some of Flowershop’s code made it into a Stuxnet component, which if true means that a fourth team or group of individuals were part of America’s first Cyberwar campaign, the development of Stuxnet. What’s more is that researchers have in fact, previously found connections between Stuxnet and Flame and between Stuxnet and two other malware families known as Duqu and the Equation Group, the latter a group of tools attributed to the NSA.

The new discovery has baffled researchers who still do not have a full understanding into the full capabilities of Stuxnet and Flame, so it’s anyone’s guess as to what the creators of Flame might be up to these days, one thing is for certain, they do not plan on stopping anytime soon.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

 

Think Your iPhone is Safe From Malware – Think Again!

iOS-Malware-Crimeshop

Malware Able to Spy on iPhone User Data

For those of us with iPhones, it goes without saying that we love iOS, we pay a lot of money for the added security that Apple offers, plain and simple.

tim-cook-apple-crimeshop

But, if you think iOS is completely safe from malware, as I have said before, you are mistaken.

kaspersky-labs-moscow-crimeshop

Kaspersky Lab’s has in fact, found proof that a small spyware government contractor happens to be selling iOS malware.

And that malware, well it actually works in the iOS environment.

Negg, the government contractor has developed a “custom iOS malware that allows GPS tracking and performs audio surveillance activity.”

Kaspersky Lab researcher Alexey Firsh told Motherboard:

“We have uncovered an iOS implant, we assume that at the moment of discovery it was in a development stage and was not fully adapted to infect potential victims.”

malware-targets-apple-ios-crimeshop

Apple has been notorious for incredibly secure devices and for locking down it’s devices making them difficult to jailbreak, which make them less susceptible for malware to be installed on them.

Of course for those that are skilled in the fine art of developing malware and who like a challenge, they have always been willing to find ways around Apple’s security for a very high price.

DonaldThrowingMoney-crimeshop

Companies will pay around $3 million for software that jailbreaks and hacks iPhone and sadly researchers simply do not  report bugs to Apple because others pay better than Apple does.

To make matters worse, several groups specialize in the creation of iOS malware, specifically for the purpose of jailbreaking a device so that the malware can be downloaded on it.

Even worse than that?

-saudi-arabia-crimeshop

Israeli newspaper Haaretz reported that Saudi Arabia paid $55 million to purchase iPhone malware made by the NSO Group.

Governments worldwide are willing to shell out some pretty big cash just for the privilege of being able to hack into an iOS device.

Take a step back and let that sink in iOS lovers. .

Apple has made great strides to protect its users data, by the same token Apple has also alienated themselves from the rest of the world.

While at the very same time, painting a very large target on its own back.

And when Apple’s customers really fully realize what this means, it might change the way Apple’s stocks look, in the long term.

When one feels that it is above all of the rest and puts itself on a pedestal, it runs the very high and probable risk of becoming public enemy number one, not to mention being knocked right off of that pedestal.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Android Malware That Can Physically Damage Phones?

 

malware-android-CrimeShop

 

Currency Mining Malware and Your New Android Phone

iPhone-8-crimeshop

My dad used to make fun of me for shelling out the extra money for Apple anything, and while iPhone’s are not 100% malware or hacker proof, they are still the safest bet in town.

Reports are circling around town today about a fairly newer piece of malware affecting Android phones. The malware is a cryptocurrency miner that happens to be so aggressive in nature that it can actually cause physical damage to an Android phone.

Once your phone is infected the malware carries out quite a few malicious activities behind the scene such as but certainly not limited to:

Unending ad’s

Actually participating in DDoS attacks

Sending text messages to any number

Silently subscribing to paid services

And of course

Mining cryptocurrency

The malware is hidden ever so conveniently inside apps that are distributed through third party markets, browser ads, and sms based spam. The malware is called Trojan.AndroidOS.Loapi but has been given the nickname of “jack of all trades,” by researchers at Kaspersky Lab.

Android-malware-physically-damages-phones-crimeshop

After just two days of testing the malware in a lab researchers found that after it ran all of its dirty little deeds continuously it actually caused the phone’s battery to swell so much that it caused the cover to become deformed.

Of course the mining is not the only issue, then again neither is the swelling batteries one might encounter.

The malware also sends a number of prompts for users to assist it in obtaining admin permissions, once granted those highly sought after permissions the malware makes it pretty difficult for an infected device to install security apps that would otherwise “disinfect” the device.

It will subscribe the device to costly premium services pretty much all day long, sending codes in sms on its own to confirm those costly subscriptions and, whoever is on the other end of the attack, well those guys can use the infected phones to become part of DDoS attacks.

Lastly, it displays a constant stream of ads that annoy users to no end.

Researchers have never seen anything like this before and are unsure of its origins.

The good news is that no one seems to think that users are downloading it from Google Play.

Still the same, I think I’ll stick with my iPhone.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

NSA Being Held Accountable for Stolen Secrets?

 

NSA-CrimeShop.jpg

 

Kaspersky Labs Assisted Russia – With Stealing NSA Spying Tools

In a new and improved twist, a report was recently released which indicated Kaspersky somehow helped Russian spies who ended up stealing highly sensitive U.S. spying tools after a contractor brought classified material home and put it on a computer that used Kaspersky anti-virus software.

 

kaspersky-labs-moscow-crimeshop

 

It appears that the stolen material included secret details about just how the NSA penetrates foreign computer networks as well as, the computer code it uses for such spying and how it defends networks inside the U.S.

 

StuXnet-crimeshop

 

This is not shocking to be honest, I mean the US Government released STUXnet once upon a time and case in point, paybacks are a bitch.

Here is a little down and dirty about Kaspersky labs: it is an anti-virus company owned by Eugene Kaspersky, who has been accused by U.S. officials of having ties with Russian intelligence officials.

As you may already know, the anti-virus software Kaspersky sold throughout the United States to businesses, private citizens, hospitals, schools, you name it, the products were widely sold and used here in the US.

 

Eugene-kaspersky-CrimeShop

 

It should be noted that Eugene Kaspersky does maintain the company’s innocence in assisting Russian Hackers with anything and to date the United States Government has provided nothing more than just an accusation against Kaspersky labs. 

The United States Government has brought no tangible evidence in other words, to the table so as to provide any proof whatsoever that Kaspersky had anything to do with Russian hacking here in the US.  

All they really have been able to provide is lip service and finger pointing, thus far.

Either way the NSA does seem to have issues with it’s contracted employees walking out of it’s front door with top secret information, tools and intel.

Does the NSA just have that weak of a system or is it that they simply do not care so it plays out something like: “This Friday we will have a potluck, please be sure to line your casserole pans, pie tins and cake pans with wax paper, also be sure to add an additional liner to your carrying bags so as to ensure the top secret intel that you will undoubtedly steal does not get ruined with food. Oh and Bob, could you have Marge make that macaroni casserole again, everyone just seems to love that one.”

While it’s great to see that some who walked out the doors of the NSA with top secret intel and tools are being held accountable, while at the same time the finger is pointed at Kaspersky and Russia, when will we start seeing the NSA being held accountable for its inability to secure its intel and tools?

Is that not the main problem here?

When you take the blame game away, you see that the bottom line is that the NSA continues to prove and show us just how lackluster it’s ability to secure intel much less a paperclip really is.

All I am seeing is blame being placed on others without the NSA being held accountable, which the NSA should be.

Perhaps it is time to do away with the NSA altogether, they really are not doing the United States much good at all, in fact they are doing us more harm than actual good.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Kaspersky investigator arrested for treason 

kaspersky-lab-crimeshop

Russia – Kaspersky Labs

Personally this move did not come as a total surprise to me at all. Russia has arrested a top level investigator one Ruslan Stoyanov who happened to be head of computer incidents investigations unit with the Kaspersky cybersecurity firm.

ruslan-crimeshop

What’s more is that Russia has charged Ruslan with treason although they are not kissing and telling us exactly why they up and arrested him for treason.

Ruslan at one time had been involved in some pretty big arrests pertaining to cybercriminals in Russia.

The details are at best pretty sketchy, Ruslan was arrested alongside one Sergei Mikhailov. Sergei as it so happens did not work for Kaspersky, instead he worked for the FSB.

The FSB is better known as The Federal Security Service of the Russian Federation and it is the principal security agency of Russia.  

The arrests by the way did not just happen. They happened in December or so I am told.  

Investigators are examining money that Ruslan allegedly received from foreign companies or entities which looks a lot like someone might be in the habit of procuring and selling intel and more specifically, working with foreign states.

Which happens to be why I am not surprised by this turn of events.  It is not far fetched that someone working on the inside, particularly with Ruslan’s resume in terms of having worked for Kaspersky but also for the Moscow Cyber Crime Unit at the Russian Interior Ministry, to buy, sell or trade intel, become a hacker or hire hackers and work with foreign states.

This move has left many feeling the arrest of Ruslan to be unprecedented. Arrests for Treason by the way are nothing new in Russia. Many see this particular arrest however, as the destruction of Government relationships with firms like Kaspersky.

Then again, the arrest could be a move in order to drive home a point to the cybersecurity world.

Only time will tell on this one.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

 

Ransomware now hitches a ride with mobile banking trojans

android-malware-tordow-2-0-crimeshop

Coming soon to a mobile banking app near you

Kaspersky-Lab-crimeshop.jpg

Researchers from Kaspersky Lab have discovered at least 2 Android trojans that steal financial information and login credentials, now just in time for the holidays, double as file-encrypting ransomware programs.

Faketoken, one of the programs whose primary function was to generate fake login screens for more than 2,000 financial applications in order to steal login credentials, with the added bonus of being able to display phishing pages in order to steal credit card information, and read and send text messages, added a new and improved bonus feature.

The creators of Faketoken back in July added the ability to encrypt user files stored on the phone’s SD card and they also have since released thousands of builds with the very same functionality.

According to researchers at Kaspersky Lab “Once the relevant command is received, the Trojan compiles a list of files located on the device corresponding to the given list of 89 extensions and encrypts them.”

Faketoken is disguised to look like many popular apps and games, once installed, it creates repeated prompts that bug the user repeatedly to input necessary permissions.

Which most people eventually give at one point or another.

Another mobile banking trojan, Tordow 2.0 that has the ability to encrypt files, make phone calls, control SMS messages, download and install programs, steal login credentials, access contacts, encrypt files, visit web pages, manipulate banking data, remove security software, reboot devices, rename files, and act as ransomware.

Tordow 2.0, which is available through third-party app stores, again disguised as a popular app, contains a pack of exploits that it utilizes in order to gain root privileges on the infected devices.

So far Faketoken has managed to infect devices in 27 countries, most of which are located in Germany, Ukraine, Thailand, and Russia. 

ransomware-crimeshop

It is only a matter of time before the rest of the world starts to see these types of mobile banking trojans that are complete with ransomware.

File-encrypting ransomware has never really been popular until now with mobile devices because generally everything on a mobile device is backed up to a cloud.

With hackers becoming more and more daring, creative and clever, you can be sure to find these types of mobile banking ransomware trojans heading to an app near you sometime in the near future.

Banks are going to need to do more in terms of informing customers of when and why mobile apps are updated but more importantly mobile apps on the app stores need to be checked and managed a lot better than they are today.

Users are the ultimate enabler regardless of banks and the app stores.

I cannot tell you how many times users at my current job and my past jobs, who will bring me a laptop, macbook, Android phone, iPhone, iPad or tablet that has some type of app installed that is causing them a headache.

10 times out of 10, when I ask the user if they checked the app’s that they had installed before installing them, the answer is always no, after being given the glazed over, blank, deer in headlights look.

Users ultimately need to start to check apps prior to installing them.

It is only a matter of time before these types of mobile ransomware trojans become more and more popular as users ditch desktops and opt for more mobile friendly ways to function through everyday life.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

NSA hack an inside Job

data-encryption-thecrimeshop

or is the Russian Government using hackers to breach everything

A newly published article today accuses Russian hackers of breaching the Olympic drug testing agency…

Many assumed that Russia was behind the hack of the DNC.

Headlines last Friday suggest that Russia has hacked The Donald’s campaign.

Everyone assumes that Russia is behind the hack of the NSA and Edward Snowden has reportedly issued a statement that indicates Russia was most likely responsible for the hack at the NSA.

What the hell haven’t they hacked? Wait, they have not hacked Starbuck’s making it so that I have a lifetime supply of coffee.

It could have been Russia who by the way denies any involvement in these hacks.

What was the loot in the NSA hack?

Well as it so happens the hack exposed cyber-weapons intel. That intel reveals just how the NSA hacks suspects and enemies and further details a tracking code that just so happens to reveal the fingerprints of the NSA’s malicious software.

So we really have to wonder what Russia might have to gain if they are truly behind the hack of the NSA? I mean the DNC might have been a just for fun type of thing if Russia was behind it, but what about the NSA? Does Russia feel the NSA had at one time infiltrated them and downloaded some type of malicious software?

To fully understand that, you need to get to know The Equation Group and TAO, two branches of the NSA.

Kaspersky labs describes The Equation Group as “one of the most sophisticated cyber attack groups in the world.” The Equation Group according to Kaspersky labs has operated alongside Stuxnet and Flame.

TAO identifies, monitors and has a nasty little habit of infiltrating and gathering intelligence on computer systems used by foreign entities to the US.

Anyone who has seen the Stuxnet documentary knows that it is widely believed that Stuxnet was created jointly by the US and Israel.

Which makes total sense because Israel is reportedly 15 years ahead of everyone else in terms of Cyber-Defense and Security.

Russia however, was one of the named 42 countries that the Equation Group infiltrated over the course of its 14 year project creating backdoors to foreign Government networks.

Not only did the Equation Group create backdoors, they also seemed to enjoy intercepting hardware from IT companies, globally.

It’s also worth mentioning that the Equation Group has a pretty good reputation for using strong ENCRYPTION methods. They just can’t seem to figure out a way around encryption when folks like Apple create it for consumers to use.

So who kicked in the door at the NSA?

A group called Shadow Brokers took the credit for hacking the NSA. Things got a little crazy when they came out because they boasted rather audaciously and offered to auction off the goods for $576 Bitcoins.

Bidders backed way off and the general consensus has been that those responsible for the breach were not just some run of the mill hackers but a foreign Government, hiding behind the idea the breach was caused by a group of nobody hackers.

From that, another theory sparked a lot of interest and that was, that someone inside of the NSA was in fact responsible for the leaked intel.

Out of all of the theories, this is actually what more than likely happened.

The NSA stores sensitive information on air-gapped networks, which are networks that are not connected to the internet, i.e. the outside world. They also have other security measures, not to mention despite being a pain in the ass to crack, it’s still doable.

They can be cracked through the use of undetected malware, cell phones, as Edward Snowden proved a flash drive, even a sim card can do the trick.

The point is, it’s pretty clear that the responsible party is within the ranks at the NSA.

snowden-thecrimeshop

Now, I am not saying that I am convinced that Edward Snowden had anything to do with it however…

A strange sequence of events happened shortly before the breach.

On 8/5, Edward Snowden reached out through Twitter, with an odd message to those that knew him or who ever worked with him asking them to contact him followed by 64 characters of code. That message lead many to believe that Edward had been captured or killed and failed to do a check-in prompting his account to send out a dead man’s switch. His account went silent after the odd tweets.

Shortly after that, at least 8 torrent sites had been taken down or slowed. The sites are well known to distribute large files.

News of  the hack and leak at the NSA broke on 8/15

Edward Snowden began tweeting again on 8/15

Edward Snowden seems to think that the Russian Government is behind some of these hacks and has said as much through the media….initially it was almost as if he was handing out the idea like we hand out candy at Halloween.

And I, don’t believe in coincidence.

I also don’t believe that the Russian Government was behind the hacks. It’s too neatly wrapped with the bow neatly tied on top.

Blaming the Russian Government seems too easy, too perfect and too convenient.

The hack came from the inside and the NSA just got owned again.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop