E-Skimming Getting Worse by The Day

FBI-Issues-Warming-About-E-Skimming-crimeshop

FBI Issues Warning 

Cristal M Clark

I’m sure you all know about card skimming at the fuel station, the market and just about anywhere you swipe a card, we also need to worry about E=Skimming which is not a new thing. 

E-Skimming-crimeshop

E-Skimming, is an internet based card fraud where malware is injected into the payment page of a website to steal consumers’ payment details which of course happens when the hackers have unleashed malware on the payment page of the website. They then collect  customer card data when customers pay during the checkout process. 

Of course this has been a small problem since online shopping became a thing however, it’s now getting worse as each year passes. In fact according to the FBI, millions consumers’ data has been compromised by this kind of online scheme over just the past 2 years, and that my friends is just a stab in the dark at just how many individuals have had card data stolen through an online store because the FBI is having a difficult time obtaining a more precise count. 

Hackers-Attack-online-shoppers-crimeshop

Unfortunately, consumers never see this or get a warning when any sites payment system has been compromised so, we can’t really tell. 

So what are we consumers to do here?

Experts suggest using a credit card for all online purchases over using a debit card because the money on a debit card comes out of your account right away and in some cases it can take a while to see the funds returned to the account. 

Consumers can also check with the bank that they use, most banks now have a feature included with most mobile banking apps that alert the user if a charge is run on his/her debit card and that alert is in real-time.

Banks are also really coming around in terms of fraudulent charges on cards, they don’t let the fund’s come right out before checking with the consumer in some cases where things seem off and they are getting faster at returning funds that were not authorized. 

Either way, the FBI does not see an end to this situation anytime soon, so when you shop online, keep an eye out for charges that don’t belong to you. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Digital Textbooks Now Offer Malware and Viruses  

digital_textbooks-crimeshop

Back to School Woes 

Cristal M Clark 

We love digital anything, news, magazines, textbooks and essays. Kaspersky Labs is now alerting college students to be on the lookout for malware and viruses in some pretty unlikely places. 

malware-crimeshop

According to research conducted by Kaspersky Labs has shown that it’s not just illegal movie and software downloads that are riddled with viruses, but educational materials, as well.

Due to the high cost of textbooks even digital one’s cash strapped students look online for less costly alternatives and that is when students looking to save a few bucks end up paying even more than they originally bargained for. 

Kaspersky scanned school and student related filenames to then determine the number of times viruses had been downloaded by users. 

This should not come as a huge shock, Kaspersky discovered that in the past academic year, there were 356,000 cases of attack attempts, malware and viruses trying to infect the users computer.

essays-digital-crimeshop

The majority of the examples found came happened to from essays, with 233,00 instances of them being downloaded by more than 74,000 users and more often than not, when essays were downloaded students didn’t just download one at a time of course. 

Textbooks came in second, with 122,000 registered attack attempts. Among them, English textbooks were the most likely to have an infection, followed by maths and literature. Subjects such as natural sciences and foreign languages were also found to harbor viruses but not as many. 

malware-infects-digital-textbooks-crimeshop.jpg

While it’s easy to tell students not to download less costly alternatives, the reality is unless the cost of textbooks, essays and other needed digital materials for students is lowered to more reasonable prices, they are going to continue to run the risk of downloading infected files. 

Hopefully, the news encourages students to download antivirus software and double and triple check the site they intend to download from. 

May your back to school year start off with no malware. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Avast and Police Kill 850,000 Malware Infections

retadup-worm-malware-taken-down-by-avast-and-french-police-850000-computers-disinfected_crimeshop

Avast and French Police Outsmart Botnet Creators 

Cristal M Clark 

The Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. The malware was used to generate money and the malware operators could also run other malicious code, such as spyware and/or ransomware. The malware also comes with a bonus, wormable properties, allowing it to spread from computer to computer.

retadup-malware-botnet-infected-by-another-malware-crimeshop

Since its birth, the cryptocurrency mining malware has spread across the world, including the U.S., Russia, and Central and South America.

Sounds a lot like a nightmare for any infected computer, yet French police managed to hijack and neutralized a massive cryptocurrency mining botnet that controlled close to a million infected computers. Security firm Avast confirmed that the operation was quite successful.

Avast discovered a design flaw in the malware’s command and control server. That flaw, if properly exploited, would have “allowed us to remove the malware from its victims computers without pushing any code to victims computers,” according to researchers at Avast. 

Sadly, Avast did not have the proper legal authority to exploit the flaw considering it would have involved them manipulating end users computers without their permission and I am not referring to the bad guys, I am referring to individuals such as you or myself. So Avast did the next best thing, they contacted French authorities because the malwares infrastructure seemed to live and breath in France.  

botnet-crimeshop

So after obtaining the right authorization in July, Avast and French police took control of the server and disinfect affected computers.

This take-down ended in perfect fashion however had the authors of the malware realized what had been happening they could have pushed ransomware to hundreds of thousands of computers while still attempting to profit from the malware before the take-down. 

Researchers built their own replica of the malware since they now had a copy of it, which disinfected victim computers instead of causing infections. Avast amazingly stopped the malware from operating and removed the malicious code to over 850,000 infected computers.

Remotely shutting down a malware botnet is a rare and difficult feat to achieve, my hats off to the Avast and the French Police.  

 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Flame Malware – I’m Back

stuxnet-flame-malware-back-for-good-crimeshop

Stuxnet, Flame Malware Making a Comeback

Cristal M Clark

Flame malware, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware that attacked computers running the Microsoft Windows operating system. The program was used for targeted cyber espionage in Middle Eastern countries. It was once what researchers referred to as a sophisticated little gem of malware, created as nation-state spy tools, once outed by Kaspersky Labs, it was quickly and quietly shuttered and forgotten about, until now.

flame-malware-crimeshop.jpg

It is believed to have been created by Israel, Flame was the first modular spy platform discovered in the wild, it came with multiple plug-ins that could be swapped out according to whatever tools were needed for each victim.

It had a lot of capability that was unique at the time it was discovered, and also used a highly sophisticated technique for spreading.

The attackers tricked Microsoft into issuing them a legitimate Microsoft certificate, which they then used to sign their malicious files. Then they subverted the trusted Windows Update mechanism, through which Microsoft distributes patches and software upgrades to customers, to deliver those malicious files to targeted victims instead, doing so in a way that made it look like they came from Microsoft’s server.

The attackers also managed a fleet of 80 command-and-control domains to communicate with infected machines then they faked Flame’s death back in May 2012, pushing out a kill module to infected machines and closing shop on the command-and-control servers.

Most researchers thought that the creators in a panic just shut things down but are not realizing that it may never have been truly shut down, just ehhh more or less running in the background unbeknownst to virtually everyone in the security world.

The original Flame attacked systems in Iran as well as other parts of the Middle East it would do things such as turn on the internal microphone of an infected machine to record conversations the user conducted near the computer or over Skype or, using the infected computer’s Bluetooth functionality, scan for other Bluetooth-enabled devices in the vicinity, such as a mobile phone, and siphon the contacts folder from it.

Great little piece of spyware honestly.

The attackers appear to have re-tooled their little spy kit and added strong encryption to make it harder to detect and reverse engineer according to researchers at Alphabet’s Chronicle Security labs who discovered that a new version of Flame appeared in 2014 (the original was back in 2012), and likely remained active until 2016 and beyond, giving them just enough time to steal and deploy whatever they would like.

Juan-Andres Guerrero-Saade, one of the Chronicle security researchers who made the discovery; “Nobody ever expected to see Flame again. We figured it was too old and expensive for the attackers to waste time retooling rather than just build a whole new platform.”

stuxnet-crimeshop

Juan-Andres did not just stop with that either, he went on to explain that he and his team also found evidence that Stuxnet, you know the virus/worm created by the US and Israel to sabotage Iran’s nuclear program in 2007, but ended up infecting virtually every PC in the US as well as globaly, has connections to another malware family known as Flowershop.

Oh Flowershop, Flowershop was operating as early as 2002, several years before Stuxnet was developed, and it appears that some of Flowershop’s code made it into a Stuxnet component, which if true means that a fourth team or group of individuals were part of America’s first Cyberwar campaign, the development of Stuxnet. What’s more is that researchers have in fact, previously found connections between Stuxnet and Flame and between Stuxnet and two other malware families known as Duqu and the Equation Group, the latter a group of tools attributed to the NSA.

The new discovery has baffled researchers who still do not have a full understanding into the full capabilities of Stuxnet and Flame, so it’s anyone’s guess as to what the creators of Flame might be up to these days, one thing is for certain, they do not plan on stopping anytime soon.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

 

Tax Season Headaches and Malware Campaigns

malware_crimeshop

Cybercriminals Aim to Spoof Accounting & Payroll Firms This Tax Season

Cristal M Clark

This should not come as a total surprise to anyone, cybercriminals are aiming high this tax season by going after some pretty major accounting and payroll firms along with your hard-earned cash or tax return.

IRS-crimeshop

The deadline for filing taxes in the US is April 15 but as luck would have it, tax season just so happens to start for some well before that and well beyond that despised date here in the US. For many businesses, they actually prepare employee tax information i.e. 1099’s and W-2’s back in January of each year. Which in turn gives cybercriminals a wee jump start on launching campaigns in the hopes of robbing individuals and businesses in their tax fraud, financial fraud and identity theft schemes.

Not all that uncommon of a practice for cybercriminals, this year they just decided to go after accounting and payroll firms, thus branching out from businesses and individual tax payers. IBM X-Force researchers found 3 campaigns were attempting to deceive recipients into believing they were emailed by large accounting, tax and/or payroll services firm which carried malicious Microsoft Excel attachments with a payload familiar to us as one of the most common and effective banking Trojans: TrickBot.

trickbot_server_crimeshop

TrickBot for those who unfamiliar, is financial malware that silently infects devices for the primary purpose of stealing valuable data such as banking credentials, then follows up with wire fraud from the device owner’s account. Should your computer become infected with TrickBot, the cybercriminals operating it would then have complete control and could do virtually anything that they wish on your device, including spreading to other computers on your network and emptying your company’s bank accounts, potentially costing millions of dollars to an employer and to any firms that they are working with.

cybercriminals_crimeshop

Cybercriminals are becoming more and more brazen in their efforts to rob just about anyone and everyone that they can and legally, catching them is more difficult as each year passes because these guys learn from the mistakes of others and often times step up efforts to mask who and where they are operating from.

From an end user perspective, it’s often difficult to tell what’s real and what is not in terms of what emails are coming through, I usually advise everyone to not click on things from anyone you do not know and even if what might be sitting in your email appears to be from a known sender, if they do not email you or send links, invoices, etc, don’t click on it and report the suspicious email to the known senders company, keep your security software up to date, and report anything suspicious, ask questions, look it up online the point is, educate yourself.

Gone are the days that we can rely on the news or the government to keep us informed about every malware campaign coming at us simply because of the sheer volume of them.

Stay vigilant my friends.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

 

 

 

Google Play Store Takes Users on Yet Another Misadventure

Google_PlayStore_crimeshop

New Adware Ready to Infect Your Android Devices

Cristal M Clark

Well it’s not like we didn’t expect this right? Researchers have found a plethora of new adware ready and waiting to infect your Android device, and it’s all available at the Google Play Store.

CHecK-PoiNT-SFTWRE-crimeshop

Yesterday, Israeli security firm Check Point said applications known to contain this particular adware strain known as “SimBad” had been downloaded almost 150 million times, mostly by gamers. The adware can be found in over 200 applications by the way, which Google finally got rid of, after users installed it all over the world.

simbad-malware-play-store-in-android-devices-crimeshop

According to Check Point; “We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer. The malware has been dubbed ‘SimBad’ due to the fact that a large portion of the infected applications are simulator games.”

Check Point said the adware resides inside a pretty widely used advertising software development kit (SDK) provided by ‘addroider[.]com’. Once it is installed, SimBad receives instructions from a command and control server, such as an order to make its icon disappear in an effort to make the app harder to remove and old one but a good one. Then, it begins to display background ads and can open any URL in the phone’s or devices browser, which is a joy for end users I am sure.

“With the capability to open a given URL in a browser, the actor behind ‘SimBad’ can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the user, the actor can even take his malicious activities to the next level by installing a remote application from a designated server, thus allowing him to install new malware once it is required.”

android-malware-crimeshop

And worst yet, the researchers said that while SimBad appears geared toward serving ads for now, it has the infrastructure to evolve into “a much larger threat.”

Of course it does, I mean why wouldn’t it?

Check Point was kind enough to put together a complete list of infected applications: https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/

Google by the way does have some pretty robust scanners in order to weed out and get rid of malware, however what’s been happening of late is the apps the malware infects are downloaded by users so fast that Google’s scanners simply cannot detect the problems fast enough to eradicate it before users have already installed the affected application.

Case in point, a couple of months ago Google’s detection systems had been neatly bypassed by a batch of 85 apps that, by the time Google was able to delete them, and the malware had infected around 9 million users.

In the days leading up to that, users in 196 countries had been infected by several apps that were capable of accessing contact lists and SMS messages and recording audio. Many are wondering if Google simply can’t keep up or if they loosened the rules and became careless with new aps and developers.

End users are beginning to become very concerned over privacy, leaks, and malware that eventually steal sensitive user data.

Google is one of the top tech companies in the world, but continue to allow for mishaps like this to happen and someone will eventually come along and knock them promptly off of that very throne.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

NSA – To Finally Help Improve Security?

NSA Administration building

Releasing Free Tool for Reverse Engineering Malware

By: Cristal M Clark 

The NSA generally undermines security rather than do anything useful so as to help.

malware-crimeshop.jpeg

Now the NSA is taking a stand against malware in a pretty significant way it would seem, they are going to release a helpful tool for free in an effort to help, for a change.

On March 5th, the agency plans to release a free reverse engineering tool, GHIDRA. The software reportedly dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software.

GHIDRA entered the spotlight with the Vault 7 leak, so it’s not a secret nor is it really new, it is unusual however, for the NSA to release it.

Other similar tools to exist in fact however they are terribly expensive.

This does leave some to wonder what the NSA’s true motives are given it’s prior history and part in the Zero Days worldwide malware release.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

Russia’s Infamous Election Hackers Are at it Again

vladirmir_putin_crimeshop

Russia Election Meddling

idiot-Donald-Trump-CrimeShop

 

Yesterday, Trump went on and on with accusations that are completely baseless against China, claiming that they are attempting to meddle in our latest round of elections.

fancy-bear-crimeshop

What’s really true however is that reports are beginning to surface implying that Russia’s GRU, better known as Fancy Bear (U.S. intelligence agencies have identified Fancy Bear as two units within Russia’s military intelligence directorate), has secretly developed and deployed new malware that seems to be impossible to eradicate, capable of surviving a complete wipe of a target computer’s hard drive, and will allow the hackers to return as many times as they would like.

The European security company ESET discovered the new malware and reported that It works by rewriting the code that is flashed into a computer’s UEFI chip that controls the boot and reboot process.

The code is designed to maintain access to a high-value target in the event the operating system gets reinstalled or the hard drive replaced, which under normal circumstances would eradicate the malware.

This not the first code to hide in the UEFI chip and Russia’s new malware works only on PCs with security weaknesses in the existing UEFI configuration.

Not in this case, the new malware does seem to prove that Fancy Bear is more robust, powerful and potentially dangerous than the world previously thought.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

 

 

 

Law Enforcement Officer Purchases FlexiSpy –  Intercepts WhatsApp & Emails?

new-iphone-features-instagram-story-capture-and-push-command-flexispy-crimeshop

Malware that intercepts social media messages, emails & so much more

Well, if it’s not the bad guys it’s law enforcement these days using malware to intercept your private data, messages and the like.

Or at least that is what some suspect.

FDLE-CrimeShop.jpeg

Motherboard obtained data that seemed to indicate that a Florida law enforcement officer purchased FlexiSpy, a malware that is used to intercept private data such as messages sent through email, WhatsApp, social media communications…

FlexiSpy-malware-crimeshop

Jim Born, just so happens to be the former DEA Agent and Special Agent at the Florida Department of Law Enforcement (FDLE) who purchased the malware and, the now retired agent claims that he simply made the purchase to better understand it and not to actually use it on someone without a court order.

Of course.

According to Motherboard it is truly unclear as to why the former agent really made the purchase.

flexispy-catch-cheaters-crimeshop

FlexiSpy was originally marketed to those who wanted to or felt the need to spy on a spouse or lover whom they suspected of cheating, it’s changed a bit over the last year and now the marketing targets employees and children.

record-phone-calls-and-surroundings-flexispy-crimeshop

The spyware is available to purchase on the open market by the way, it is said that to deploy it, you would need physical access to one’s device.

Just remember, law enforcement could have a device stored as ‘evidence’ where they could if they could get into the device load the malware.

Not to mention, YouTube has a video or two on how to install the malware without having to actually have the victims device in hand.

Lovely.

WhatsApp-crimeshop.jpeg

What is truly frightening about this lovely little gem of malware is that, FlexiSpy has added features that make it a truly powerful way of spying on the ones you love, including the ability to siphon WhatsApp messages, remotely turn on the phone’s camera and microphone, rip files stored on the device, and of course the ability to hide itself from its victim.

As for FDLE, well they have absolutely no record of Agent Born ever making the purchase so he made the purchase as a private citizen which either makes his story a complete lie or makes him a jealous spouse, lover or nosy parent.

infant-social-security-numbers-for-sale-on-dark-web-crimeshop

I don’t know, when it comes to ones interpersonal relationships even those with our children, I personally feel that it’s never okay to install malware onto a loved ones device for the sole purpose of spying on that individual.

If you feel that your loved one is lying to you, cheating on you, or whatever, perhaps rather than invade the individual’s privacy by installing malware onto that individuals device, which is a tit for a tat sort of move, you should just ask them.

If you don’t find that you are getting the answer you want or suspect, then maybe you should assess the relationship you have with said individual and make a decision, one that would make you happy, because confirming suspicions, never makes someone happy, it simply and only vindicates what you already know deep down.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop