h4ck3r _ N3w5

Once again, a new revelation showed the ugly side of the Government who are conducting Global Mass surveillance and previous documents leaked by the whistleblower Edward Snowden have defaced the US Intelligence Agency NSA, who were taking care of a number of projects like PRISM, XKeyscore, DROPOUTJEEP, and various others to carry out surveillance of millions of people.
Now, it has been revealed that the US National Security Agency (NSA) helped its British counterpart, the Government Communications Headquarters (GCHQ), to allegedly capture and store nude images and others from webcam chats of millions of unsuspecting Yahoo users, The Guardian reported.
Documents handed to the Guardian by the former NSA contractor Edward Snowden show that the GCHQ’s worked with the US intelligence agency NSA on a joint project dubbed as ‘Optic Nerve’. The project carried out a bulk surveillance program, under which they nabbed webcam images every five minutes from random Yahoo users’ video chats and stored them in a database.

The project didn’t target individual users; rather it targeted Yahoo webcam chats between 2008 and 2010. Indeed, the method of collection appears somewhat recklessly, and in just six months of period alone, the still images of about 1.8 million users were captured and stored in the government servers in 2008.

Instead of saving full videos, the program logged one image every five minutes from a user’s chat. The document says that between 3 and 11 percent of the images taken contain “undesirable nudity.”

One GCHQ document states, “It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person.”

The collected webcam information was stored in the NSA’s XKeyscore search tool, and the NSA research was used to build the tool which identified Yahoo’s webcam traffic, reads the report.

GCHQ webcam spying program, Optic Nerve, was still active in 2012, according to an internal GCHQ wiki page accessed that year.

Why Images??? It is known from the revealed documents that the images were collected by the government agency, so that the group could experiment with facial recognition.

“Face detection has the potential to aid selection of useful images for ‘mugshots’ or even for face recognition by assessing the angle of the face,” it reads. “The best images are ones where the person is facing the camera with their face upright.”

The GCHQ agency staffs were allowed to display “webcam images associated with similar Yahoo identifiers to your known target”, the document reads, also it states “Bulk surveillance of Yahoo users was begun” as “Yahoo webcam is known to be used by GCHQ targets.”

Not Surprising, because your knotty private webcam sex session you loved and enjoyed with your lover four years back was potentially pored over by the suits at GCHQ.

Yahoo has reacted furiously and denied any prior knowledge of the webcam interception program, and said that it had no awareness of or involvement with the GCHQ collection, describing the activity as “a whole new level of violation of our users’ privacy.”

And a GCHQ spokesman said in a statement, “It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence service commissioners and the Parliamentary Intelligence and Security Committee,” adding, “All our operational processes rigorously support this position.”

The NSA spokesperson declined to respond saying, “As we’ve said before, the National Security Agency does not ask its foreign partners to undertake any intelligence activity that the US government would be legally prohibited from undertaking it.”

This is how our privacy is getting ruined by the government intelligence officials that we all trust blindly.

via The Hacker News http://ift.tt/1hHgkgs

If you are reading this THN Article, then you are the one of those lucky guys who has access to the Internet, but everyone is not as lucky as you. On this planet, about 40% of the population is still not having an access to the Internet services.

So, there is good news for all those who are still deprived of Internet services – Free Global WiFi Internet Access called ‘Project Outernet‘.

A Non-profit organization ‘Media Development Investment Fund (MIDF)‘ based in New York has taken this initiative, regardless of the geographical location, the Outernet will broadcast free, bypassing filtering or other means of censorship and universal Internet all over the globe from high in orbit.

A few hundred of Low-cost mini satellites (cubesats) will be sent into the space to create a constellation in the low earth orbit. To widen the range of service area, these Cubesats will utilize universally accepted standard protocols like DVB, Digital Radio Mondiale and User Datagram Protocol (UDP) WiFi Multitasking.

Outernet is nothing but a modern version of shortwave radio, it will receive data from the Ground Stations and will transmit the received data in a continuous loop until it will receive new data.

“Broadcasting data allow citizens to reduce their reliance on costly internet data plans in places where monthly fees are too expensive for average citizens. And offering continuously updated web content from the space bypasses censorship of the Internet.” Outernet says on their website.

Outernet will broadcast Global news, applications, information, educational courseware, and emergency communication services. Technical assessment of the project has been started in last December and a prototype will be tested nearly in June this year.
“By leveraging datacasting technology over a low-cost satellite constellation, Outernet is able to bypass censorship, ensure privacy, and offer a universally-accessible information service at no cost to global citizens.”
MDIF is planning to enhance the ability of the service by enabling the data transmission from anywhere, depending on the availability of funds required for this feature. MDIF’s director of innovation said it would take only three years and $12 billion to get the project up and running.

Google has been working on a similar project called “Project Loon – Balloon-Powered Internet for Everyone” for quite some time.

This technology seems very innovative and useful for the enhancement of the civilization of Humanity in remote areas as well, but it has its own limitation.

After such services get fully functional, all of us might face Security and Privacy Threats by relying on the technology by U.S Based Companies where the NSA wants to control and intercept everything. Till now NSA could target only 60% population with Internet access, but this may potentially allow them to target 100% audience with regular and Free Internet access.

In this era of Edward Snowden, we need to think about its other side too. What do you think about Outernet? Add your Comments.

via The Hacker News http://ift.tt/1hogAmj

Looking for a Secure Smartphone? World’s biggest Aerospace company – Boeing is finally close to the launch of its high-security Android Smartphone, called “Boeing Black (H8V-BLK1)“, primarily designed for secure communication between Governmental agencies and their contractors.

Encrypted email, Secure Instant Messaging and Other privacy services and tools are booming in the wake of the National Security Agency’s recently revealed surveillance programs.

Encryption isn’t meant to keep hackers out, but when it’s designed and implemented correctly, it alters the way messages look. Boeing is the company which is already providing secure communications for US Government officials, including the president.

Don’t mess with it, It can Self-Destruct: Boeing Black Smartphone can Self-Destruct if it is tampered with, destroying all the data on it. The device is delivered in complete sealed form, any attempt to open the seal of the device will destruct the operating system and functionality of the device.

“Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” says the paperwork.

Well, another important fact to be noticed, Boeing Black (H8V-BLK1) won’t be available to average consumers, it is designed for Governmental agencies, Defense and Homeland security only.

Ultra-Secure Mobile Operating System: Boeing’s modified Android operating system has a specific software security policy configuration, so users can configure the device for maximum mission productivity and security.

“Boeing Black’s security is powered by the Boeing PureSecure architecture, which was designed from the outset for the mobile environment. Our architectural foundation is built upon layers of trust from embedded hardware, operating system policy controls, and compatibility with leading mobile device management systems. The device’s hardware roots of trust and trusted boot ensure the device starts in a trusted state, enabling the maximum security of data. Hardware media encryption and configurable inhibit controls are embedded to protect the device, its data, and the transmission of information, significantly reducing the risk of mission compromise due to data loss.” according to the paperwork they filed with the Federal Communication Commission (FCC).

Boeing Black supports dual MicroSIM with GSM, WCDMA, and LTE on a wide range of bands to facilitate global use and operates on the modified version of Android Operating, that keeps all details as secure as possible.

Security and Confidentiality of the information of any person related to the National Security must be on the high priority, but problem arises when the NSA like agencies starts capturing the Data flowing on the backbone of the communication channel and Bribes Software companies to weaken the encryption, and that compels a user to think twice before opting the new inventions and products.

At the Mobile World Congress in Barcelona, Washington-based software firm Silent Circle and Madrid-based Geeksphone teamed up to launch the Blackphone, highly secure device that doesn’t run on any traditional telecom carriers or operating systems.

We have reported earlier, there is another interesting Self-destructing Chips project, that has been handed over to IBM by the Defense Advance Research Projects Agency (DARPA).

via The Hacker News http://ift.tt/1cWuQkm

Your Financial Credentials are on SALE on the Underground Black Market without your Knowledge… sounds like a nightmare, but it’s TRUE.
Cyber security firm, Hold Security, said it has traced over 360 million stolen account credentials that are available for Sale on Hacker’s black market websites over past three weeks. The credentials include usernames, email addresses, and passwords that are in unencrypted in most cases, according to the report released on Tuesday.

It is not known till now from where these credentials exactly were stolen, but the security researchers estimated that these credentials are a result of multiple breaches. Since the banking credentials are one of the most ‘valuable bounties’ for the cyber criminals, and the ways to steal these credentials can be directly from the companies and from the services in which users entrust data as well.

According to Hold Security, in addition to the sale of 360 million credentials, the cyber criminals are selling about 1.25 billion email addresses, which would be of an interest to the spammers.

Alex Holden, chief information security officer at Hold Security, told Reuters, “E-mail addresses in the credentials are from all major services, including Gmail and Yahoo, and almost all Fortune 500 companies and nonprofit organizations,” and that his company is working to discover where the credentials came from and what they can access.

The sale of this tremendous number of users’ credentials in the underground market can risk consumers and companies, because these wide ranges of compromised users’ credentials could access anything from online bank accounts to corporate networks.

“The sheer volume is overwhelming,” Holden told Reuters, adding, “He believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.”

Hold security is the one, which uncovered the ever big Adobe breach in October 2013, in which 153 million users’ credentials, including user names and passwords were stolen from Adobe system, and a month later identified another large breach of 42 million plain-text password credentials from a niche dating service Cupid Media.
There is no way out to secure yourself from these types of attacks because cyber criminals are trying to heist your money every second of time and by using the same password for multiple accounts, you yourself give them an open invitation.
You can reduce the risk of these attacks by choosing different passwords for different accounts, as the risks are more for the users who choose the same password for multiple services they adopt, because once an attacker has your single account’s email address and password, he can use those credentials to compromise your every other sites account that uses the same username and password.

Only the best practical way to do that is with a password manager. If you aren’t using a password manager, you need to start now, like LastPass, KeePass, RoboForm Desktop 7, PasswordBox, and Dashlane 2.0.

Stay Safe! Stay Secure! Stay Tuned!

via The Hacker News http://ift.tt/1kcE3d2

Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always “The arrest of malware authors and culprits who are involved in the development of Malware.”
Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon, is none other than the SpyEye2 banking Trojan, according to researchers at security firm Delft Fox-IT.
Tilon a.k.a SpyEye2 is the sophisticated version of SpyEye Trojan. Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ‘Aleksandr Andreevich Panin‘ or also known as Gribodemon, who was arrested in July 2013.
‘SpyEye’, infected more than 1.4 million Computers worldwide since 2009, designed to steal people’s identities and financial information, including online banking credentials, credit card information, user names, passwords and PINs. It secretly infects the victim’s computer and gives the remote control to the cybercriminals who remotely access the infected computer through command and control servers and steal victims’ personal and financial information through a variety of techniques, including web injects, keystroke loggers, and credit card grabbers without authorization.

Researchers have confirmed that, the team who had developed the SpyEye is the same who created Tilon, and that is why it was labeled as SpyEye2.

“The team behind its creation was similar, however, reinforced with at least one better skilled programmer,” said the researchers, adding, “The management of SpyEye2 is done through a single, unified interface, which has been completely redesigned but still contains a few of the unique features of the original SpyEye.”

An interesting part of SpyEye2, which the researchers found ‘slightly funny’, is that the malware check for the removal of the older version of SpyEye installed in the infected system and replace it with the new version, i.e. SpyEye2 with better stability features.

“No other malware families are checked for removal. Early versions of the original SpyEye were likewise equipped with a feature to remove older versions of ZeuS installed on the infected system,” researchers say.

According to the researchers, “only the Loader portion of Tilon is sourced from Silon, but this is where the similarity ends. As shown above and further illustrated in the Appendices, the body (i.e., functional portion) of Tilon was actually based on SpyEye.”

Also, another reason to consider Tilon as SpyEye’s variant is its success, which was in the wild from 2012 to 2014, and suddenly seems to be over as the SpyEye author arrested last year.

Fox-IT researchers say, “the arrests, like Gribodemon and other key figures in the underground economy, such as Paunch, the author of the popular Blackhole Exploit Kit, is the key to decreasing the worldwide activity around online crime.”

It doesn’t mean that the malware won’t circulate its fraudulent activity in the future, but will finally come to an end after nearly a year of declining usage.

via The Hacker News http://ift.tt/1klOCY0

Do you know, A Computer viruses could go Airborne over WiFi networks? Security researchers at the University of Liverpool in Britain have demonstrated a WiFi virus that can spread between computer networks just like the ‘common cold‘ spreads between Humans.

They have created a proof-of-concept which can infect the entire wireless network instead of a single computer at a time, that replaces the firmware of the vulnerable Access Point (AP) with a virus-loaded version, and then propagates itself to the next victim on the WiFi network.
The WiFi based virus named as ‘Chameleon‘, that can self-propagate over WiFi networks from access point to access point, but doesn’t affect the working of the Wireless Access Point.
This Virus is able to identify WiFi access points that are not protected by encryption and passwords, according to the research paper. It can badly hit less-protected open access WiFi networks available in coffee shops or airports.

Itpropagates in the following sequence:

The Chameleon attack is a serious threat for WiFi network security. The research shows that this kind of attack is undetectable to any Antivirus and Wireless Intrusion Detection System (IDS).

“Hence, this attack is considered advanced and difficult to detect, as IDS rogue AP detection methods typically rely on a change in credentials, location or traffic levels.”

The Density of Access points in a certain geographical area increases the security issues for wireless networks, because it spreads very quickly at high speed in an area having denser Access Point availability.

“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” says Marshall, Co-author of the research paper.

However, the virus itself doesn’t exist in the wild and created for the demo purpose in the research lab only, though it is very likely that a malicious version could be created and released into the wild by cyber criminals and malware writers.

via The Hacker News http://ift.tt/1dyvX6M

Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger’s every action on iOS Devices i.e. iPhone, iPad etc.

The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researchers at FireEye.

They found a way to bypass the Apple’s app review process effectively and created a proof-of-concept Monitoring app for non-jailbroken iOS 7.0.x devices.

The “monitoring” app, that runs in the background of the iPhone is a Keylogger Trojan which could allow hackers to monitor user’s activities on the mobile device, including – touches on the screen, home button press, volume button press and TouchID press, and send all collected events to any remote server.

According to researchers, their proof-of-concept app works on versions 7.0.4, 7.0.5, 7.0.6, and 6.1.x.

“Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.” FireEye researchers said.

In iOS devices, the application running in the background keeps on refreshing itself; but the researchers also noted that disabling iOS 7’s “Background App Refresh” setting would not restrict a malicious app from keylogging.

“For example, an app can play music in the background without turning on its “background app refresh” switch. Thus a malicious app can disguise itself as a music app to conduct background monitoring.” FireEye explained, So the only present solution to the problem is to manually remove apps from the task switcher.

Earlier this week, Apple has issued an urgent update iOS 7.0.6 in response to a SSL vulnerability that might allow hackers to bypass SSL/TLS verifications on shared and public networks and steal users information from affected devices, including log-in usernames and passwords, as well as other sensitive information.
The Security firm is actively working with Apple on the issue, but until the release of next iOS update, the only thing iOS users can do – Check and monitor the unnecessary applications running on the device via Task Manager and KILL THEM.

Last month, Trustwave’s Neal Hindocha also demonstrated that even Smartphone screen swipe gestures can be analyzed by hackers and as a proof-of-concept he developed a prototype ‘Screenlogging‘ malware for the iOS and Android Smartphones that works the same as a keylogger software for desktop.

via The Hacker News http://ift.tt/1dxJF9S

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers.
Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure transport failed to validate the authenticity of the connection has left millions of Apple users vulnerable to Hackers and Spy Agencies, especially like the NSA.
Last Friday, Apple had also released updated version iOS 7.0.6 to patch the vulnerability, which was first discovered in Apple’s iOS Devices, but later company had acknowledged its presence in Mac OSX also, that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Affected versions include iOS up to version 7.0.5 and OS X before 10.9.2.

Security Researchers confirmed, ‘Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured.‘ with man-in-the-middle attack.

Apple Vulnerability and NSA

I am sure; you still remember the NSA’s DROPOUTJEEP Hacking Tool, implant for Apple iOS devices that allows the NSA to remotely control and monitor nearly all the features of an iPhone, including text messages, Geo-Location, microphone and the Camera.

DROPOUTJEEP program was developed in 2008 to conduct espionage on iPhone users, which was revealed by the documents provided by Edward Snowden a month ago. “The initial release of DROPOUTJEEP will focus on installing the implant via close access methods.” document reads.

According to the vulnerability details published by a Google’s Security Researcher ‘Adam Langley‘, a basic mistake in a line of the SSL Encryption code almost screwed up the iOS SSL certificate verification process with an open invitation for the NSA’s Prying Eyes.

“This sort of subtle bug deep in the code is a nightmare,” Adam Langley said on his blog, “I believe that it’s just a mistake, and I feel very bad for whoever might have slipped in an editor and created it.”

Security researchers, Jacob Applebaum said last December, “Either the NSA has a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves.”

Although, those old techniques are no longer in circulation, but the NSA has a track record of continually evading the privacy of users by exploiting vulnerabilities in various softwares and obviously NSA’s capabilities have improved significantly in the past five years.

In the DROPOUTJEEP document, the NSA also admitted, ‘A remote installation capability will be pursued for a future release.‘ That means, it’s practically possible that the NSA had already discovered this iOS SSL flaw in an effort to hack iPhone users’ remotely by sniffing data and spoofing them to install malware.

An Unanswered Question

‘Was the Apple intentionally injected backdoors for NSA or the flaw was an accident???’ If it was an accident, then Apple would have been able to release patches for both iOS and Mac OS X at the same time, instead of releasing the patches for both, it silently released a fix for iOS devices on Friday night, but when the cryptographers and security experts began criticizing the company for leaving OS X without the patch, they finally acknowledged Mac OS X too; But it’s the 4th day after disclosure and no patch yet has been released for Mac OS X.

Also, Apple contacted CVE (Common Vulnerabilities and Errors database) on 8th January 2014 to reserve the bug number CVE 2014-1266 for the SSL vulnerability and later they have released updated iOS 7.1, which was also vulnerable to the flaw that Apple had already discovered.

However, Apple categorically denied working with the NSA on a backdoor after it was accused last December of creating a way for the US intelligence agency NSA to access contacts and other data in iPhones.

On Dec. 31, Apple spokesperson released a statement saying:

“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.“

In 2013, The US Department of Defense passed Apple’s iOS 6 for the Government use, that means if the NSA was aware of this flaw, they didn’t seem to have informed them.

To Check, whether your web browser is vulnerable to SSL flaw, Click here and to be safe, you are recommended to use an alternate web browser, rather than Safari web browser and avoid using public and unsecured networks.

via The Hacker News http://ift.tt/1kav495

Are you the one of the Digital Currency Holder? PONY is after You.

A Group of cyber criminals has used hundreds of thousands of infected computers of the digital currency holders to filch approximately $220,000 worth of Bitcoins and other virtual currencies.
The researchers at the security firm, Trustwave have uncovered the Bitcoin Heist that was accomplished by the computers infected with a new class of malware that has been dubbed as ‘Pony’, a very powerful type of Spying Keylogger Malware with very dangerous features that was last time found two months ago.

Pony, for those who have not yet heard about it, is a bot controller much like any other, with the capability to capture all kinds of confidential information and access passwords. It contains a control panel, user management, logging features, a database to manage all the data and, of course, the statistics. It can see the passwords and login credentials of infected users when they access applications and Internet sites.

The security firm has found that the botnet has infected over 700,000 accounts in four months of the period, between September 2013 and mid-January 2014, and allowed criminals to control those accounts.

“Not only did this Pony botnet steal credentials for approximately 700,000 accounts, it’s also more advanced and collected approximately $220,000 worth, at the time of writing, of virtual currencies such as BitCoin (BTC), LiteCoin (LTC), FeatherCoin (FTC) and 27 others,” reads the report.

In December, the same piece of malware infected a number of popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc., by stealing a couple of million passwords, that provide them access to all those accounts.

Latest Pony attack

This Time the Pony botnet stole over 700,000 credentials, including 600,000 website login credentials, 100,000 email account credentials, 16,000 FTP account credentials and other Secure Shell account information.

“This instance of Pony compromised 85 wallets, a fairly low number compared to the number of compromised credentials. Despite the small number of wallets compromised, this is one of the larger caches of BitCoin wallets stolen from end-users.”

The Malware was in the wild when the virtual currency, such as Bitcoin value touched the sky, which was developed by cryptographic experts as a way to move money at a lower cost than traditional financial systems.

“Bitcoins are stored in virtual wallets, which are essentially pairs of private and public keys,” the Trustwave researchers said, adding that “whoever has those keys can take the currency, and stealing Bitcoins and exchanging them for another currency, even a regulated one such as US dollars, is much easier than stealing money from a bank.”

They said that cyber thieves with Bitcoins can use any number of trading websites, to get real cash while maintaining anonymity.

NOT just BITCOINS

Here, if you think that the botnet went after only the Bitcoin, then you are wrong. Currently, the Bitcoin value is swinging between $300 and $500. So, instead of sticking to only Bitcoin wallets, the Pony botnet looks for a list of virtual currencies including Anoncoin, BBQcoin, Bytecoin, Craftcoin, Devcoin, Digitalcoin, Fastcoin, Feathercoin, Florincoin, Franko, Freicoin, GoldCoin, I0coin, Infinitecoin, Ixcoin, Junkcoin, Litecoin, Luckycoin, Mincoin, Namecoin, NovaCoin, Phoenixcoin, PPCoin, Primecoin, Quarkcoin, Tagcoin, Terracoin, Worldcoin, Yacoin and Zetacoin.

If you are wondering that the attack was being shut down by some security companies, then you are guessing wrong, because the attackers themselves “closed shop” during January.

Researchers haven’t explained any Malware removal mechanism, but in order to protect your virtual currency, you are advised to encrypt your wallets. Keep your virtual currency wallets safe!

In a separate news, you may also like to read, Worlds Largest Bitcoin Exchange Mt. Gox Shuts Down.

via The Hacker News http://ift.tt/1fBg1Vm

More than one billion of unique visitor spend about 6 billion hours on YouTube to watch videos, according to monthly YouTube Stats. Security researchers from Bromium Labs recently found that YouTube advertising network has been abused by rogue advertisers to distribute malware.

YouTube In-Stream Ads were redirecting users to malicious websites, hosting the ‘Styx Exploit Kit‘ and was exploiting client side vulnerabilities by drive-by-download attack to infect users’ computer with Caphaw Banking Trojan.

The Exploitation process relied upon a Java vulnerability (CVE-2013-2460) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit.

“We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.” researchers said.

Further investigation has revealed that the banking malware uses Domain Generation Algorithm (DGA) for communicating with Command and Control server (C&C). The C&C panel of this Trojan seems to be hosted somewhere in Europe and the case is still under investigation. Caphaw Banking Malware has been marked as malicious by a number of anti-virus companies.

How many users had become victim of this attack is yet a question. Google has taken down the malvertisment campaign and is beefing up internal procedures to prevent such events from occurring again.

Oracle has already patched the respective Java vulnerability last year, So users are advised to keep their Java software up-to-date and install latest Security updates of the softwares and operating system.

via The Hacker News http://ift.tt/1fB5bPe