Facebook webinjects deliver Android iBanking malware.

20:18 Abhishek kumar 0 Comments
Hackers are targeting Facebook users, tricking them into downloading a Dangerous piece of malware on their Android devices.
Facebook webinjects deliver Android iBanking malware.
The attack begins by infecting user's computer with the Qadars banking trojan, which is usually done via drive-by download. Jean-Ian Boutin, an ESET malware researcher told SCMagazine

The trojan then intercepts the webpage downloaded and uses javaScript , meant to be injected into Facebook web pages, which tries to trick the user into installing an Android application.

when the user login into his Facebook account he is showed up with a fake verification page injected by the malware, asking the user to verify his mobile phone number and operating system of his mobile device

Once the user enters his Mobile number and select the operating system of his mobile as Android he is sent with a link via sms which on clicking downloads a iBanking malware, in case the user does not get any sms he is asked to to scan a QR code and directly open the link. 

And next the user is guided up to install a fake Facebook app which infact is the iBanking malware. which once installed can be used by the Cyber Criminals to spy over the user. since the malware has several capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone. and can also be used to steal users bank account details.

BJP Punjab and Bihar unit’s website defaced by Pakistani hacker

BJP Punjab and Bihar unit’s website was defaced late night yesterday by Pakistani hackers. the deface page on BJP's Bihar unit's website was showing a man standing over the photo of party’s PM nominee Narendra Modi with BJP's Election symbol in the background of the photo while the deface page on the BJP's Punjab unit's website was showing a image reading #OpFreeKashmir. In addition to the images the deface page also included comments over Narendra Modi and Kashmir.
BJP Punjab and Bihar unit’s website defaced by Pakistani hacker
(Screenshot from BJP's Bihar unit website, Image has been blurred because of its denigrative nature)
BJP Punjab and Bihar unit’s website defaced by Pakistani hacker
(Screenshot from BJP's Punjab unit website)
Both the websites were defaced by different group of hackers, BJP's Bihar unit's website was defaced by a Pakistani hacker going with the online handle Muhammad Bilal whereas BJP's Punjab unit's website was defaced by KING_HAXOR & AryanZ Khan Tr4ck3r who are the members of PAKISTAN HAXORS CREW.

Both of these groups of hacker are actively attacking Indian websites, and report suggests they are planning a major Cyber attack over India in next few days.

This is not the first time when BJP's website was targeted by hackers, earlier this month BJP Junagadh unit’s website was defaced by Pakistani hacker

The message on the Deface page can not be published here because of there denigrative nature. however the hack comes at a time when the elections in India are at full pace.

Michael's, Aaron Brothers Confirms Data Breach, 2.6 Million Cards Impacted

14:07 Abhishek kumar 0 Comments
Almost 3 months after the arts and crafts retail chain Michaels Stores announced it may have been the victim of a data breach, the company has confirmed the Breach with more than 2.6 million consumers’ credit cards effected.
Michael's, Aaron Brothers Confirms Data Breach, 2.6 Million Cards Impacted
on thursday the Company said that the Cyber criminals not only breached their system but also of their subsidiary Aaron Brothers. the piece of malware used in the attack was highly sophisticated and has not been encountered previously by the two security firms that were conducting the investigation. Michaels CEO Chuck Rubin said “We want you to know we have identified and fully contained the incident, and we can assure you the malware no longer presents a threat to customers while shopping at Michaels or Aaron Brothers.”

The point of sales (POS) system targeted by the malware stored payment card numbers and expiration dates, there is no evidence that data such as customers’ names or personal identification numbers were at risk.

Michael's breach occurred between May 8, 2013 and January 27, 2014 in which about 2.6 million or 7% of payment cards used at its stores were compromised. whereas nearly 400,000 cards were affected at 54 Aaron Brothers stores from June 26, 2013 to February 27, 2014.

Michael's says that only a limited numbers of fraud incident has been reported and now there system has all been cleaned up. but the company is offering 12 months of free identity protection, credit monitoring services and free fraud assistance to affected customers in the United States. 

Customers are asked to immediately contact their banks if any suspicious activity is found. the Company is working with bank, payment processors and law enforcement agencies to investigate the breach.

Shortly after the Target and Neiman Marcus breach authorities were concerned that possibly there could be several other retailers hacked too, experts believe that this possibly is not the end the coming days can bring some other breach in light too.

Hacker accused of stealing credit card data and breaking into Romania’s presidency website arrested with more than €153,000

The Romanian man accused of stealing more than 62,000 credit card details and hacking into Romania’s presidency website was arrested this wednesday.
Hacker accused of stealing credit card data and breaking into Romania’s presidency website arrested with more than €153,000
the accused broke into the website of Presidency of Romania aiming to gain access to classified information, the Department for Combatting Organized Crime and Terrorism told newsmen today.

Read more:
police told that the he has also been engaged in the Activity of stealing Credit card data for more than four years between 2010-2014.

he used to send phishing emails acting as the "Bank", tricking victim to provide his personal and financial details. 
Using the method he managed to steal more than 62,000 credit card details which he frequently used to withdraw cash and also sold about 3,500 card details to other Individuals.

A Search warrant was released and the Authorities found €153,000 and $41,000 at the home of the accused.

However Spokesperson from Special Telecommunications Service (STS) says that the website's security was never been breached.