Cyber Security News (22nd January 2018)

  1. Facebook Hacking Android Malware GhostTeam Found in 53 Play Store Apps

The researchers at Trend Micro have identified new Android malware called as GhostTeam. It is capable of stealing Facebook credentials after infecting devices. The malware tricks unsuspecting users into installing it and it is spread through malicious, infected apps. Research suggests that it is present in 53 different applications. One of these infected apps has over 100,000 downloads. India is on top the prominent targets of GhostTeam include users in Brazil and Indonesia. The GhostTeam also is capable of performing a variety of tasks. The email aim of this malware is to steals Facebook credentials. The apps in which this malware is hidden are harmless looking regular apps such as social media video downloaders, flashlights, and QR scanners, etc. After the infected app is downloaded from Play Store it checks if it is running on an Android VM or an emulator to hide its code from security professionals. Once it realizes that it is running on a physical device, it downloads the GhostTeam payload in the form of Google Play Services app. When the user opens Facebook or Google Play, a popup appears requesting to install the fake Google Play Services app and also asks for administrator-level permissions then fake the Web View page is loaded, which asks the user to verify his/her Facebook account.

Cyber Security Tips:  Users are strongly recommended that uninstall mentioned apps if already on your device and reset your Facebook password, install latest antivirus software, check the permission while installing any apps and never log in with popup notification.

  1. Misconfigured Jenkins Servers Leak Sensitive Data

Jenkins is an open source automation server written in Java. Jenkins helps to automate the non-human part of software development process, with continuous integration and facilitating technical aspects of continuous delivery. The expert analyzed approximately half of them and determined that 10-20% was misconfigured. Some of the misconfigured systems discovered by Tunç provided guest or administrator permissions by default, while others allowed guest or admin access to anyone who registered an account. Some Jenkins servers used a SAML/OAuth authentication system linked to Github or Bitbucket, but they allowed any GitHub or Bitbucket account to log in rather than just accounts owned by the organization. Another exposed Jenkins instances, which leaked sensitive tokens, belonged to Google. The Tunç already reported the same issue to various companies i.e. UK-based companies, including Transport for London, supermarkets Sainsbury’s and Tesco, credit checking company ClearScore, educational publisher Pearson, and newspaper publisher News UK.

Cyber Security Tips:  To prevent your servers from such data leaks you are strongly recommended that configure your server properly to avoid misconfiguration, follow server hardening checklist, disable all unnecessary services, keep servers up-to-date and keep monitoring your server.

  1. North Korean Hackers Stole Funds From South Korean Cryptocurrency Exchanges

In February 2017, Bithumb, the second largest cryptocurrency exchange in the global market by daily trading volume, fell victim to a security breach that led to the loss of around $7 mln of user funds, mostly in Bitcoin and Ethereum’s native cryptocurrency Ether. According to the latest report released by Recorded Future noted that the $7 mln Bithumb security breach has been linked to North Korean hackers. Insikt Group researchers, a group of cybersecurity researchers that closely track the activities of North Korean hackers regularly, revealed that Lazarus Group, in particular, has used a wide range of tools from spear phishing attacks to malware distribution through communication platforms to gain access to cryptocurrency wallets and accounts. Insikt Group researchers disclosed that Lazarus Group hackers initiated a massive malware campaign in the fall of 2017. One method Lazarus Group employed was the distribution of Hangul Word Processor (HWP) files through email, the South Korea equivalent of Microsoft Word documents, with malware attached. If any cryptocurrency user downloads the malware, it autonomously installs itself and operates in the background, taking control of or manipulating data stored within the specific device.

Cyber Security Tips: To prevent from such malware you are strongly recommended that avoid opening emails which are spam, never download email attachment come from the unknown person and use reputed antivirus to detect suspicious activities.

  1. Man loses Rs 1.5 lakh on game show scamsters

Bengaluru:  A 38-year old city-based mechanic lost Rs 1.15 lakh to criminals who created a video clip about a fake game show called ‘Kaun Banega Maha Karodpati’ in which his mobile number had been selected for Rs 35 lakh prize. Ismail Sharif, a resident of Janakiram Layout in Lingararajapuram, east Bengaluru, filed a complaint with the cyber-crime police on Thursday. Police said the crooks called Sharif on January 5 and told him that he had been selected for the Rs 35 lakh prize. Initially, he ignored the call, but he fell for the scam after they sent a video clip on WhatsApp in which his number is shown in front of the show’s alleged host, Amitabh Bachchan. They warned him not to show the video to others or else he would lose the prize. The fraudster then asked the victim to send money is certain account. The first fraudster asked the victim to transfer 15,000 then Rs 35,000 and more in several installments. He finally ended up shelling out Rs1.15 lakh.

Cyber Security Tips:  To prevent yourself from such fraudster, never transfer money to an unknown person, never share your bank credentials, and beware of such spammers.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: