Pro PoS - Malware Could Steal Your Christmas

The point of Sale systems are the most tempting target for cyber crooks to steal your credit card information and with this Christmas, you need to be more careful while using your credit cards at retailers and grocery stores.

Here's why…

Cyber criminals are now selling a new powerful strain of Point of Sale (PoS) malware through underground forums.

Like several POS malware families discovered last year, including vSkimmer and BlackPOS, the new malware is also designed to steal payment card data from the infected POS systems and support TOR to hide its C&C (Command and Control) servers.

Pro PoS – Light Weight, Yet Powerful Malware

However, the new malware, dubbed "Pro PoS," packs more than just a PoS malware.

Pro PoS weighs only 76KB, implements rootkit functionalities, as well as mechanisms to avoid antivirus detection, according to threat intelligence firm InfoArmor.

What's even more interesting about this malware is…

Pro PoS integrates a polymorphic engine that lets the threat generate a different signature for each malware sample – a measure designed to foil security defences.

InfoArmor warned that cyber crooks were actively using the current version of Pro PoS Solution in an effort to target PoS systems used by large retailers and SMBs in the United States and Canada specifically.

Pro PoS Malware found in the Wild

The developers of the Pro PoS malware are believed to be hackers from Eastern Europe, according to the security firm.

On November 27 (Black Friday), researchers at InfoArmor noticed a significant increase in the price of the Pro PoS Solution, which was offered at $2,600 for a six-month licence.

The developers of Pro PoS have designed their malware in such a way that it infects the principal operating systems, including newer operating systems, used by the companies in the retail environment.

Russian UnderGroud VSkimmer Botnet Targeting E-Payment

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm. 

The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments. 

vSkimmer agent is able to detect card readers on the victim’s machine and gather all the information from the Windows machines sending it to a remote control server encrypting it (Base64).

The malware collects the following information from the infected machine and sends it to the control server:

• Machine GUID from the Registry
• Locale info
• Username
• Hostname
• OS version

The vSkimmer malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow.

Dexter is responsible for the loss of nearly 80,000 credit card records and data breach of payment card data of Subway restaurants in 2012.

According security researchers at McAfee vSkimemr appeared in the underground forum since February and it could be an ongoing project.

vSkimmer appears more sophisticated of Dexter despite it is easier to use, vSkimmer is an advanced tool to steal credit card data from Windows hosts.

Exactly as its predecessor Dexter, vSkimmer is completely undetectable on the compromised host. vSkimmer waits for a named USB device to be attached to the compromised machine and once detected it the malware dumps the collected data to the removable device. 

“vSkimmer can also grab the Track 2 data stored on the magnetic strip of the credit cards. This track stores all the card information including the card number.”

To be precise on Track 2 was stored card number, three-digit CVV code, and expiration date are stored, all necessary to qualify card in payment processes.

On credit card information grabbing the post states:

“VSkimmer maintains the white listed process, which it skips while enumerating the running processes on the infected machine.Once vSkimmer finds any running process not in the white list, it runs Open Process and Read Process Memory to read the memory pages of the process and invokes the pattern-matching algorithm to match the regular expression “?[3-9]{1}[0-9]{12,19}[D=\\u0061][0-9]{10,30}\\??”)” and extract the card info read by the payment devices. This is done recursively for every process running in the infected machine and not on the white list.”

VSkimmer demonstrated the great interest of cyber crime in payments sector institutions have already been attacked in the past by malicious code such as Zeus and SpyEye and this case is just “another example of how financial fraud is actively evolving and how financial Trojans were developed and passed around in the underground community.” This botnet is particularly interesting because it directly targets card-payment terminals running Windows,” Shah explained in his post, I found really interesting the fact that the offer of similar malware in the underground is increasing and their model of sale is reaching level of excellence never seen first ... we face difficult times.

Li-Fi is 100 Times Faster than Wi-Fi Technology - Practically Proved

Yes, it's time to shift from Wi-Fi to Li-Fi — an alternative technology that is 100 times faster than the average speeds of Wi-Fi.

Scientists have just field-tested the new wireless technology called Li-Fi for the first time and achieved marvelous wireless speeds that are 100 times faster than current WiFi speeds.

What is Li-Fi Technology?

Li-Fi is a new wireless technology that transmits high-speed data using light (i.e. Visible Light Communication or VLC) rather than radio bands.

In short, Li-Fi is a Super-Fast alternative to Wi-Fi.

Earlier this year, scientists achieved mind-blowing speeds of 224 gigabits per second (Gbps) in the lab using Li-Fi. It's believed that this technology has the potential to change everything about the way we use the Internet today.

And Yes, it will.

Test Results: Li-Fi is 100 times Faster than Wi-Fi

An Estonian startup company called Velmenni took the technology out of the laboratories and into the real-world offices, and industrial environments in Tallinn for the first time and, believe me, it's really, really fast.

The company was able to transmit data at 1GB per second, which is almost 100 times faster than the Wi-Fi speeds.

"We are doing a few pilot projects in different industries where we can utilize the VLC technology,"Velmenni's CEO Deepak Solanki told IBTimes UK.
"Currently we have designed a smart lighting solution for an industrial environment where the data communication is done through the light. We're also doing a pilot project with a private client where we're setting up a Li-Fi network to access the Internet in [our] office space."

Unlike Wi-Fi network signals, Li-Fi is based on light and can't penetrate through walls, which makes it more secure from external sniffing. Meanwhile, it also means there is less interference from other devices.

Who Invented Li-Fi?

The Li-Fi technology was originated in 2011 by German physicist Harald Haas, who outlined the idea of using light bulbs as wireless routers during a TED Talk. He demonstrated that with a flickering light from an LED, one could transmit more data than a cellular tower.

You can watch the full video of Haas talk about the Li-Fi technology in 2011 given below.

Bluestack 2: For Android Apps on Windows & Mac OS X

Bluestacks, the first app player for running Android apps on Windows, has launched the latest version of its Android emulator platform with one major upgrade:

• The Ability to Run Multiple Android apps Simultaneously.

BlueStacks 2 Released

Bluestacks previously only run a single app at a time. However, with the launch of BlueStacks 2, the app adds a tabbed interface that allows you to jump between multiple Android apps in the same window.

This is great for you to run gaming and messaging apps, or news and messaging apps at the same time.

The update also adds a toolbar that allows you to quickly tell the Android emulator to simulate rotating the device screen or to perform other functions, such as copying and pasting.

In BlueStacks 2, players now have options to marry game play and app discovery, meaning when they click an advertisement, a new tab will appear so that the players can continue playing their games without being interrupted.

How to Run Multiple Android apps Using BlueStacks 2

BlueStacks 2 is currently available only on Windows, but will soon debut on Macs in July.

Follow these simple steps to go:

Step 1: To use and run multiple Android apps simultaneously, you need to first Download BlueStacks 2, which is free.

Step 2: Install BlueStacks 2 software on your Windows computer.

Step 3: Once installed, you will land on the Welcome Tab. Just Move to 'Android' tab.

Step 4: Software will ask you for One-time Google Account Setup, just like an Android device ask for.

Step 5: Login with your Google account to complete the Setup and you are ready!

Step 6: From 'Android' tab select multiple apps you want to run in parallel. BlueStacks 2 will open each app in a new Tab within the software interface.

With the seventh-largest Android user base in the world, Bluestacks has crossed more than 109 Million app downloads, engaging more than 1.1 Billion Android apps every month.

"When we started, mobile apps, with their crisp resolution looked and sounded gorgeous on PC and TV," said Shashi Kant Sharma, Product Manager at BlueStacks.

"What we’ve learned is that the wider visual space lends itself more naturally to app discovery. Once someone discovers apps on PC or TV, they tend to use them across all of their devices, giving the BlueStacks platform powerful reach for developers."

Another Critical Flaw of Android Affected Millions At RISK

we reported about a critical mediaserver vulnerability that threatened to crash more than 55 percent of Android devices, making them unresponsive and practically unusable to perform most essential tasks.

Now, security researchers at Trend Micro have uncovered another flaw in the Android's mediaserver component that could be remotely exploited to install malware onto a target device by sending a specially crafted multimedia message.

The vulnerability (CVE-2015-3842) affects almost all the versions of Android devices from Android 2.3 Gingerbread to Android 5.1.1 Lollipop, potentially putting hundreds of Millions of Android devices open to hackers.

Since Google has patched this issue, but hopefully the patch issued by Google this time isn’t incomplete like its patch for the Stagefright vulnerability that affects 950 Million Android devices worldwide.

How the Vulnerability Works?

The security flaw involves a mediaserver component called AudioEffect and uses an unchecked variable that comes from the client, usually an app.

According to a security researcher from Trend Micro, the vulnerability can be exploited by malicious apps.

All a hacker need to do is to convince the victim to install an app that does not ask for "any required permissions, giving them a false sense of security."

"The checking of the buffer sizes of pReplyData and pCmdData is not correct," researchers wrote in a blog post published Monday.

"As the mediaserver component uses these buffers… the mediaserver component assumes the buffer sizes of pReplyData and pCmdData are bigger than this size. We can make the buffer size of pReplyData, which is client-supplied, smaller than the size read from the buffer pCmdData. This causes a heap overflow."

Proof-of-Concept Attack

The researchers have also developed a proof-of-concept (PoC) malicious app that exploits the flaw. They tested their app on a Nexus 6 handset running Android 5.1.1 Build LMY47Z.

Once installed on the device, the app crashes the Android’s mediaserver component by overflowing the buffer pReplyData in the heap. However, if the mediaserver component does not crash, the POC app will be closed and run again.

When will I expect a Fix?

So far, there isn't any indication of active attacks against this vulnerability, but researchers said that the flaw could be exploited to provide full control of the target device.

Google has fixed the issue, but given the shaky history of device manufacturers and carriers rolling out patches, it is not known how long the companies will take to update the vulnerable devices.