Hackers are spreading Malware through Fake Security Tools

Over the past few years, Internet users globally have grown increasingly aware of online privacy and security issues due to mass monitoring and surveillance by government agencies, making them adopt encryption software and services.

But it turns out that hackers are taking advantage of this opportunity by creating and distributing fake versions of encryption tools in order to infect as many victims as possible.

Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity, which has put a lot of efforts in targeting users of software designed for encrypting data and communications.

The StrongPity APT group has been using watering-hole attacks, infected installers, and malware for many years to target users of encryption software by compromising legitimate sites or setting up their own malicious copycat sites.

Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically house malicious files or redirect them to attacker-controlled downloads.

The StrongPity APT group has managed to infect users in Europe, Northern Africa, and the Middle East and targeted two free encryption utilities in different attacks: WinRAR and TrueCrypt.

WinRAR and TrueCrypt are long popular within security and privacy conscious users. WinRAR is best known for its archiving capabilities that encrypting files with AES-256 crypto, while TrueCrypt is a full-disk encryption utility that locks all files on a hard drive.

By setting up fake distribution sites that closely mimic legitimate download sites, StrongPity is able to trick users into downloading malicious versions of these encryption apps in hopes that users encrypt their data using a trojanized version of WinRAR or TrueCrypt apps, allowing attackers to spy on encrypted data before encryption occurred.

"The problem with people depending on tools like this isn’t the strength of the crypto, but more about how it's distributed," says Kurt Baumgartner, principal security researcher at Kaspersky Lab. "This is that problem that StrongPity is taking advantage of."

Booby-Trapped WinRAR and TrueCrypt Downloads:

The APT group previously set up TrueCrypt-themed watering holes in late 2015, but their malicious activity surged in end of summer 2016.

Between July and September, dozens of visitors have redirected from tamindir[.]com to true-crypt[.]com with unsurprisingly almost all of the focus on computer systems in Turkey, with some victims in the Netherlands.

However, in WinRAR case, instead of redirecting victims to a website controlled by StrongPity, the group hijacked the legitimate winrar.it website to host a malicious version of the file themselves.

The winrar.it website infected users mostly in Italy, with some victims in countries like Belgium, Algeria, Tunisia, France, Morocco and Cote D'Ivoire, while the attackers controlled site, winrar.be, infected users in Belgium, Algeria, Morocco, the Netherlands, and Canada.

Top Countries infected with StrongPity APT malware:

According to Kaspersky, more than 1,000 systems infected with StrongPity malware this year. The top five countries affected by the group are Italy, Turkey, Belgium, Algeria and France.

The StrongPity APT's dropper malware was signed with "unusual digital certificates," but the group didn't re-use its fake digital certificates. It downloaded components include a backdoor, keyloggers, data stealers and other crypto-related software programs, including the putty SSH client, the filezilla FTP client, the Winscp secure file transfer program and remote desktop clients.

The dropper malware not only provides the hackers control of the system, but also allows them to steal disk contents and download other malware that would steal communication and contact information.

Therefore, users visiting sites and downloading encryption-enabled software are advised to verify both the validity of the distribution website as well as the integrity of the downloaded file itself.

Download sites that not use PGP or any strong digital code signing certificate are required to re-examine the necessity of doing so for the benefits of them as well as their own customers, explained Baumgartner.

Play Store Now Lets You Stream Games Before Buying Them

We have been hearing about app trials in Google Play for a while now and it looks as if the feature is finally arriving to users in full force. The feature is pretty nifty, even though it wasn’t discussed at all in Google’s latest event

Various users have reported seeing a “Try Now” button appearing next to the “Buy Now” one. Tapping it takes you into a 10-minute free trial of the game where you can assess the quality and experience.

The way this works is quite similar to the cloud-based gaming we have seen on services like OnLive, where the game is actually run on the company’s servers with only the video and audio being transmitted. The controller feedback is sent back to the company servers.

Gameplay:

There is a floating menu to offer help or exit the stream. A countdown timer tells you how much your allotted time is remaining. The cloud services aren’t particularly known for the consistency of their experience but hopefully Google will fare better here.

This is a far less strenuous method than installing a free trial of an app and then assessing it, or worse, paying for an app before deciding you don’t like it and then scrambling for an uninstall. If done well, it can allow for even more action-packed titles on both newer and older devices, which could be an industry changer.

Future Expectations:

The games, reportedly, can be played as many times as possible though no saves will be available. The feature is not available everywhere, requires compatible hardware and supports only limited titles. If all goes well, Play Store could launch a complete streaming service for all apps and games, but that’s just wishful thinking for now. Let’s hope we hear some positives about this new feature in the coming few days.

Image Source : Android Authority

The Internet Has a New Controlling Authority & It’s Not the U.S

The Government of United States has handed over the control of the Internet Assigned Numbers Authority (the internet’s address book) to ICANN, an independent international body made up of a number of governments, corporations and individual users.

What is Internet Assigned Numbers Authority (IANA)?

The IANA manages the allotment of IP addresses all over the globe. It also delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities.

In simple terms, the IANA is a database that stores all the domain names on the internet. For example, if you type “propakistani.pk”, the IANA is responsible for directing you to our website.

Who owns the IANA now?

Initially, IANA was established as an informal way to reference to various technical functions for the ARPANET by Jon Postel and Joyce K. Reynolds. They alone were responsible for managing the IANA from 1988 to 1998.

In 1998, the Department of Commerce created ICANN, a nonprofit organization that is responsible for coordinating the maintenance and procedures of several databases. With participants from all over the globe, the organization’s purpose is to keep the Internet secure, stable and interoperable.

After Postel’s death in 1998, they granted ICANN a contract to manage the IANA. ICANN was to get the full ownership of IANA eventually, but the process was bogged down due to politics. Numerous political leaders from the Republican Party, including Ted Cruz, have opposed this move. However, ICANN finally approved a transition plan this year.

On the 1st of October, a judge ruled in favor of the plan, allowing it to move forward. As of this moment, the ICANN is now the official owner of the IANA.

Facebook Messenger Chats Now Offer End-to-End Encryption

Facebook is finally capitalizing on the promise it first made back in July, of making conversations on Messenger completely encrypted. The platform isn’t the first to offer such a feature but is definitely among the most used ones, even if it doesn’t offer it in full glory.

The feature, dubbed Secret Conversations, is now available to the billion or so active users of Messenger, as confirmed by Wired. It is turned off by default so it requires turning on manually. It also doesn’t make every conversation that has occurred in the past encrypted.

How to Activate:

In the latest version of Messenger, you’ll see a new secret icon in the top right corner of the app. Tap that and you can start an encrypted chat. Existing conversations can also be converted to secret ones, by tapping their name at the top, and toggling the Secret Conversations option.

Encryption Tech:

Messenger uses the renowned Signal encryption system, developed by the nonprofit Open Whisper Systems, which has already been implemented in the privacy-centered Signal Private Messenger. That app has the blessings of none other than Edward Snowden.

Of course, both the users need to update to the latest version of Messenger to use the updated security feature so first make sure that is done. The conversations can only be carried out on a single device at a time.

Room For Improvement:

The functionality of these conversations is a bit more limited in comparison to normal ones, with GIFs and videos not supported, yet.

The feature was first tested in beta in public back in July and only now is it arriving to the all users.

Messenger isn’t the first platform to offer such privacy, as Signal, Telegram and Whatsapp among others have had it for long. Though, it is certainly among the most used messaging apps. That will happen of course if you trust Facebook with your privacy in the first place.

WhatsApp Adds Snapchat-Like Doodling in New Update

A feature that has been in Google Allo and Snapchat from the start is now making its way to WhatsApp. You can now doodle on images or add stickers and emojis on them.

New Features in the Update

Aside from doodling and adding emojis on images, the update brings front facing flash support (screen flash) for selfies and video zooming options in the app’s camera.

The update was available in WhatsApp beta and is now available for the general public. Only Android users can avail this update for now. iOS users will have to wait.

According to the WhatsApp blog:

"When you capture a new photo or video or share one that’s already on your phone, you’ll automatically see the new editing tools. The WhatsApp camera feature now supports the front-facing flash so you can take the perfect selfie."

"In low light and at night, this will brighten up your screen and improve the quality of your photo. We’ve also added a convenient zooming feature for recording videos – just slide your finger up and down to zoom in and out. And to quickly switch between front and rear facing cameras, double tap on the screen."

Adapting to the Competition

This isn’t the first time Facebook has copied Snapchat’s features. They copied Snapchat stories and introduced it in Instagram, renaming it to Instagram stories.

It should be mentioned that Facebook CEO Mark Zuckerberg once offered to buy Snapchat from its CEO Evan Spiegel a few years ago.

Even though both Facebook Messenger and WhatsApp boast around a billion users each, Snapchat still poses a major threat because of its immense popularity among teens and the younger demographics. Facebook seems to be adapting and introducing new features in anticipation of the fact that Snapchat will become a major competitor to its messaging platforms soon.

The update is not yet available at the Google Playstore but is expected to be available today