The app is still active at the time of writing and sends collected Attack.Databreach user details to an AOL email address . Discovered today by MalwareHunter , this application goes above and beyond of what other card stealers have attempted , most of which are half-baked efforts , often easy to recognize as malicious applications thanks to their quirky graphics and misaligned designs . This app , named `` Betaling - Google Chrome.exe '' , tries to pass as the Google Chrome browser and does a good job at it . Betaling is n't a perfect Google Chrome , though , as there are a few clues that experienced users can spot . For starters , the malicious app requires users to have installed a minimum version of .NET Framework 4.0 or higher , a requirement the real Google Chrome never had . Second , the app also uses the standard Windows 8/8.1/10 Metro style , even when running on a Windows 7 PC . Third , while Betaling tries to trick Attack.Phishing users into thinking it 's the real Chrome , outside of the lock icon and the address bar , the rest of the Chrome UI is missing , such as the tab bar , the menu , Chrome buttons , and others . Users ca n't resize the window , ca n't minimize it , ca n't make it fullscreen , ca n't drag it , and ca n't enter a new URL . Nevertheless , much less sophisticated malware has been able to infect hundreds or thousands of users in the past , which means Betaling and its UI can be quite effective . Several security researchers who 've taken a look at Betaling were impressed by its carefully crafted design . Non-infosec people thought Betaling was a phishing page loaded Attack.Phishing inside a Chrome browser , and only some time later realized they were n't looking at a Chrome window to begin with . Currently , Betaling 's interface is only available in Dutch , which reveals the malware 's current target . The form displayed inside the fake Chrome window is n't blind to user input like most phishing pages , and some data validation takes place , yielding two sorts of errors . If correct the data is entered , Betaling collects Attack.Databreach all information and sends it to an AOL email address at whatsapp.hack @ aol.com . This email address was discovered when security researchers analyzed the application 's source code . Accessing its inbox , they 've discovered recent logs , including the test data entered during Bleeping Computer 's tests , meaning the app works just fine . Besides recent logs from Betaling , researchers also found logs from an unidentified keylogger . These logs went back as far as January 2016 and included details from victims from all over the world . `` It 's been long since he got any [ keylogger ] logs , '' said a security researcher that goes by the name of Guido , who also analyzed the malware . Guido , who already reported the malware to authorities , says the initial entries for the keylogger logs contained a series of recurring email addresses . Common sense dictates these are the author 's own emails , which he used for testing , during the keylogger 's development and subsequent rollout . These two emails , patrick * * * @ live.nl and patrick * * * * * * * @ gmail.com , are also linked to accounts on the Spokeo social network . Furthermore , Betaling 's PDB file includes a compilation path of `` C : \Users\Patrick\ '' , and the Betaling EXE file is also self-signed by an invalid certificate authority named `` CN = DESKTOP-PC\Patrick '' . Both mentions of the `` Patrick '' name are consistent with the two email addresses found in the keylogger 's first log entries . It 's now up to authorities to investigate and determine if the owner of the two email addresses is behind Betaling or not . Furthermore , Guido told Bleeping Computer that in August 2016 , `` Patrick '' sent an email from the AOL account to ankit * * * * * * @ speedpost.net asking for help with a `` stealer '' that was having several bugs

The IAAF said in a statement the hacking group known as Fancy Bear , which has been linked by western governments and security experts to a Russian spy agency blamed for some of the cyber operations that marred the 2016 U.S. election , was believed to be behind the attack of medical records in February . The hack targeted information concerning applications by athletics for Therapeutic Use Exemptions , the IAAF said . Athletes who had applied for TUEs since 2012 have been contacted and IAAF president , Sebastian Coe , apologized . ” Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , ” Coe said in the statement . “ They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation ” . TUEs are issued by sports federations and national anti-doping organizations to allow athletes to take certain banned substances for verified medical needs . The IAAF said that data on athlete TUEs was “ collected Attack.Databreach from a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolen Attack.Databreach from the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had access Attack.Databreach and means to obtain Attack.Databreach content from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hacked Attack.Databreach into the World Anti-Doping Agency ( WADA ) database and published Attack.Databreach the confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August

An unknown number of managed service providers and their customers are victims of a massive , global cyber espionage campaign by a China-based threat actor that this week was also fingered in another attack against a U.S. group involved in lobbying around foreign trade policy . News of the campaigns coincides with Chinese President Xi Jinping ’ s first official visit to the U.S. to meet with President Trump . It suggests that cyber-enabled espionage out of China continues to be an issue , despite a September 2015 agreement between the U.S and Chinese governments not to support or engage in such activities . “ Even as IP-focused cyber-espionage has reduced since the Xi Jinping-Obama agreement , big business will continue to be targeted , if nothing else than for the influence they hold over governments , ” warns Hardik Modi , vice president of threat research at Fidelis Cybersecurity . Fidelis was one of the organizations that this week disclosed new cyber espionage activity by APT10 , a well-known China-based advanced threat group that is also known as Stone Panda . The other warning about the APT10 group 's resurgent activity , after a period of relative quiet , came from PwC UK and BAE Systems . According to Fidelis , its security researchers in February discovered a reconnaissance tool called `` Scanbox , '' previously associated with China government-sponsored threat actors , embedded on specific pages of the NFTC site . Among the infected page were those that NFTC board members used to register for meetings . It ’ s unclear how the APT10 group initially breached the site in order to embed Scanbox on it . “ Scanbox is a robust framework that can include a variety of reconnaissance modules , ” Modi says . It can , for instance , be used to determine the software running on a target system , the type and version of antivirus on it , and other details . “ In some instances , it has been known to serve up a JavaScript keylogger that can be used to grab Attack.Databreach credentials that the target enters on the page , ” he says . NFTC members have been major contributors to the dialogue around the new U.S. trade policy framework being developed by the Trump Administration . It is highly likely the APT10 group will use data that Scanbox collected Attack.Databreach to craft targeted attacks against them

A security researcher that only goes by the nickname of Racco42 discovered Vulnerability-related.DiscoverVulnerability the vulnerability on Thursday , January 12 . The issue affected Vulnerability-related.DiscoverVulnerability only one Cerber server , not all , and was most likely due to a misconfiguration . The server was n't a command and control server , but a mere staging server from where the victims ' computers would connect and download the actual ransomware , which would later run and infect their PCs . An error in one of the server files ( hxxp : //truthforeyoue.top/search.php ) displayed page source code , instead of executing it . This information found its way to Avast security researcher Jaromir Horejsi , who together with the Avast team leveraged this error to get control over the server . For a period of three hours , the Avast teams explains , they collected Attack.Databreach information from server logs . The Avast team observed over 700 users download Cerber installers , which ran on their PCs . Extrapolating this number to a whole day , just one typical Cerber ransomware staging server would be able to deliver payloads to around 8,400 users during a spam run peak or malvertising campaigns .

Named GhostAdmin , this threat is part of the `` botnet malware '' category . According to current information , the malware is already distributed and deployed in live attacks , being used to possibly target at least two companies and steal Attack.Databreach hundreds of GBs of information . According to MalwareHunterTeam and other researchers that have looked at the malware 's source code , GhostAdmin seems to be a reworked version of CrimeScene , another botnet malware family that was active around 3-4 years ago . Under the hood , GhostAdmin is written in C # and is already at version 2.0 . The malware works by infecting computers , gaining boot persistence , and establishing a communications channel with its command and control ( C & C ) server , which is an IRC channel . GhostAdmin 's authors access to this IRC channel and issue commands that will be picked up by all connected bots ( infected computers ) . The malware can interact with the victim 's filesystem , browse to specific URLs , download and execute new files , take screenshots , record audio , enable remote desktop connections , exfiltrate data Attack.Databreach , delete log files , interact with local databases , wipe browsing history and more . A full list of available commands is available via the image below : The malware 's features revolve around the ability to collect Attack.Databreach data from infected computers and silently send it to a remote server . GhostAdmin operates based on a configuration file . Among the settings stored in this file , there are FTP and email credentials . The FTP credentials are for the server where all the stolen information is uploaded , such as screenshots , audio recordings , keystrokes and more . On the other hand , the email credentials are used to send an email to the GhostAdmin author every time a victim executes his malware , and also send error reports . MalwareHunterTeam says that the GhostAdmin version he analyzed was compiled by a user that used the nickname `` Jarad . '' Like almost all malware authors before him , Jarad managed to infect his own computer . Using the FTP credentials found in the malware 's configuration file , MalwareHunterTeam found screenshots of GhostAdmin creator 's desktop on the FTP server . Furthermore , the researcher also found on the same server files that appeared to be stolen Attack.Databreach from GhostAdmin victims . The possible victims include a lottery company and an Internet cafe . Just from the Internet cafe , the crook has apparently collected Attack.Databreach 368GB of data alone . From the lottery company , the GhostAdmin botmaster appears to have stolen Attack.Databreach a database holding information such as names , dates of births , phone numbers , emails , addresses , employer information , and more . At the time of writing , according to MalwareHunterTeam , the botnet 's IRC channel includes only around ten bots , an approximate victims headcount . Compared to other botnet malware families such as Necurs or Andromeda , which have millions of bots , GhostAdmin is just making its first victims . In its current form , GhostAdmin and its botmaster seem to be focused on data theft and exfiltration Attack.Databreach . At the time of writing , GhostAdmin detection rate on VirusTotal was only 6 out of 55 ( sample here )

In this day and age of online attacks , it becomes all the more important to protect one ’ s computer and other devices against the various threats . Criminals often try to bypass existing security solutions on the device in question , but they also distribute Attack.Phishing fake tools that allegedly prevent these attacks from happening . This trend is called “ rogue security software Attack.Phishing , ” and has been proven to be quite successful over the past few years . This rogue Attack.Phishing anti-spyware program is a clone Attack.Phishing of the Total Virus Protection malware whose origin points to the Russian Federation . The software offers you an option to purchase a license in order to remove those programs when in fact the “ infections ” are critical system files . Many more clones of this software exist , and 2017 variants have been spotted in the wild already . ANG Antivirus only targets Microsoft Windows users , the good news is that it is not too harmful because it ’ s main goal is to scare you into buying a software license . However , some variants have proven to be more harmful and may even steal Attack.Databreach sensitive user information . Do not confuse this “ tool ” with the official Microsoft Security Essentials software , as they are nothing alike . Security Essentials 2010 is a malware strain first discovered in February of 2010 . Its most powerful threat is how the malware prevents users from launching over 150 different programs , including most browsers and the Windows Command Prompt . Unlike ANG Antivirus , Security Essentials uses 3rd party trojans that disguise Attack.Phishing themselves as flash updates that are required to view online videos . Once baited Attack.Phishing , the trojan will install a number of malware including Security Essentials 2010 . Similar to the previous scareware , this one will also prompt you to purchase a license to supposedly remove quite a few threats , all of which are obviously fake . Thankfully , this malware has not been reported of stealing Attack.Databreach personal information or any more sensitive info and is no longer an active threat . The funny part about this program is that it started as Attack.Phishing a legitimate anti-spam system that tried to automate the complaint process for email spam . The program would allow for a user to send a complaint about a spam email to the software . However , some say that the program collected Attack.Databreach the list of emails in order to sell it to other spammers as a fresh list of targets . It did not take long for this security tool to get shut down completely , which occurred in May of 2006 . The company bailed after a thread popped up on a security forum accusing Blue Security of initiating a massive spam attack Attack.Phishing on it ’ s users , Blue Frog was gone one week later . Macintosh users are also in need of proper security tools to keep their computer safe from harm . Mac Defender tried to fill this need , even though its developers had less honorable intentions . It was the first major malware threat to MacOS , its object was to trick Attack.Phishing users into paying the license fee , ranging between US $ 59 and US $ 79 . Moreover , the malware collected Attack.Databreach payment card information used for the license and would use that for further fraudulent purposes . Do not be fooled into thinking this is a software tool that will keep a computer safe from spyware . Instead , the Zinaps software wants to perform Attack.Phishing fake computer scans and trick Attack.Phishing users into buying a license . This is a very common theme among rogue Attack.Phishing security software , as most developers hope to make a lot of money by tempting users into paying for their useless creations . What makes this malware so dangerous is that Zinaps would edit the Windows Registry , ensuring the software runs as soon as the computer boots up . It also makes removing the software much harder and almost almost always leaves traces after its gone . This scareware rogue Attack.Phishing security program will not fix Vulnerability-related.PatchVulnerability any issues related to Windows or otherwise . Once again , this malware wants to force users to buy a license , while not offering any help with real security issues whatsoever .

In this day and age of online attacks , it becomes all the more important to protect one ’ s computer and other devices against the various threats . Criminals often try to bypass existing security solutions on the device in question , but they also distribute Attack.Phishing fake tools that allegedly prevent these attacks from happening . This trend is called “ rogue security software Attack.Phishing , ” and has been proven to be quite successful over the past few years . This rogue Attack.Phishing anti-spyware program is a clone Attack.Phishing of the Total Virus Protection malware whose origin points to the Russian Federation . The software offers you an option to purchase a license in order to remove those programs when in fact the “ infections ” are critical system files . Many more clones of this software exist , and 2017 variants have been spotted in the wild already . ANG Antivirus only targets Microsoft Windows users , the good news is that it is not too harmful because it ’ s main goal is to scare you into buying a software license . However , some variants have proven to be more harmful and may even steal Attack.Databreach sensitive user information . Do not confuse this “ tool ” with the official Microsoft Security Essentials software , as they are nothing alike . Security Essentials 2010 is a malware strain first discovered in February of 2010 . Its most powerful threat is how the malware prevents users from launching over 150 different programs , including most browsers and the Windows Command Prompt . Unlike ANG Antivirus , Security Essentials uses 3rd party trojans that disguise Attack.Phishing themselves as flash updates that are required to view online videos . Once baited Attack.Phishing , the trojan will install a number of malware including Security Essentials 2010 . Similar to the previous scareware , this one will also prompt you to purchase a license to supposedly remove quite a few threats , all of which are obviously fake . Thankfully , this malware has not been reported of stealing Attack.Databreach personal information or any more sensitive info and is no longer an active threat . The funny part about this program is that it started as Attack.Phishing a legitimate anti-spam system that tried to automate the complaint process for email spam . The program would allow for a user to send a complaint about a spam email to the software . However , some say that the program collected Attack.Databreach the list of emails in order to sell it to other spammers as a fresh list of targets . It did not take long for this security tool to get shut down completely , which occurred in May of 2006 . The company bailed after a thread popped up on a security forum accusing Blue Security of initiating a massive spam attack Attack.Phishing on it ’ s users , Blue Frog was gone one week later . Macintosh users are also in need of proper security tools to keep their computer safe from harm . Mac Defender tried to fill this need , even though its developers had less honorable intentions . It was the first major malware threat to MacOS , its object was to trick Attack.Phishing users into paying the license fee , ranging between US $ 59 and US $ 79 . Moreover , the malware collected Attack.Databreach payment card information used for the license and would use that for further fraudulent purposes . Do not be fooled into thinking this is a software tool that will keep a computer safe from spyware . Instead , the Zinaps software wants to perform Attack.Phishing fake computer scans and trick Attack.Phishing users into buying a license . This is a very common theme among rogue Attack.Phishing security software , as most developers hope to make a lot of money by tempting users into paying for their useless creations . What makes this malware so dangerous is that Zinaps would edit the Windows Registry , ensuring the software runs as soon as the computer boots up . It also makes removing the software much harder and almost almost always leaves traces after its gone . This scareware rogue Attack.Phishing security program will not fix Vulnerability-related.PatchVulnerability any issues related to Windows or otherwise . Once again , this malware wants to force users to buy a license , while not offering any help with real security issues whatsoever .

Privacy advocates say tech companies are becoming more brazen about collecting Attack.Databreach users ' location data and personal information . February 6 , 2017 —For just a few days last month , a photo filter app called Meitu , which turns selfies into pearl-skinned , doe-eyed Anime characters , enthralled the social media world . But Meitu faded as quickly as it rose to internet fame after cybersecurity researchers exposed what was really behind the app . Meitu ’ s application program interfaces ( API ) revealed code that collected Attack.Databreach a bevy of personal data that goes far beyond what typical photo apps gather . It amassed Attack.Databreach users ' precise locations , call information , carrier information , and Wi-Fi connections . The company explained that it collected all that data to `` optimize app performance '' and better engage users . As smartphones become ubiquitous , app makers are becoming more brazen about collecting Attack.Databreach personal data , say experts and privacy advocates . And while iPhones and Android devices have limited privacy settings , most consumers remain in the dark about what companies are collecting Attack.Databreach and how they are using that information . `` There 's been erosion of privacy over the past few years . '' In 2015 , he cowrote a study that found a dozen or so popular Android apps – from companies such as the Weather Channel and Groupon – collecting Attack.Databreach location data about every three minutes .

A special operational group existed in the CIA named Umbrage , which was tasked with reviewing public malware and embedding selected features into custom CIA hacking tools . According to one document , the Umbrage team and its purpose were described as follows : The Vault 7 dump , which WikiLeaks claims it received from government contractors and hackers , did not include any actual malware samples , but only the internal CIA documentation . The Umbrage documentation hints the CIA may have reused malware code from multiple malware families . Most entries are attributed using a generic `` Known Malware '' tag , but for some , the malware 's name is included . According to leaked documents , the CIA `` borrowed '' code from : According to another Umbrage file , the CIA had also explored the idea of using code from the Hacking Team , an Italian spyware maker that sold malware to government agencies , which was hacked in 2015 and its malware dumped online . The dumped document reveals the CIA collected Attack.Databreach the Hacking Team data and in August 2015 , two months after the hack , explored the idea of running tests and mapping its capabilities . The CIA must have found something interesting , because the redacted document reveals that by September 2015 , the Agency decided to expand its search to all the Hacking Team files , including emails and internal docs , not just the malware and exploit samples . While the leaked files hint the CIA reused some of this code to cut costs , WikiLeaks proposes another theory . According to the organization , the CIA reused code from public malware samples to `` misdirect attribution by leaving behind the 'fingerprints ' of the groups that the attack techniques were stolen from . '' WikiLeaks also said the Umbrage group reused code from malware stolen from other states , including the Russian Federation , information which many publications are now using to question the US ' attribution of last year 's DNC hacks to Russia . It was common knowledge that xagent was `` in the wild '' so anyone could have used it to hack the DNC . We were told to take it on faith by the US .gov that it was Russia . It 's possible NSA/FBI/CIA/DIA were able to seed the TOR network and unmask the IP 's , but it 's also common for actual Russian agents to bounce their traffic off numerous satellites making traces near impossible