The app is still active at the time of writing and sends collected Attack.Databreach user details to an AOL email address . Discovered today by MalwareHunter , this application goes above and beyond of what other card stealers have attempted , most of which are half-baked efforts , often easy to recognize as malicious applications thanks to their quirky graphics and misaligned designs . This app , named `` Betaling - Google Chrome.exe '' , tries to pass as the Google Chrome browser and does a good job at it . Betaling is n't a perfect Google Chrome , though , as there are a few clues that experienced users can spot . For starters , the malicious app requires users to have installed a minimum version of .NET Framework 4.0 or higher , a requirement the real Google Chrome never had . Second , the app also uses the standard Windows 8/8.1/10 Metro style , even when running on a Windows 7 PC . Third , while Betaling tries to trick Attack.Phishing users into thinking it 's the real Chrome , outside of the lock icon and the address bar , the rest of the Chrome UI is missing , such as the tab bar , the menu , Chrome buttons , and others . Users ca n't resize the window , ca n't minimize it , ca n't make it fullscreen , ca n't drag it , and ca n't enter a new URL . Nevertheless , much less sophisticated malware has been able to infect hundreds or thousands of users in the past , which means Betaling and its UI can be quite effective . Several security researchers who 've taken a look at Betaling were impressed by its carefully crafted design . Non-infosec people thought Betaling was a phishing page loaded Attack.Phishing inside a Chrome browser , and only some time later realized they were n't looking at a Chrome window to begin with . Currently , Betaling 's interface is only available in Dutch , which reveals the malware 's current target . The form displayed inside the fake Chrome window is n't blind to user input like most phishing pages , and some data validation takes place , yielding two sorts of errors . If correct the data is entered , Betaling collects Attack.Databreach all information and sends it to an AOL email address at whatsapp.hack @ aol.com . This email address was discovered when security researchers analyzed the application 's source code . Accessing its inbox , they 've discovered recent logs , including the test data entered during Bleeping Computer 's tests , meaning the app works just fine . Besides recent logs from Betaling , researchers also found logs from an unidentified keylogger . These logs went back as far as January 2016 and included details from victims from all over the world . `` It 's been long since he got any [ keylogger ] logs , '' said a security researcher that goes by the name of Guido , who also analyzed the malware . Guido , who already reported the malware to authorities , says the initial entries for the keylogger logs contained a series of recurring email addresses . Common sense dictates these are the author 's own emails , which he used for testing , during the keylogger 's development and subsequent rollout . These two emails , patrick * * * @ live.nl and patrick * * * * * * * @ gmail.com , are also linked to accounts on the Spokeo social network . Furthermore , Betaling 's PDB file includes a compilation path of `` C : \Users\Patrick\ '' , and the Betaling EXE file is also self-signed by an invalid certificate authority named `` CN = DESKTOP-PC\Patrick '' . Both mentions of the `` Patrick '' name are consistent with the two email addresses found in the keylogger 's first log entries . It 's now up to authorities to investigate and determine if the owner of the two email addresses is behind Betaling or not . Furthermore , Guido told Bleeping Computer that in August 2016 , `` Patrick '' sent an email from the AOL account to ankit * * * * * * @ speedpost.net asking for help with a `` stealer '' that was having several bugs

A malvertising campaign is targeting iOS devices with a VPN that does n't hide the fact it collects Attack.Databreach large quantities of users ' information . It also employs the aggressive tactic of playing a high-pitch beeping . To help address Vulnerability-related.PatchVulnerability the `` issues '' the site provides a link to a program called `` My Mobile Secure . '' `` We have detected that your Mobile Safari is ( 45.4 % ) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites . When someone clicks `` Remove Virus , '' their device presents an installation prompt for a VPN called `` My Mobile Secure . '' My Mobile Secure is linked by users ' emails to MobileXpression , a market firm which seeks to study web behavior by collecting Attack.Databreach users ' information . If the intent is to use a VPN to anonymize your online activities , this does almost the opposite . '' It 's reasonable to expect nothing more from a malvertising campaign . With that said , users should take great care to not click on suspicious ads and should consider installing an ad-blocker in their web browsers . They should also consider downloading a VPN , but they should make sure to research VPN providers and their privacy policies carefully before they choose a solution .

Security researchers are closely investigating a spate of newly discovered data breaches Attack.Databreach in the Middle East , in which each case involved the deployment of an advanced , disk-wiping malware variant . Reports from Symantec suggest that a series of recent intrusions share some similarities with an infamous 2012 hacking operation that disrupted multiple Saudi energy companies . The mysterious perpetrators behind the destructive 2012 cyberattacks were dubbed Shamoon , a loosely defined hacking group with advanced capabilities . The malware once used by the enigmatic group — W32.Disttrack and W32.Disttrack.B — first showed up in the 2012 incident but was then again found by digital forensic experts as recently as Nov. 2016 . When successfully installed , Disttrack can corrupt Attack.Databreach files and overwrite a system ’ s master boot record , rendering the device unusable . “ Threats with such destructive payloads are unusual and are not typical of targeted attacks , ” security researchers wrote in a blog post shortly after the originally Saudi energy breach . On Monday , Symantec published what it believes are ties between Shamoon and another cyber espionage group , named Greenbug . Greenbug relies on a unique , custom information-stealing Attack.Databreach remote access trojan , or RAT , known as Trojan.Ismdoor , in addition to a suite of commoditized credentials stealing hacking tools . Greenbug tends to use Attack.Phishing phishing emails to infect victims . The group typically targets Middle Eastern aviation , government , investment and education organizations , Symantec ’ s research team said . Between June and November 2016 , Trojan.Ismdoor was used against multiple organizations based in the Middle East . “ The use and purpose [ of Trojan.Ismdoor ] do fit that of malware used by nation state attackers . Additionally , the information gathering conducted once the attacker is on the network also supports the types of operations seen by nation state attackers , ” Symantec senior threat intelligence analyst Jon DiMaggio told CyberScoop . Researchers say there is at least one case in which the two hacking groups — Shamoon and Greenbug — may have been simultaneously active inside a victim ’ s computer network . In this context , it is possible that Greenbug — acting as the espionage arm for Shamoon — collects Attack.Databreach the necessary information needed to conduct the disk-wiping attack .

Cybercriminals that specialize in ransomware , which affects thousands of computers and mobile devices every year , are ramping up their attacks against businesses . It is here that they can get their hands on valuable information and large sums of cash . This particular kind of malware , which hijacks devices and demands a ransom Attack.Ransom for their return , has managed to conquer another kind of technology : smart TVs . Last December , the American developer Darren Cauthon announced on Twitter that a family member ’ s television had fallen victim to one of these attacks Attack.Ransom . The television in question was an LG model that came out in 2014 that is compatible with Google TV , a version of Android tailored to televisions . Once it had infiltrated the device , the malicious software demanded a ransom Attack.Ransom of $ 500 dollars to unlock the screen , which simulated a warning from the Department of Justice . pic.twitter.com/kNz9T1kA0p — Darren Cauthon ( @ darrencauthon ) December 25 , 2016 The appearance of the false message would lead you to believe that it ’ s a version of the ransomware known as Cyber.police , also known as FLocker . Ordinarily this ransomware affects smartphones with Google ’ s operating system . After hijacking the device , the malware collects Attack.Databreach information from the user and the system , including contact information and the location of the device , to be sent encrypted to cybercriminals .

This week researchers found a piece of malware in the wild , built to steal Attack.Databreach passwords from the macOS keychain . Named `` MacDownloader '' and posing as Attack.Phishing , what else , a fake Flash Player update , the new malware was found on the Mac of a human rights advocate and believed to originate from Iran . The malware 's code is very sloppy and appears to have been made by an amateur who took pieces of other 's code and repurposed them . The threat report mentions the following : MacDownloader seems to be poorly developed and created towards the end of 2016 , potentially a first attempt from an amateur developer . In multiple cases , the code used has been copied from elsewhere . The simple activity of downloading the remote file appears to have been sourced from a cheat sheet . The main purpose of MacDownloader seems to be to perform an initial profiling of the infected system and collection Attack.Databreach of credentials from macOS ’ s Keychain password manager – which mirrors the focus of Windows malware developed by the same actors . At this time , it appears the malware is not a threat and the Command & Control server has been taken down . Intego VirusBarrier offers protection from this malware , detected as OSX/MacDownloader . Security researchers found that this malware was originally designed as Attack.Phishing a fake Bitdefender antivirus , but was later repackaged as Attack.Phishing a fake Flash Player update . Once installed , the malware attempts to achieve persistence by use of a poorly implemented shell script , which at the time of writing did not function due to the C & C server being offline . MacDownloader displays Attack.Phishing a fake Flash Player update that offers an `` Update Flash-Player '' button and a `` Close '' button . Unlike other malware of its kind , clicking the Close button actually exists the installer and nothing malicious is placed on the system . If the Update button is clicked though , a malware dialog will pop-up , which is , of course , fake as well . These dialogues are also rife with basic typos and grammatical errors , indicating that the developer paid little attention to quality control . After a user clicks on OK , the software mimics the System Preferences to request the admin password in order to grab more info on the system . If the user enters their password and clicks OK , the software grabs the info , and then it tries to open a remote connection to : MacDownloader collects Attack.Databreach user keychain information and uploads it to said C & C server , including documents the running processes , installed applications and the username and password , which are acquired through a fake System Preferences dialog . The name and password , which in almost all cases are Administrator credentials , give the malware everything it needs to access the keychain information . With access Attack.Databreach to the keychain the sky is the limit , because email account passwords , social network account details , and much more , are all stored in the keychain .

This file photo taken on August 13 , 2008 shows a man walking over the seal of the Central Intelligence Agency ( CIA ) in the lobby of CIA Headquarters in Langley , Va. Wikileaks ' latest data dump Attack.Databreach , the `` Vault 7 , '' purporting to reveal the Central Intelligence Agency 's hacking tools , appears to be something of a dud . If you did n't know before that spy agencies could apply these tools and techniques , you 're naive , and if you think it undermines the attribution of hacker attacks on the Democratic National Committee and other targets , you 'll be disappointed . On the surface , the dump Attack.Databreach — touted by Wikileaks as the biggest ever publication of confidential CIA documents — offers some explosive revelations . They 're all over the news pages : The CIA is able to use your Samsung smart TV to eavesdrop Attack.Databreach on you ! The CIA can get into your iPhone or Android device , as well as your Windows , Mac or Linux PC , and harvest Attack.Databreach your communications before they are encrypted ! No encryption app — not even the Edward Snowden favorite , Signal , or WhatsApp , which uses the same encryption — is safe ! The CIA hoards `` zero day '' vulnerabilities — weaknesses not known to the software 's vendors — instead of revealing Vulnerability-related.DiscoverVulnerability them to the likes of Google , Apple and Microsoft ! CIA hackers use obfuscation tools to pretend its malware was made by someone else , including Russian intelligence ! There 's even a Buzzfeed story quoting current and former U.S. intelligence officers that the dump is `` worse than Snowden 's . '' There is little content in the dump to support these panicky reactions . Nothing in it indicates that the CIA has broken messenger encryption , as Open Whisper Systems , the software organization responsible for Signal , has been quick to point out . The CIA can read Attack.Databreach messenger communications only if it plants malware on a specific phone or computer ; then it can harvest Attack.Databreach keystrokes and take screenshots . This is not about mass surveillance — something that should bother the vast majority of internet users — but about monitoring specific targets . Open Whisper Systems tweeted on March 7 : `` Ubiquitous e2e encryption is pushing intelligence agencies from undetectable mass surveillance to expensive , high-risk , targeted attacks . '' It 's not much of a secret that using a hacked phone or computer renders end-to-end encryption useless . It was the essence of Apple 's dispute with the Federal Bureau of Investigation last year , when the company would n't help the FBI get into a phone owned by San Bernardino shooter Syed Rizwan Farook . The Big Brother-style implications of a hacked Samsung TV are undermined by the nature of the documents that describe the hack . The CIA needs physical access to the TV set to weaponize it . Robert Graham , founder of Errata Security , wrote on the firm 's blog : `` The docs are clear that they can update the software running on the TV using a USB drive . There 's no evidence of them doing so remotely over the Internet . If you are n't afraid of the CIA breaking in an installing a listening device , then you should't be afraid of the CIA installing listening software . '' The Wikileaks cache contains a manual for CIA hackers on making their malware harder to trace , for example , by adding foreign languages . Wikileaks also said that the CIA `` collects Attack.Databreach and maintains a substantial library of attack techniques ' stolen Attack.Databreach ' from malware produced in other states including the Russian Federation . '' The library , however , contains all sorts of publicly available malware , as well as samples tentatively attributed to foreign intelligence services ; all that does is confirm that hackers , including CIA ones , are n't picky about the origins of the products they use . The important thing is that the malware should work . This should n't affect serious attempts to attribute hacker attacks . I 'm not sure this is fully understood within the U.S. intelligence community itself — at any rate , the declassified report on Russian hacking it released late last year appeared to base attribution on the use of specific publicly available malware . But industry experts usually need much more evidence . A number of possible Russian attacks were attributed to Moscow 's intelligence services because the attackers used specific command and control centers — servers — to collect Attack.Databreach information from various Russia adversaries . To set up a false flag operation , the CIA would need to go much further than obfuscating the origins of its malicious code . So all the jubilant tweets from Trump supporters declaring the CIA was behind the `` Russian hacks '' are at least premature and probably inaccurate .