Archive for June 30, 2019

Yandex responded to a Reuter’s article on hacking by Western intelligence agencies


Russian Internet giant Yandex reported that hackers working for Western intelligence had access to the company's systems for several weeks. Yandex stated that the hacking attempt was neutralized immediately.

Yandex claims that hackers did not get access to user data. Moreover, the attack did not cause any damage. Sana Paritova, the Head of corporate communications of Yandex, stated, "We can assure you that the attackers are unable to access data of users of Yandex services.”
Yandex specialists “promptly identified and neutralized at the beginning” the hacking attempt.

The company stated, “Yandex, as well as all the major Internet companies,  are regularly confronted with various types of cyber threats. Our corporate policy does not imply the dissemination of detailed information about such cases.”

Recall that the Agency Reuters reported that in October or November 2018, hackers working for Western intelligence services hacked the company in order to spy on user accounts. According to the Agency, employees of Western intelligence agencies have installed a malicious program Regin used by the Five Eyes Alliance. This program allows them to impersonate users and access their messages.

The malicious software involved in the hacking is used by the United States, the United Kingdom, Australia, New Zealand and Canada. It was not possible to determine which country was behind the attack.

The article states that hackers were interested in technical information that allows them to understand how Yandex identifies user accounts. Possessing it, foreign intelligence could impersonate the user and gain access to their messages. The ultimate goal of the hacking was espionage, it was not an attempt to steal intellectual property.

Sources also said that hackers had access to Yandex systems for at least a couple of weeks.

The company turned to Kaspersky Lab, which found that the target of the attack was a group of Yandex developers.

It’s interesting to note that Yandex is working in the field of information technology. It owns the eponymous search engine on the Internet, an Internet portal, a number of different information services.

Recall that earlier EhackingNews was reported that cyber attacks with the use of the Troldesh encryption virus, also known as Shade, XTBL, Trojan.Encoder.858, Da Vinci and No_more_ransome, have again increased in Russia.

Yandex responded to a Reuter’s article on hacking by Western intelligence agencies


Russian Internet giant Yandex reported that hackers working for Western intelligence had access to the company's systems for several weeks. Yandex stated that the hacking attempt was neutralized immediately.

Yandex claims that hackers did not get access to user data. Moreover, the attack did not cause any damage. Sana Paritova, the Head of corporate communications of Yandex, stated, "We can assure you that the attackers are unable to access data of users of Yandex services.”
Yandex specialists “promptly identified and neutralized at the beginning” the hacking attempt.

The company stated, “Yandex, as well as all the major Internet companies,  are regularly confronted with various types of cyber threats. Our corporate policy does not imply the dissemination of detailed information about such cases.”

Recall that the Agency Reuters reported that in October or November 2018, hackers working for Western intelligence services hacked the company in order to spy on user accounts. According to the Agency, employees of Western intelligence agencies have installed a malicious program Regin used by the Five Eyes Alliance. This program allows them to impersonate users and access their messages.

The malicious software involved in the hacking is used by the United States, the United Kingdom, Australia, New Zealand and Canada. It was not possible to determine which country was behind the attack.

The article states that hackers were interested in technical information that allows them to understand how Yandex identifies user accounts. Possessing it, foreign intelligence could impersonate the user and gain access to their messages. The ultimate goal of the hacking was espionage, it was not an attempt to steal intellectual property.

Sources also said that hackers had access to Yandex systems for at least a couple of weeks.

The company turned to Kaspersky Lab, which found that the target of the attack was a group of Yandex developers.

It’s interesting to note that Yandex is working in the field of information technology. It owns the eponymous search engine on the Internet, an Internet portal, a number of different information services.

Recall that earlier EhackingNews was reported that cyber attacks with the use of the Troldesh encryption virus, also known as Shade, XTBL, Trojan.Encoder.858, Da Vinci and No_more_ransome, have again increased in Russia.

An App Which Could Have Meant For Any Woman to Be a Victim of Revenge Porn Taken Down By the Developers



An app created solely for "entertainment" a couple of months back, won attention as well as criticism. It professed to have the option to take off the clothes from pictures of women to make counterfeit nudes which implied that any woman could be a victim of revenge porn.

Saying that the world was not prepared for it the app developers have now removed the software from the web and wrote a message on their Twitter feed saying, "The probability that people will misuse it is too high, we don't want to make money this way."

Likewise ensuring that that there would be no different variants of it accessible and subsequently withdrawing the privilege of any other person to utilize it, they have also made sure that any individual who purchased the application would get refund too.

The program was accessible in two forms - a free one that put enormous watermarks over made pictures and a paid rendition that put a little "fake" stamp on one corner.

Katelyn Bowden,  founder of anti-revenge porn campaign group Badass, called the application "terrifying".

"Now anyone could find themselves a victim of revenge porn, without ever having taken a nude photo, this tech should not be available to the public, “she says.

The program apparently utilizes artificial intelligence based neural networks to remove clothing from the images of women to deliver realistic naked shots.

The technology is said to be similar to that used to make the so-called deepfakes, which could create pornographic clips of celebrities.

Gamers’ Google and Facebook Credentials Unsafe; Android’s “Scary Granny ZOMBYE Mod: The Horror Game” To Blame!






A horror game from Android which has more than 50,000 downloads to its name. The Scary Granny ZOMBYE Mod: The Horror Game showed malicious behavior and is allegedly stealing users’ credentials after they log into their accounts.

The game is specifically designed to hoard downloads from the success of another Android game dubbed “Granny” with 100 million installs as of now.

After the researchers informed Google about the game’s phishing and siphoning abilities, the fully functional game was taken down from the Google Play Store.

A prominent research team realized that the game wouldn’t exhibit any malicious activity up to 2 days to steer clear of security checks.

It would turn in its data-stealing modules lest it were being used on older Android versions with users with new devices which run up to date.

Quite obviously it starts asking for permissions to launch itself on the smartphone or tablet and tries to gain the trust of the users.

Even after the Android users reboot their systems the game still shows full-screen phishing overlays.

Firstly it shows “a notification telling the user to update Google Security Services” and the moment they hit ‘update’ a fake Google Login page appears which looks almost legitimate except for the incorrectly spelled “Sign in”.


Scary Granny, after stealing the users’ credentials it will go on to try to harvest account information like recovery emails, phone numbers, verification codes, DOBs and cookies.

Obfuscated packages are other ways of mimicking official components of the Android apps. For example, com.googles.android.gmspackage attempts to pass itself as the original com.google.android.gms

The Scary Granny would also display some really legitimate looking ads from other prominent applications like Messenger, Pinterest, SnapChat, Zalo or TikTok.

The malicious horror game would make it appear that apps like Facebook and Amazon were actually open when actually they are only ads pretending to be actual applications.

In one of the cases the researchers tried out, the ad directed the user to a page which Google blocked flagging it as being deceptive which clearly implies that it hosts malware or a phishing attack.

After connecting with an ad network by way of com.coread.adsdkandroid2019package, the ads would get distributed to the compromised Android devices.

At the end, to maximize the profit for its creators, the Scary Granny would try to wrest money form the users by asking them to pay for their playing privileges via a “pre-populated PayPal payment page”.

Yet Another Phishing Campaign by Hackers That Abuses QR Codes To Redirect Targets to Phishing Landing Pages



 Attackers come up with yet another phishing campaign that misuses QR codes to divert the targets to phishing landing pages. Researchers responsible for discovering this crusade distinguished that it quite effectively evades security solutions and controls intended to stop such attacks in their tracks.

The attackers previously utilized a URL encoded in a QR code target on the French Cofense customers to dodge the security software which dissects and accordingly blocks  suspicious or 'blacklisted areas' .

They even included a GIF image containing the QR code which would redirect them to the hxxps://digitizeyourart.whitmers[.]com/wp-content/plugins/wp-school/Sharepoint/sharepoint/index.php domain intended to act like a SharePoint-related site.

The phishing mails were disguised as a SharePoint email with a "Review Important Document" headline and a message body which would welcome potential victims to  "Scan Bar Code to View Document."
Phishing Email

Removing the victims from the overall safety of their computers thusly enables the cybercriminals to adequately sidestep any link protection services ,secure email portals, sandboxes, or web content filters set up by the targets' corporate information security department.

To make the attack considerably progressively fruitful against mobile users, the attackers have likewise upgraded their landing pages for smartphones with the phishing page and thus providing a custom view on the mobile devices.

Phishing landing page
Researchers from Cofense, the leading provider of human-driven phishing defense solutions world-wide, state that QRishing is a fairly notable technique utilized by cybercriminals to abstain from phishing filters and security solutions build especially to block such attacks before the pernicious emails reach the targets' inboxes.

Phishing landing page on a mobile

Along these lines , a conceivable protection against them named QRCS (Quick Response Code Secure), which would be "a universal efficient and effective solution focusing exclusively on the authenticity of the originator and consequently the integrity of QR code by using digital signatures, “was proposed in a paper from the Carnegie Mellon University's CyLab Study , which could perhaps prove to be valuable later on in the future.