Just Crypt It – How To Send A File Securely Without Additional Software

I’m pretty sure everyone has to send files to someone else online at some point, I’ve found myself having to do it quite often. And there’s always a quandary when it comes to sending something that is somewhat confidential. How do you secure it in transit? We generally have a few options – 1) Passworded [...] The post Just...

Read the full post at darknet.org.uk

Spanish RAT

Contributor: Roberto Sponchioni

Symantec Security Response has recently come across a new remote access tool (RAT) called Alusinus, which we detect as Backdoor.Alusins. The program was intended for the Spanish speaking underground and the builder itself is rather straightforward with several standard functions, although one function is interesting and is worth noting. The builder allows the RAT to inject itself into a clean process, such as calc.exe, svchost.exe, or notepad.exe in order to improve its chances of evading detection.

Spanish RAT 1.png

Figure 1. Backdoor.Alusins control panel – user name/computer name, AV and firewall information are reported back to attacker

Real time desktop monitoring
Backdoor.Alusins allows an attacker to view the victim’s desktop and monitor user activity in real time.

Spanish RAT 2 edit.png

Figure 2. Desktop view of compromised computer

Webcam monitoring
It can also monitor and capture real time webcam activity.

Spanish RAT 3.png

Figure 3. Webcam session

Keylogging functionality
Backdoor.Alusins also has the ability to monitor keystrokes on a compromised computer in real time in order to steal information, such as login credentials.

Spanish RAT 4.png

Figure 4. Keylogger

The RAT allows an attacker to communicate directly with the victim by using a series of customizable system error messages. This messaging feature has the potential for great mischief or remote harassment. The attacker could, at any time, send annoying messages or popups to the victim while at the same time, observing the user’s reactions through the webcam. It’s possible that whoever created this tool, had online interactive scams in mind when creating this feature.

Spanish RAT 5.png

Figure 5. Custom error messages that can be displayed on compromised computer

Additionally, Backdoor.Alusins allows an attacker to perform the following actions on a compromised computer:

  • Monitor processes
  • Open Web pages
  • Open and close the optical drive
  • End sessions
  • View installed programs
  • View all services
  • Download and execute files
  • Connect to a remote host to receive commands
  • View the Windows registry
  • Retrieve the type and version of installed firewall
  • Retrieve the type and version of installed antivirus software
  • Exfiltrate system information such as computer name, user name, IP address, operating system version, and language
  • Retrieve a list of processes (PID and associated process name)
  • Send emails using specified user names and passwords
  • Steal user names and passwords for Pidgin and Filezilla
  • View or end system processes

This threat is a low prevalence remote access tool that is targeted at, but not limited to, the Spanish hacker base. Symantec detects the back door builder and the back door as Backdoor.Alusins.

To stay protected against this remote access tool and other threats it is essential that users keep their antivirus definitions, operating system, and software up-to-date.

How “MEGApwn” pilfers your Mega files and why it’s nothing to worry about

Some users of Kim Dotcom's Mega storage system are in a lather about a new browser extension that extracts their master encryption key from computer memory and displays it in a window. While the recently unveiled MEGApwn bookmarklet works as advertised, the general weakness it highlights is common across a variety of similar services, including Apple's iCloud. As such, the uproar in response to the hyperbolically named MEGApwn is largely an overreaction.

More about that in a moment. First, a quick description of the software itself. MEGApwn is a bookmarklet containing JavaScript commands that extend a browser's capabilities. When imported into a compatible browser, it plucks any Mega master encryption keys that may be stored in memory and displays them to the user. The takeaway according to creator Michael Koziarski: it's not as hard as many people think for a criminal hacker or a government agency armed with a secret or not-so-secret demand to gain complete access to the plaintext files stored in the cloud service.

"Any warrant or subpoena issued to Mega for your files simply has to ask for your master key, which Mega can retrieve, and prohibit Mega from telling you about it," Koziarski's webpage warned. He went on to cite a case from 2007 in which encrypted e-mail provider Hushmail turned over 12-CDs-worth of e-mails from three account users named in a Canadian court order that targeted illegal steroids distribution. According to Wired, the evidence was most likely decrypted by exploiting a vulnerability that allowed operators to log the users' plain-text password when they accessed the service.

Read 8 remaining paragraphs | Comments