Thousands of Mozilla developers’ e-mail addresses, password hashes exposed

E-mail addresses and cryptographically protected passwords for thousands of Mozilla developers were exposed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday.

About 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23, according to a blog post. There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility. Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode. The glitch was touched off when a data "sanitization" process failed, causing the addresses and hashes to be dumped to a publicly accessible server.

"We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote. They continued:

Read on Ars Technica | Comments

Android App SandroRAT Targets Polish Banking Users via Phishing Email

Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as you can read in this recent McAfee Labs post, while in Poland there is an ongoing email spam campaign distributing a new variant of an Android remote access tool (RAT).

Recently McAfee Labs received a new mobile malware sample from a customer in Poland with the name Kaspersky_Mobile_Security.apk. It arrives as an attachment with the following phishing message:

CASTILLO_SandroRATSpam

Source: Zaufana Trzecia Strona

The email tries to scare a user with the following subject:

“Uwaga! Wykryto szkodliwe oprogramowanie w Twoim telefonie!”
(“Caution! Detected malware on your phone!”)

The body of the message states that the bank is providing the attached free mobile security application to detect malware that steals SMS codes (mTANs) for authorizing electronic transactions. However, the attached application is in fact a version of the Android RAT SandroRat, which was announced at the end of the last year in the Hacking Community HackForums. The RAT and its source code are for sale, making it accessible to everyone to create a custom version of this threat.

Just as any other Android RAT (such as AndroRAT), the malware can remotely execute several commands to perform any of the following actions:

  • Steal sensitive personal information such as contact list, SMS messages (inbox, outbox, and sent), call logs (incoming, outgoing, and missed calls), browser history (title, link, date), bookmarks and GPS location (latitude and longitude).
  • Intercept incoming calls and record those in a WAV file on the SD card to later leak the file.
  • Update itself (or install additional malware) by downloading and prompting the user to install the file update.apk.
  • Intercept, block, and steal incoming SMS messages.
  • Send MMS messages with parameters (phone number and text) provided by the control server.
  • Insert and delete SMS messages and contacts.
  • Record surrounding sound and store it in an adaptive multi-rate file on the SD card to later send to a remote server.
  • Open the dialer with a number provided by the attacker or execute USSD codes.
  • Display Toast (pop-up) messages on the infected device.

A novel functionality of this threat is its ability to access the encrypted Whatsapp chats (available in the path /WhatsApp/Databases/msgstore.db.crypt5 on the SD card) and obtain the unique encryption key using the Google email account of the device to get the chats in plain text and store them in the file waddb.sr:

CASTILLO_DecryptWhatsapp

This decryption routine will not work with Whatsapp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger (using a unique server salt). Whatsapp users should update the app to the latest version.

Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRAT. This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks.

McAfee Mobile Security detects this Android threat and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit http://www.mcafeemobilesecurity.com.

The post Android App SandroRAT Targets Polish Banking Users via Phishing Email appeared first on McAfee.