LazyDroid – Android Security Assessment Tool

Lazydroid is a tool written as a bash script to facilitate some aspects of an Android Security Assessment. Features It provides some common tasks such as: Set the debug flag of an application to true Set the backup flag of an application to true Re-Bui…

Lazydroid is a tool written as a bash script to facilitate some aspects of an Android Security Assessment. Features It provides some common tasks such as: Set the debug flag of an application to true Set the backup flag of an application to true Re-Build the application Re-Sign the application Smart log extraction of an […] The post...

Read the full post at darknet.org.uk

Banking trojan executes when targets hover over link in PowerPoint doc

Enlarge (credit: Dodge This Security)
Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.
The method—which was used in a recent spam campaign t…

Enlarge (credit: Dodge This Security)

Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.

The method—which was used in a recent spam campaign that attempted to install a bank-fraud backdoor alternately known as Zusy, OTLARD, and Gootkit—is notable because it didn't rely on macros, visual basic scripts, or JavaScript to deliver its payload. Those methods are so widely used that many people are able to recognize them before falling victim.

Instead, the delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document. Targets using newer versions of Microsoft Office would by default first receive a warning, but those dialogues can be muted when users are tricked into turning off Protected View, a mode that doesn't work when documents are being printed or edited. Targets using older versions of Office that don't offer Protected View are even more vulnerable.

Read 4 remaining paragraphs | Comments