Researchers discovered a fake photo editing apps which are used by cybercriminals to launch MobOk Malware that takes complete control of the infected Android device.
Threat actors are targeting Android users through legitimate Google play store app and hiding this malware to steal money by letting users subscribe to premium services.
Two photo editor apps were uncovered ‘Pink Camera’ and ‘Pink Camera 2’ which has been installed nearly 10, 000 times.
These apps were intended for uploading in the Google play store to steal personal data from victims Android device and use that to sign them up to paid subscription services.
Researchers described this MobOk malware as a powerful backdoor since it has sophisticated capabilities to take almost complete control over the infected Android device.
Developers of this Pink Camera apps added evasion techniques to hide suspicious activities and avoid detection. The apps included a genuine photo editing functionality, and the users completely believe it since the app downloaded from the Google Play Store.
Once the app will be installed into the victims mobile, it requests to grant permission for the notification from the user and perform malicious activities in the background.
The primary motivation of these apps has subscribed the user to paid mobile subscription services.
MobOk Malware Infection Process
After the complete infection, MobOk malware starts collecting the device information, including phone number and the attackers send the webpage for the premium subscription, which requires users to pay for the service.
Meanwhile, The malware will open a secret browser in the background, and it uses the victim’s phone number that was already collected and the Malware would insert it into the “subscribe” field and confirm the purchase.
MobOk Malware already had complete control of the victims mobile, it grabs the SMS verification code notification and enters it on behalf of the user. .
According to Tor, We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer or safest security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings. .
Halo teman-teman, kali ini saya telah membuat alat yaitu, Vulnerability Scanner alat ini yang biasanya digunakan oleh SecurityResearchers / BugHunters .. Alat yang saya buat ini sangatlah mudah diuji/dicoba , basic dari alat tersebut adalah python & php.
Bagi anda yang sudah terdaftar di komunitas #VulnerabilityLabs , Anda dapat langsung menggunakan alat ini dan tidak perlu membayar
Untuk yang belum bergabung bersama kami, segeralah bergabung bersama komunitas kami.
Untuk yang belum terdaftar di komunitas kami , kalian bisa membeli alat ini , dengan cara menghubungi admin.
I can be contacted by email email@example.com
SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.
It is very easy and all we need to use the advanced operators in Google search engine and to locate the results with the strings. SQL injection currently ranked #1 on the OWASP Top 10 chart which means that it is responsible for a large portion of public disclosures and security breaches. .
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware.
It may sound strange, but it's true.
Dubbed "LoudMiner" and also "Bird Miner," the attack leverages command-line based virtualization software on targeted systems to silently boot an image of Tiny Core Linux OS that already contains a hacker-activated cryptocurrency mining software in it.
A passive attack is an attack wherein the hacker waits for the perfect opportunity to penetrate your
system. This type of attack is typically done in order for a hacker to observe your networking structure, the
type of software you use, or any security measures that you have already installed.
Passive attacks typically happen when a hacker monitors possible system vulnerabilities without making
any changes to the data that he targets. You can think of this attack as a hacker’s means of researching
about his target in order to launch a more effective attack...
Follow us for more Ethical Hacking Content.. .
👉Follow us : - @amazing__anonymous
LIKE | COMMENT | SHARE
. #kalilinux#ethicalhacking#cybersecurity#penetrationtesting#anonymous#cyberpunk #mobilesecurity#bugbounty#bughunter
First, A buffer overflow vulnerability (CVE-2019-5439) that resides in ReadFrame (demux/avi/avi.c) allows a remote user can create some specially crafted avi or mkv files that will trigger a heap buffer overflow load into a targeted system.
Hey guys! It's Friday So Got An Early Off From Work 😂 So Everything changes when you begin to love yourself. You no longer send out energy of desperation or need to be filled from outside. You become a powerful source within yourself that attracts better . The more you love yourself who you are , the less you seek validation and approval. Beileve in yourself and stay strong 🖤
According to Microsoft Update, “The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.” The vulnerability can track CVE-2019-1105, and the Cybersecurity and Infrastructure Security Agency (CISA) urged users and administrators to review the Microsoft Security Advisory and apply the necessary update. . .
Cl0neMast3r is a Python script that was coded to make your life easier.
Now you can easily choose your favorite tools from GitHub and install them on your system with one click.
Even better you can ensure that you have latest version of your favorite tools.
All this and more you can do with Clone master.
Clone Master was mainly made for penetration testers and bug hunters
Cl0neMast3r provides you with a lot of options:
OptionDescriptionAAdd a tool from GitHub using URLFFind a tool on GitHubRReinstall your toolsUUpdate your toolsSDisplay information about your favorite toolsDDelete the list of toolsMImport your favorite toolsXExport your tools to HTML
Python 2.7.* Requests You can find it Here
How To Install: pip install requests
BeautifulSoup4 You can find it Here
How To Install: pip install beautifulsoup4
git clone https://github.com/Abdulraheem30042/Cl0neMast3r.git cd Cl0neMast3r/ pip install -r requirements.txt
Top 5 Highest paid #CyberSecurity Jobs
=> Freelance Bug Bounty Hunters:
Flaws in #Software#Code , which create vulnerabilities, have created a burgeoning #BugBounty economy with big payouts to elite freelancer #Hackers . Some of them earn more than $500,000 a year. But, that’s a far cry from the average take home pay for most #BugBountyHunters that are self-employed part timers with no guaranteed income.
=> Chief Information Security Officer:
. #CISO compensation varies widely depending on the size and type of an organization. Fortune 500 corporations in big cities pay as much as $380,000 to $420.000 annually and more to their #Security head honchos. But a so-called CISO working for a mid-sized corporation is probably looking at a $150,000 to $200,000 salary.
=> Deputy CISO:
Exactly how much they earn is hard to say, but they’re certainly aiming for a future CISO position and salary. #HeadHunters say the salary is a $200,000 to $250,000 range.
=> Lead Software Security Engineer:
For the top #Coders with leadership skills – a rare breed – salaries exceed $225,000. In some companies, this position pays more than it does to the CISO. Software plus ‘soft skills’ equals big pay for aspiring #Programmers with a senior management role in their sights.
=> Cybersecurity Sales Engineer:
Switching over from #Coding to giving demos is upward mobility for more and more people in our field that are raking in $200,000 a year. There’s nothing wrong with closing deals and getting your fair share.
If you know #Cybersecurity , then you have a guaranteed #Job – for life,
Cybersecurity Ventures predicts there will be 3.5 million unfilled cybersecurity positions by 2021, up from 1 million in 2014. The cybersecurity unemployment rate dropped to zero percent in 2016, and has remained there ever since. .
What would be your #DreamJob in the Cyber Security field ?
👉Hacking is a Science as well as an Art🔥. Like any other expertise, you need to put a lot of effort in order to acquire knowledge and become an expert hacker. Once you are on the track, you would need more effort to keep up-to-date with latest technologies, new vulnerabilities and exploitation techniques.😊😊 👉An ethical hacker must be a computer systems expert and needs to have very strong programming and computer networking skills.🔥 👉An ethical hacker needs to have a lot of patience, persistence, and perseverance to try again and again and wait for the required result.💥 Additionally, an ethical hacker should be smart enough to understand the situation and other users’ mind-set in order to apply social engineering exploits. A good ethical hacker has great problem-solving skills too.🔥🔥
Follow us for daily hacking tips and free ebooks on hacking. Learn hacking with us for free
. #cybersecurity #entrepreneurlife#programmer#webdeveloper#ethicalhacking#vulnerability#cyberpunk#bugbounty#tech#technology#learnhacking#didyouknow#tech #hacking_tips_india