The TorRAT malware was first appeared in 2012 as spying tool only. But from August 2012, Bitcoin Mining feature was added and it became a powerful hacking tool that was commonly associated with attacks on Financial institutions.

ab

This year TorRat Malware targeted two out of three major Banks in the Netherlands and the criminals stole over Million Dollars from user' Banking Accounts.

The Dutch police has arrested four men from Alkmaar, Haarlem, Woubrugge and Roden on last Monday, who are suspected of involvement in the large scale digital fraud and money laundering case using TorRat Malware.

 

Using Spear Phishing techniques, gang  targeted the victims to access their computers and the Financial accounts. The gang used anonymous VPN services, Bitcoins, TorMail and the Tor network itself to remain anonymous.

Malware is also capable of manipulating the information during online banking, can secretly add new payment orders and also able to modify existing orders.

To defend the detection from Antivirus softwares, TorRat uses the ZeuS malware in its attack. The technique was used to divert the focus of researchers to remove ZeuS infection, rather than the unknown malware on the system.

Some of the stolen money was converted by criminals to (56 BTC worth around 7700 Euros) Bitcoin virtual currency, which are now seized by Dutch police. Police also mentioned that, one of arrested criminal having his own Bitcoin exchange service.

The TorRAT malware has been known to be distributed in multiple ways. In April, TorRat was in news for hijacking twitter accounts. After infecting a vulnerable computers, the TorRAT malware hijacks the Twitter user’s account and share links that lead to attack websites that attempt to inject TorRAT malware into the victim’s computer.

The main reason why this particular attack is so effective is because victims are essentially receiving links to the TorRAT malware from sources they trust; accounts that they follow on Twitter. TorRAT malware involves using Man-in-the-Browser (MitB) tactics to infect computers through vulnerabilities in their Web browser. These kinds of attacks were used to take over a victim’s online banking account.

They made more than 150 fraudulent transactions for victim's accounts and Police said that, because Gang was operating from the Netherlands, so tracking them become possible.

New android banking trojan targeting

A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts.

One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazil and India.

The Antivirus software maker Malwarebytes noticed that a new threat distributed via file sharing sites and alternative markets in the last few months, targets Korean users.

Dubbed as 'Android/Trojan.Bank.Wroba', malware disguises itself as the Google Play Store app and run as a service in the background to monitor events. 

"This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server."

According to the researcher, after installation - malware lookup for existence of targeted Banking applications on the device, remove them and download a malicious version to replace.

"The malicious version will contain the exact Package Name and look very similar to the legitimate app, but contains malicious code with no banking functionality."

 

 

The attackers aim to obtain login credentials giving them access to the victim’s bank account and that second installed fake Banking application will capture the banking information and other useful data to generate revenue for them.

Android wouldn't be the only mobile operating system at risk from such automated exploits. Recently launched Firefox Mobile OS also have its first mobile Malware surfaced a few days back.

Best Security Practice, always download applications from reputable markets only i.e. Google Play Store.

Read more: http://thehackernews.com/2013/10/new-android-banking-trojan-targeting.html#ixzz2ilT0vsfU

Qatar is Down ! Syrian Electronic Army hijacs major Qatar websites

The Syrian Electronic Army (SEA) is at it again. The hacktivist group, who are known to back Syrian President Bashar al-Assad, has hacked many high profile Qatar based websites, including the Google, Facebook, Aljazeera and Government - Military websites.

Starting at about 4:25 am (GMT 5:30+), the Syrian Electronic Army shared this message on Twitter: Qatar is #down and  following that, they went about switching off government and private websites using the .qa extension.

The domains are managed by Qatar’s Ministry of Information and Communication (ictQatar). Apparently, the Syrian Electronic Army gained access to Qatar Domain Registrar (portal.registry.qa) and modifies the DNS entires to redirects the targeted websites to servers controlled by hackers serving defacement page, that include a picture of Assad and the groups logo, as shown.

The List of the targeted websites is posted on Twitter by hackers - these include:

• moi.gov.qa
• facebook.qa
• gov.qa
• vodafone.qa
• aljazeera.net.qa
• google.com.qa
• ooredoo.com.qa
• diwan.gov.qa
• qaf.mil.qa
• mofa.gov.qa

Another tweet from SEA shows that they have unauthorized access to Domain Registrar of Qatar:

 

The SEA's high-profile media hacking spree began earlier this year. Among the victims of the group are The Financial Times, The Guardian, and the Associated Press. Most recently, the Washington Post got hit. The common running theme: the papers reported stories SEA didn't like.

At the time of reporting, most of the hijacked websites are still showing the deface page while other are now down. These attacks are one more example of why companies need to implement properly layered defense strategies.

Have you been affected?

Read more: http://thehackernews.com/2013/10/qatar-is-down-syrian-electronic-army.html#ixzz2iIdq8hXb

How to use new graph search on Facebook?

On September 30th, Facebook introduced changes on the New Graph Search. Currently available only on desktops, it will be rolled out in phases. Since its release in January 2013, Graph Search has gone through a great transformation. Users are now allowed to search for status history, images, check-ins, comments -  basically anything. The goal is to provide users with enhanced search options, so they can find interesting information without leaving the social network.

How does Facebook Graph Search work?
The top search bar works similarly to a browser search engine. The exception is that it searches within Facebook itself and  requires specific search commands to make your search successful. For example, imagine you are a passionate bowler. You would like to set up a bowling team, however you don’t know any fellow bowlers in your hometown. Now you can log in on Facebook and search using the following search terms:

People who checked in at Bowling Alleys in Los Angeles, California  

You will see all your friends who may have gone bowling without your knowledge,  as well as other people, you may or may not know, who checked in. You can interact with them and, for example, establish a Facebook Interest group, to finally create your dream bowling team.
Another example: You love to travel and you would like to investigate places you are planning to visit ahead. Search for:

Images taken in Rio de Janeiro, Brazil

to preview all public pictures of the place you want to visit. Moreover you can see the comments, recommendations, and tips from others. A final example:

TV shows my friends who live in Dallas, Texas like

Put any type of search to see all your, your friends and public mentions on the topic that you want to follow. Now this is all great stuff delivered by Facebook. We can discover more and connect with others. There is however, a “dark side” of this story: Your privacy being revealed in public. So, if you don’t want your pictures, check-ins, and status updates to appear to strangers in the New Graph Search , beware not only of what you are posting, but also check and adjust your privacy settings. Facebook explains in their blog

As with other things in Graph Search, you can only see content that has been shared with you, including posts shared publicly by people you are not friends with. Use privacy shortcuts and Activity Log to review who can see the things you share.

How to set up your privacy settings correctly? You would be surprised, but the default privacy setting is PUBLIC. That means that your status updates, pictures, and About you section is available publicly to all Facebook users by default. Follow our tips below, to ensure your Facebook is set up correctly.
1. Open privacy settings. In the right top corner, click on the security icon to right of your name or go to the account settings and select Privacy from the left menu.
2. Verify who can see your stuff, how to use Activity log, in order to preview things you were tagged at, and finally to see how other people view your profile.

3. Check who can see your stuff and make sure, you select a suitable option. #AVASTtip: select Friends. If you are a more advanced user, you can create custom settings and share your content with selected friends, lists, or the other way around; prevent some people from seeing it.

 

 4. Decide who can contact you. Bear in mind that, if you allow anyone to send you a friend request, your chances of becoming a victim of social media scams increase. #AVASTtip: Allow only Friends of Friends to send you an invitation.

 

5.Last not bot least you can block certain people 

 6. Last but not least, edit settings in the ABOUT section:

**Beware on what you are posting. The golden rule says: If you would be embarrassed for your mother or boss to read it, DON`T post it** #Avast