Beware Android Users! “Xbot” Trojan

Beware Android Users! “Xbot” Trojan is stealing Banking Credentials!

The security researchers at Palo Alto Networks, found a new Trojan in Android Devices. The name of this Trojan is Xbot and this is capable to steal all the sensitive data from your device. This Trojan is not widely spread yet but it is targeting the devices in Russia and Australia. This Trojan can steal online banking login credentials of users. It is a ransomware which can hold file hostage of any device. The criminals behind this Trojan are very clever and they are spreading it very quickly to target maximum devices.

This Trojan has been coded by expert programmers, because coding used by them in this Trojan is very complex and difficult to detect. This Trojan first infect the users and then hide itself into file system of device. Xbot Trojan is capable to steal online banking login credentials and sensitive information of user by using “activity hijacking” technique. Criminals behind this Trojan are using C&C (Command and Control) servers to control it. When user tries to open any application, Xbot launch a different type of action at same time. User do not know about this process. He only knows that he is using an application. This Trojan can harm all those devices which are using an out dated version of android.
How it works?

Xbot Trojan has functionality to recognize financial apps. When user launch any application, this Trojan monitor that application. If it is a banking app or any other financial app, it will do it work and will steal all the sensitive information entered by user. The coding used by its author is very complex, due to which it can easily recognize the working architecture of any application. When Xbot recognized any banking app, it creates an interface between that device and control server. After that Xbot sends all the gathered information to the control server. In simple words, it works like an agent which steals all the sensitive information from device and passed it to the control server.

Also read: New Trojan found in Google Play Store! More than 60 games are infected!

Authors of this Trojan are using fake interfaces to steal information from users. They are using same type of interfaces, which are used by the famous banks of Australia and Russia. When users fill their user name, password and credit card details into form, it directly goes to Control and Command server. Users think, they are submitting credentials to bank servers but it is not happening in actual. Researchers at Palo Alto have also detect six fake interfaces used by criminals.

This Xbot is also a ransomware. Criminals behind this can target people by creating a WebView interface. Criminals are using a well-known ransomware program CryptoLocker. First they encrypt all the files of device and then demand for US$100 for its decryption key. Criminals are using a specially designed spoofed PayPal site to receive money from victims.



Source: CIO blog

Hollywood hospital brought down by a ransomware attack

Image source: Wikipedia

The Hollywood Presbyterian Medical Center was the victim of a ransomware attack last week when its patient files were locked by hackers in exchange for a ransom.

One of the patients, Melissa Garza, said, “I wasn’t feeling very well, went in for a check-up and they said their computers were down. I asked, what’s going on here and they said we were hacked.”

Ransom of 3.6 million US Dollars

Computer forensics expert Eric Robi said that the hackers demanded in the region of 9,000 bitcoins, which would bring the amount to over USD$3.6 million (£2.52 million) in exchange for unlocking the records. In most cases, Robi says, it’s cheaper to pay the ransom than to try to fix the problem.

The Hospital is sadly just another unfortunate victim of cyber crime. Investigators confirm there is no apparent motive for attacking the hospital – but if you’re informed about cyber security you will know that hackers target the weakest link: those that are simply not secure enough.

While the hospital has declared they are in the midst of an “internal emergency”, Kaspersky explains that there is absolutely no guarantee that the attackers will adhere to their part of the ‘deal’ if the hospital chooses to the pay the ransom – these are criminals, after all.

Read more at:  http://www.itgovernance.co.uk/blog/major-hollywood-hospital-brought-down-by-a-ransomware-attack/?utm_source=social&utm_medium=linkedinannc

Pakistani Citizen Hacked US PBX Systems! Admits money laundering of $19 millions!

Muhammad Sohail Qasmani is a citizen of Pakistan and he is charged by FBI for money laundering of $19 Mn. He had done this by hacking PBX (Private Branch Exchange) under a telecommunication fraud scheme. He is 47 years old. This man was a team member of some hackers which were targeting US companies by hacking their PBX systems. This hacking group was targeting firms of United States from both Pakistan and Bangkok. Another person was running this operation from Karachi and his name is Noor Aziz. He is also a member of this hacking group. Hackers were using live phone extensions in this operation, these extensions were not assigned to anyone by the telecom department.

Hackers used these extensions to trick the people by making high premium rate phone calls. The total amount of money laundering was 50 mn dollars. 19 mn dollars are the share of Muhammed and he had transferred this money to different 600 bank accounts in four years. Security experts and Fraud investigators ask that this scam was very planned by the hackers. These 600 bank accounts were present in different countries. Muhammed was using these accounts to collect the money which was coming from fake telephone lines. Muhammed was just keeping his commission, all the rest of amount was the share of other hackers.

Muhammed is in the custody of FBI from December 2014. Now he have admitted all this. There are chances he could receive the jail of 20 Years. Noor Aziz was the head of this operation and he is in the top of FBI’s wanted list.

Source: securityaffairs