Hackers are using “USB Thief” named Trojan to steal data

A new Trojan has been found by the security researchers of security company ESET. The Trojan found by them is a USB based Trojan. This is a widely used Trojan by hackers to steal the sensitive data of users these days. It is an insidious data stealer. It relies in USB devices to spread itself.

How it works?

It is not easily detectable Trojan. A special multi staged encryption process has been used by developers of this Trojan, which can protect this Trojan from Antivirus Tools. “USB-thief” is also capable to infect air gapped (that systems which are protected by Network Firewall or other security equipment) systems. From here you can guess, how much dangerous this Trojan is. This is a special designed Trojan, which could save itself inside the USB with file name “Win32/PSW Stealer.NAI”. When user attached the infected USB with his system, this Trojan will automatically run and start tracing all the activities done by user on his computer system.

Thomas Gardon is a malware analyst at ESET. According to him this is a new type of malware which he has noticed recently. This is a hard coded Trojan, which is using different methods to steal information as compared to all other Trojans. This Trojan has been intelligently coded by its developers because it does not leave any type of evidence behind it the hacked system. This Trojan is using only USB devices to do its works and it do not copy any type of file in victim’s computer system.

How “USB-thief” is storing itself?

It can store itself as a .DLL file. Dynamically Library Linked (DLL) files has been used by application as their plugins. These files works as a driver for the applications. In case of Mobile devices, this Trojan can modify itself and could store itself as program files of commonly used mobile applications such as Notepad++, TrueCrypt and Firefox. When user will launch these applications, this Trojan will automatically turn it on in background.

How to trace this Trojan?

According to Malware Analysts of ESET, it is very difficult to trace this Trojan. Even best tools are unable to detect it. The only reason behind this is, this Trojan resides on the USB device only and it will not do work by going outside the USB. This is a smart Trojan and does not leave any evidence behind. People should avoid to use that USB devices which were attached with untrustworthy third party computer systems and sources. This is the only way to protect your system from this dangerous Trojan.

Security Tips for Users to Avoid this Trojan

• Organise cyber security programs to aware your employees. More knowledge they will have, more secure their systems will.
• If the USB ports which are not in use, disable them. Hackers can use these ports to spread malware in to your systems.
• Do not attached that USB devices, which were attached with public systems. For example computer systems of a Cyber Café.
• Make some special rule sets in their systems to avoid malicious entries.

7 Iranian Hackers will spend their future in Prison

On Thursday, a Department of Justice indictment of US said seven IRANIAN hackers are responsible for near about 190 DDoS (Denial of Service) attacks, which happened between years 2011-2013. These hackers had targeted a number of US Banks and Dams. According to US Government, these hackers were working for Revolutionary Guard Corps of IRAN.

 

Why US is accusing these IRANIAN hackers?

These hackers were the IT professionals at two IRANIAN companies, Mersad and ITSecTeam. IRANIAN Government was paying to these hackers for conducting attacks on United States. All the seven hackers were professional hackers as they had targeted top banks of United States. Bowman Avenue Dam is a small dam in New York City. This dam was also hacked by one of these seven hackers. The control flow of water at that dam was in the hands of hackers.

Attorney General Loretta Lynch said at a news conference,” US Government will not allow any country, group and individual to destroy his financial systems. All countries could compete with US in free market with a fair competition.” Department of Justice said, these IRANIAN hackers had directed up to 140 GB data per second during DDoS attacks on banks of United States. Most of the attacks happened in September 2012 but after that US was facing a new DDoS attack every week. As these hackers were crashing servers of banks of US, but they were failed to steal personal information of bank customers.

 

How attackers were performing attacks?

As usual, hackers were performing these DDoS attacks with the help of a large network. All the computer systems of this network were first infected with Malware. Hackers were spreading malware through third party websites. Federal Bureau of Investigation (FBI) was doing work with internet service providers to investigate these attacks. At the end FBI said, hackers were using large bandwidth to upload more than 100 GB data per second on the bank servers of US. Now more than 90 percent computers are free from that network, which is called the botnet.

According to a report of DOJ (Department of Justice), the hackers are the members of two more Iranian hacking teams Ashiyane Digital Security Team and Sun Army. Sadegh Ahmadzadegan and Omid Ghaffarinia are leaders of these seven hackers. They are famous on Internet with the short names used by them “Nitr0jen 26” and “PLuS’ respectively. These are the guys who hacked into NASA also in 2012. DDoS attacks on banks were a normal thing and these were defend by Security teams but the attack on Bowman Dam was a thing of worry. According to an official, a person named Hamid Firoozi was obtaining unauthorized access into the systems of Bowman Dam between August, 2013 and September 2013.

US government have charged all the seven hackers for computer hacking offenses. All the seven hackers will face 10 years prison. The one hacker, who is responsible for Dam hack, will spend 15 years in prison.

17 million login credentials of Yahoo Japan are stolen

According to a report of Japanese newspaper “The Yomiuri Shimbun”, Metropolitan Police Department of Tokyo has found 18 million login credentials. More than 90 percent of this 18 million credentials, is related to users of “Yahoo Japan”.

How they found these login credentials?

Tokyo police found these stolen login credentials on a server of Tokyo based company. The name of the company is “Nicchu Shinsei Corp”. Therefore police had arrested the president of this company. A number of employees of this company are also in the custody of Tokyo Police. More than 17 million login credentials belongs to users of Yahoo Japan. Beside it login credentials of Facebook, Twitter and many local e-commerce websites are also included in it.

Most of these credentials are belongs to Yahoo Japan

According to Yahoo, all the affected accounts have been recovered by the company. Yahoo launched an emergency password reset program for its users. Security experts also found the logs of a “Brute Force Tool” on the servers of Yahoo. According to investigators, the server of Yahoo had also been used by hackers for illegal money transactions. Yahoo was in a big trouble.

Who is “Nicchu Shinsei Corp?

Japanese hackers were using services offered by this company. This company was selling these login credentials and many proxy services to hackers illegally. Hackers were using these accounts to invite internet users to visit third party fraud websites designed by them. Hackers were also stealing reward points of victims by accessing their accounts. This is not the first time that police have found stolen login credentials on the servers of local companies. Before this, 8 million stolen login credentials were found by Security Agencies of Japan last year.

An online cyber criminal community of Japan “Japanese Criminal Underground” is responsible for many cyber crimes which are happening in Japan. Japan's National Police Agency of Cybercriminals activities said in a report that , until March 2015 Cybercrime in Japan is increased 40 percent as compared to last year. Japan also suffered a major data breach in June 2015, which was related to Pension Service of Japan. Login access of more than one million pensioners, were in the hands of hackers.

“Japanese Criminal Undergroud” is very active and clever community of hackers, which are expert in selling and buying illegal products on dark web. Drugs, stolen login credentials, Credit Card info, phone numbers, child pornography,weapons and Duplicate passports are included in the list of these illegal products. The hackers of this hacking community were also targetting users of many Japanese banks, by spreading different types of Malware. Shifu, Neverquest, Brolux and Rovnix are some famous Malwares used by these hackers.