recentpopularlog in

malware

« earlier   
Tutoriel Farbar Recovery Scan Tool (FRST) : Analyse et désinfection de virus
Tutoriel Farbar Recovery Scan Tool (FRST) pour analyse et désinfection de virus ou faire un état des programmes en cours de fonctionnement
frst  otl  Windows  analysis  trojan  adware  malware 
1 hour ago by vonc
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo - Malware - 0x00sec - The Home of the Hacker
Today I am going to show you how to:

Create a payload that isn’t detected by Windows Defender, even with real-time protection, advanced threat protection, and AMSI
Do all of this without Cobalt Strike, and instead with Sharpshooter + Metasploit/Msfvenom*
malware  sharpshooter  payload  pentest 
3 days ago by whip_lash
Ugly Email.
Gmail extension for blocking read receipts and other email tracking pixels
email  security  malware 
5 days ago by hayzer
A Honeypot Guide: Why Researchers Use Honeypots for Malware Analysis | The Mac Security Blog
You may have heard the term "honeypot" thrown about in the security community from time to time. While it may spark your imagination, you may be wondering what is a honeypot and what role does it play in the security industry? Certainly malware hunters aren't referring to Winnie the Pooh helping himself to jars and jars of honey, right? So, what exactly do security researchers mean what talking about honeypots?
A honeypot, in the Internet security world, is a real or simulated system designed to attract attacks on itself. Essentially they are virtual or physical machines that are open to the real world whilst flaunting their intended vulnerabilities. Honeypots became popular amidst the wide spreading of worms in the late 1990s and early 2000s. The main purposes of these traps were to capture and analyze attacks in order to improve defenses from malicious intrusions.
Below is a simple, yet practical guide that covers the basic types of honeypots, as well as how and why they help researchers analyze malware. Without further do, let's get to it!
security  privacy  malware  research 
11 days ago by rgl7194
Apple Removes Top Security App For Stealing Data and Sending it to China
Apple removed today a very popular anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China.
Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8 star rating and over 7,000 reviews.
mac  apps  store  security  privacy  malware  cookies  plugins  browser  china  history 
11 days ago by rgl7194
Daring Fireball: The Curious Case of Adware Doctor and the Mac App Store
What a bizarre story this is. Adware Doctor was a $4.99 app in the Mac App Store from a developer supposedly named Yongming Zhang. The app purported to protect your browser from adware by removing browser extensions, cookies, and caches. It was a surprisingly popular app, ranking first in the Utilities category and fourth overall among paid apps, alongside stalwarts like Logic Pro X and Final Cut Pro X.
Turns out, among other things, Adware Doctor was collecting your web browser history from Chrome, Firefox, and Safari, and uploading them to a server in China. Whatever the intention of this was, it’s a privacy debacle, obviously. This behavior was first discovered by someone who goes by the Twitter handle Privacy 1st, and reported to Apple on August 12. Early today, security researcher Patrick Wardle published a detailed technical analysis of the app. Wired, TechCrunch, and other publications jumped on the story, and by 9 am PT, Apple had pulled the app from the App Store.
mac  apps  store  security  privacy  malware  cookies  plugins  browser  china  history  daring_fireball 
11 days ago by rgl7194
Objective-See's Blog: A Deceitful 'Doctor' in the Mac App Store
a massively popular app, surreptitiously steals your browsing history
Updates:
  ■  The application, "Adware Doctor" has now been removed from the Mac App Store!
  ■  I've uploaded the app's binary if you want to play along (download: Adware Doctor.zip)
  ■  In Mojave, the sandbox will (always) protect private content, such as Safari's history.
  ■  While process enumeration is disallowed in the iOS sandbox, and yes, /bin/ps is blocked on in the macOS sandbox as as well, Apple has noted that sandboxed apps may still enumerate running processes (though this will likely change in the future).
Background
You probably trust applications in the Official Mac App Store. And why wouldn't you?
Apple states:
"The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store."
However, it's questionable whether these statements actually hold true, as one of the top grossing applications in the Mac App Store surreptitiously exfiltrates highly sensitive user information to a (Chinese?) developer. Though Apple was contacted a month ago, and promised to investigate, the application remains available in Mac App Store even today.
Note:
The nefarious logic of the app was originally uncovered by @privacyis1st. So major kudos to him!
After he reached out, we collaboratively investigated this issue together. #TeamWork
mac  apps  store  security  privacy  malware  cookies  plugins  browser  china  history 
11 days ago by rgl7194
Security Researcher Accidentally Stumbles on a Way for Malware to Click "OK" For you - SecureMac
One of the simplest ways to stay safe and secure on your Mac is to pay close attention to the warnings and prompts that the system often pops up when you’re in the middle of things. Many times, you might even expect these prompts to appear. It’s just macOS’s way of saying, “Hey, are you sure about that?” when something involves sensitive files or has extensive permissions. When you aren’t expecting them, they’re even more important: as your first line of defense, they can be a big red flag that a file or program on your Mac is trying to do something it shouldn’t. That can help you avoid installing malware, or to know you have an infection already.
As it turns out, though, there is a flaw underlying the way these prompts currently work. If malware were to infect your Mac successfully, it could use this flaw to automatically click to dismiss these security prompts before you ever have a chance to see them. At first glance, this flaw might not seem new; Apple patched a bug in macOS late last year that allowed these “synthetic clicks” to occur and bypass notifications. However, noted Apple security researcher Patrick Wardle, presenting at the recent DEFCON gathering in Las Vegas, recently revealed he had found a way around this patch — and he did it by accident, too.
0day  10.13  bug  mac  macOS  privacy  security  malware 
11 days ago by rgl7194
ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability
Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually "click" objects without any user interaction or consent.
To know, how dangerous it can go, Wardle explains: "Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click...allowed. Authorize keychain access? Click...allowed. Load 3rd-party kernel extension? Click...allowed. Authorize outgoing network connection? click ...allowed."
0day  10.13  bug  mac  macOS  privacy  security  malware 
11 days ago by rgl7194
A top-tier app in Apple’s Mac App Store stole your browser history • TechCrunch
Zack Whittaker:
<p>Thanks in part to a <a href="https://www.youtube.com/watch?v=nZ7CVIy5Tq8&feature=youtu.be">video posted last month</a> on YouTube and with help from security firm Malwarebytes, it’s now clear what the app [Adware Doctor] is up to.

Security researcher Patrick Wardle, a former NSA hacker and now chief research officer at cybersecurity startup Digita Security, dug in and shared his findings with TechCrunch.

Wardle found that the downloaded app jumped through hoops to bypass Apple’s Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user’s browser history on Chrome, Firefox and Safari browsers.

Wardle found that the app, thanks to Apple’s own flawed vetting, could request access to the user’s home directory and its files. That isn’t out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user’s files to scan for problems. When a user allows that access, the app can detect and clean adware — but if found to be malicious, it can “collect and exfiltrate any user file,” said Wardle.

Once the data is collected, it’s zipped into an archive file and sent to a domain based in China.

Wardle said that for some reason in the last few days the China-based domain went offline. At the time of writing, TechCrunch confirmed that the domain wouldn’t resolve — in other words, it was still down.

“Let’s face it, your browsing history provides a glimpse into almost every aspect of your life,” said Wardle’s post. “And people have even been convicted based largely on their internet searches!”

He said that the app’s access to such data “is clearly based on deceiving the user.”</p>


I'd suggest that anything which claims to be helping you with adware is going to be a scam, unless it comes from a recognised cybersecurity company. The solution to adware is not running vulnerable products such as Flash and Java, and to be wary about what you download. At least Apple makes it hard to run apps from outside the Mac App Store.

This won't, of course, help anyone's trust in Huawei, ZTE and other Chinese companies with their own high-profile problems.
apple  malware  adware 
11 days ago by charlesarthur
Objective-See: free mac security tools
As Macs become more prevalent, so does OS X malware. Unfortunately, current Mac security and anti-virus software is fairly trivial to generically bypass.

Objective-See was created to provide simple, yet effective OS X security tools. Always free of charge - no strings attached!
security  tools  mac  macosx  malware 
11 days ago by cyberchucktx

Copy this bookmark:





to read