Megaleecher.Net

Making technology work for you...

Get Your Free Subscription By Email:

virus

Chinese Android Phone Comes Pre-loaded With Spyware As Fake Google AppStore

More and more cases on spying using electronic devices are coming into light, few days ago it was reported that NSA of USA is doing targeted spying by intercepting and bugging electronic devices with backdoors to users in their surveillance list. Many countries including USA and India have already banned Chinese technology in sensitive departments after fearing hidden backdoors which can be used for spying, we have also shared the news of Spyware Electric Kettles and Hidden Backdoor in Routers earlier on this blog.

This time the experts at the German security vendor GDATA have discovered dangerous computer malware in firmware of an Android device, the "N9500" model of Android smartphone which is produced by the Chinese manufacturer Star comes per-loaded with Spyware straight from the factory disguised as Google Play Store app giving it full access on the device.

China Android Spyware

It is also not possible to remove the manipulated app and the spyware as they are integrated deep into the firmware preventing removal. Large online retailers are still selling the Android device at prices ranging from 130 to 165 euros and distributing it across Europe.

Russia Finds Hidden Chips Inside Chinese Electric Iron And Kettles That Scans Wi-Fi To Serve Malware

News reports from Russia's state-owned channel Rossiya 24 showed footage of a technician opening up an iron included in a batch of Chinese imports to find a "spy chip" with "a little microphone" embedded into it. These hidden, embedded electronic chips are scanning and connecting to any computer within a 200m radius with unprotected Wi-Fi networks, once connected these "Trojan devices" were being used to spread viruses.

While the report says that the malware is being used to send SPAM, piggy-banking on infected computer's internet connection and resources without the owner's knowledge about it, our recent story "Hidden Backdoor In Your Internet Router - With Love, From China !!" and the fact that the rogue devices had "an microphone" further establishes the fact that these are or can be used for spying. The researchers also found other products having these rogue components including mobile phones, car dashboard cameras and electric kettles.

Kettle Malware

Hidden Backdoor In Your Internet Router - With Love, From China !!

Chinese telecom companies have been accused of embedding spying technologies into enterprise level telecom hardware for Chinese government, now a new research done by embedded device hacker "Craig Heffner" unearthed that consumer level internet router's made by Chinese companies come bundled with a secret backdoor which allows full root level access to the consumer router.

He unveiled secret backdoors embedded inside a number of D-Link and Tenda brand routers which are manufactured in China and are sold all around the globe. The beauty of this type of backdoor is that these are undetectable by antivirus software's and bypass almost all sorts of security measures as the loophole is sitting at the very start of network access chain supplying and controlling access to everything else after it - this is sort of your gatekeeper being the enemy Trojan. Unlike NSA PRISM spying this would also be a more easy, distributed, cost-efficient and targeted form of government spying.

Tenda

"Flame" - The newly found cyber super-weapon, spying and damaging Iranian computers

There is no doubt that cyber spying is the most preferred new age intelligence gathering tactic used by almost all countries, but countries like USA and China have already been exposed for using technology as a weapon.

The conclusive proof's fingering all leads to an Isarel, American joint-venture targeting Iranian nuclear facilities using the world's most advanced computer malware Stuxnet are now well known publicly. To make things even more interesting researchers at Kaspersky Labs have now unveiled another extraordinary peace of cyber-weapon, named "Flame" the data-mining malware has already caused substantial damage and massive amounts of data loss as admitted by Iranian officials. Iranian authorities are also claiming that the virus damaged centrifuges operating at its uranium enrichment facility at Nantaz and gathered data of its oil fields by breaching into computers of high-ranking officials.

Flame Infection

Due to the complex and very sophisticated technology (20 MB in total) used by this malware it has been labelled "the most sophisticated cyber weapon yet unleashed". The ‘Flame’ cyber espionage worm is highly modular in nature and is specifically targeted at middle-east countries, the sophisticated attack toolkit with similarities to Stuxnet and Duqu malware's is basically a combination of computer backdoor, Trojan, and a worm. The success of this weapon can be gauged from the fact that it is believed to be spying since past 5 years undetected. The sophistication can be measured by the fact that "Flame" has 80 known Command-N-Control servers dedicated to itself and the modular nature of the malware allows its controllers to load/unload code of there choice anytime.

[VIDEO] - Stuxnet: Anatomy Of A Computer Virus

Trojan Worm Hits Skype VOIP Service

A new threat named "Warezov Trojan horse" has hit the leading VOIP service provider Skype, the target Skype user receives a message stating "Check up this" and a link to the infected file "file_01.exe" with the Trojan payload, once a user is fooled into downloading this malicious file more files are downloaded automatically and installed. The infected computer now acts as the propagator and all their contacts are sent the same message to spread the Trojan.

3wPlayer Malware Infected Torrent's Spreading On P2P Networks


3wPlayer Media Player

Recently Torrent sites are getting spammed by malicious torrent uploads disguised as new movie releases, torrent users are reporting that they have downloaded various videos mostly claiming to be new movie releases or TV shows only to be confronted with a short video which advises them to download a new media player called 3wPlayer to view the rest of file. The few second clip show the Url to download this malware media player 3wPlayer.

The player installs a form of CIDHELP malware which is very hard to get rid of, The only solution to this problem is to make the user aware of this kind of tactic and reporting any such torrent to the torrent website for removal.


UPDATE:


Download & use this 3wplayer and similar video malware Auto-Fixer for windows to decode files (Special Direct Rapidshare Premium Link ~ 590 KB) >>

USAGE: decoder.exe 3wPlayerencodedfilename.avi outputfilename.avi

To decrypt the underlying video data you can the following perl script.

This is just one of the many helpful tips we have posted, You can find more stories here,
Do subscribe to updates using your favorite RSS feed reader or using the secure FeedBurner email update form on top of this post.