Tag Archive for: cracked

Qakbot Cracked: FBI and Friends Hack the Hackers

/in


A duck stares at you, straight onOperation Duck Hunt shoots to kill big botnet.

Qakbot is dead. The world’s biggest “loader” botnet has ceased to be. It’s a stiff. Bereft of life, it rests in peace—thanks to the U.S. Justice Department and European partners.

Also known as Qbot, Oakboat and Pinkslipbot, Qakbot has rung down the curtain. In today’s SB Blogwatch, we’ve gone to join the choir invisible.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Blue Skies.

Or is it just resting? Beautiful plumage.

What’s the craic? Christopher Bing and David Ljunggren report—“Partners have taken down notorious ‘Qakbot’ hacking network”:

Originates from Russia
An international law enforcement operation [has] taken down the notorious “Qakbot” malware platform used … in a variety of financial crimes. … The operation, nicknamed Duck Hunt, [also] involved … France, Germany, the Netherlands, Britain, Romania and Latvia.

U.S. attorney Martin Estrada said the move against Qakbot was the most significant technological and financial operation ever led by the [DoJ] against a botnet [and] as part of the operation, agencies seized 52 servers. [Qakbot] had infected more than 700,000 victim computers … and caused hundreds of millions of dollars in damage.

First discovered more than a decade ago, Qakbot is commonly spread through malicious, boobytrapped email. … Security researchers say they believe Qakbot originates from Russia.

How? Lawrence Abrams explains—“How the FBI nuked Qakbot malware from infected Windows PCs”:

Authorized by a judge
Qakbot, aka Qbot and Pinkslipbot, started as a banking Trojan in 2008. … However, over time, the malware evolved into a malware delivery service utilized by other threat actors. … In the past, Qakbot has partnered with multiple ransomware operations, including Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex … Black Basta and BlackCat/ALPHV.

The FBI [was] able to dismantle the botnet by seizing the attacker’s server infrastructure and creating a special removal tool that uninstalled the Qakbot malware. … They accessed the encryption keys [and] used an infected device under…

Source…

Windows Workstation Cracked On Last Day

/in


Trend Micro-sponsored Pwn2Own, the annual computer hacking contest, recently concluded in Vancouver, Canada.

The three-day hacking event was held between March 22, 2023, and March 24, 2023, with prize money to be won in excess of $1,000,000 USD and two Tesla Model 3.

“For this year’s event, every round will pay full price, which means if all exploits succeed, we’ll award over $1,000,000 USD,” said Zero Day Initiative (ZDI) in a blog post.

The hacking event had multiple categories for the security researchers to target in the competition, which included automotive, enterprise applications, enterprise communications, servers, virtualization, and local escalation of privilege (EoP).

The third and last day of the Pwn2Own hacking contest saw Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software being successfully exploited by security researchers.

Ubuntu

The highlight of the day was the Ubuntu Desktop operating system whose zero-day vulnerability was exploited three times by three different teams: Kyle Zeng from ASU SEFCOM (a double free bug), Mingi Cho of Theori [a Use-After-Free (UAF) vulnerability], and Bien Pham (@bienpnn) of Qrious Security.

Kyle Zeng and Mingi Cho earned $30,000 and 3 Master of Pwn points each for their exploits on the Ubuntu operating system. On the other hand, Bien Pham earned only $15,000 and 1.5 Master of Pwn points for the exploit, as it was a previously known bug.

Windows 11

Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv) hacked a fully patched Windows 11 system in the EoP category using a UAF bug against Microsoft Windows 11. This earned him $30,000 and 3 Master of Pwn points.

VMWare Workstation

Lastly, the STAR Labs (@starlabs_sg) team used an uninitialized variable and UAF exploit chain against VMWare Workstation for which they earned $80,000 and 8 Master of Pwn points.

Summary of Day 1 and Day 2 at the Pwn2Own Vancouver 2023

On the first day of the contest, security researchers were awarded $375,000 (and a Tesla Model 3) for demoing 12 zero-days in the Adobe Reader, Microsoft SharePoint, Oracle VirtualBox, Tesla Model 3, Ubuntu Desktop, Windows 11, and Apple macOS.

Further, on the second day, total prize money…

Source…

Lapsus$ Cracked? Two Teens Charged In Hacking Group Probe

/in


Police in London Friday said they have charged a pair of teenagers in connection with an investigation of the Lapsus$ hacker group.

This is the second arrest of people related to the activities of the Lapsus$ hacker group which has been lined to multiple hacks of some of the top tech companies in the world. Police in the city of London last week unveiled the arrest of seven people between the ages of 16 and 21.

London police Friday said that two teenagers, aged 16 and 17, are now in police custody after being charged in connection to what it termed the “hacking group” investigation without mentioning the “Lapsus$” name.

[Related: ‘Two Months Is Too Long’: Tenable CEO Slams Okta’s Breach Response]

However, the investigation is related to the Lapsus$ gang, according to the BBC.

“Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program,” Detective Inspector Michael O‘Sullivan of the City of London Police said in a statement.

The Lapsus$ hacking group this year has been very active. Despite its activity, however, little is known about it, including where it is based or if it has ties to other ransomware gangs.

Global software services firm Globant Wednesday said the source code and documents of some of its customers were hacked, a hack which other media attributed to Lapsus$

Lapsus$ on March 22 claimed via a Telegram post to have stolen data from identity security giant Octa.

Two days before boasting about hitting Okta, Lapsus$ claimed via a Telegram post that it breached internal source code repositories for Microsoft Azure DevOps, and showed images related to Bing and Cortana projects.

Lapsus$ in early March claimed to have stolen Samsung’s source code and biometric unlocking algorithms for its Galaxy devices.

In late February, Nvidia allegedly launched a retaliatory strike against Lapsus$ to prevent…

Source…

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

/in


Cracked Software

An ongoing campaign has been found to leverage a network of websites acting as a “dropper as a service” to deliver a bundle of malware payloads to victims looking for “cracked” versions of popular business and consumer applications.

“These malware included an assortment of click fraud bots, other information stealers, and even ransomware,” researchers from cybersecurity firm Sophos said in a report published last week.

The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain “download” links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for Raccoon Stealer, Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions.

“Visitors who arrive on these sites are prompted to allow notifications; If they allow this to happen, the websites repeatedly issue false malware alerts,” the researchers said. “If the users click the alerts, they’re directed through a series of websites until they arrive at a destination that’s determined by the visitor’s operating system, browser type, and geographic location.”

Traffic Exchange Networks

Using techniques like search engine optimization, links to the websites appear at the top of search results when individuals search for pirated versions of a wide range of software apps. The activities, considered to be the product of an underground marketplace for paid download services, allows entry-level cyber actors to set up and tailor their campaigns based on geographical targeting.

Traffic exchanges, as the distribution infrastructure is also called, typically require a Bitcoin payment before affiliates can create accounts on the service and begin distributing installers, with sites like InstallBest offering advice on “best practices,” such as recommending against using Cloudflare-based hosts for downloaders, as well as using URLs within Discord’s CDN, Bitbucket, or other cloud platforms.

Traffic Exchange Networks
Traffic Exchange Networks

On top of that, the researchers also found some of the services that act as “go-betweens” to established malvertising networks that pay website publishers for…

Source…