Category Archives: Articles

image_pdfimage_print

BITB Attacks: How to Avoid Phishing by iFrame

BITB attacks Browser-In-The-Browser remove delete destroy by IRDR Ifram Redirect Detection Removal since EviCypher freeware web extension open-source from Freemindtronic in Andorra
BITB attacks by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Beware of BitB phishing attacks by iframe!

Phishing by iframe is a malicious technique that inserts a fake web page into a legitimate one, to trick users and steal their personal or financial information. This method often targets cryptocurrency holders, especially BitB users. Learn how to spot and avoid BitB phishing attacks by iframe with Freemindtronic.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

BITB Attacks: How to Avoid Phishing by iFrame

We have all seen phishing attacks aren’t uncommon, and they demand urgent attention with fake emails and messages at least once.. However, there’s much more in the cybersecurity landscape than just conventional email practices when it comes to phishing. Enterprises that don’t take the necessary precautions can suffer a death blow from a phishing attack. The top line is affected, but the brand’s image and trust can be obliterated if news of a data breach reaches the public.

The latest form of phishing scam is the browser in the browser attack (BITB) that simulates a browser window within a web browser and steals sensitive user information. A fraudulent pop-up window caters to the user and asks for their credentials to sign into the website in the previous web browser window, leading to identity theft.

This article explains what BITB attacks are and how they work, what the risks and consequences of BITB attacks are, how to prevent and protect yourself from BITB attacks using EviBITB technology, and how to install EviBITB on your web browser.

What are BITB attacks and how do they work?

BITB stands for Browser-In-The-Browser. This phishing technique creates a fake browser window within your web browser using HTML and CSS code. An iFrame of redirection, which is an invisible element that loads content from another URL, is displayed by this fake window. The iFrame of redirection mimics the appearance and functionality of a legitimate site, such as Google, Facebook, or Outlook, and asks you to enter your authentication information.

This fake window shows a legitimate URL in the address bar, as well as the icon and the title of the original site. That is the problem. Most users rely on checking the URL to verify the authenticity of a site. This makes it very difficult to detect the phishing attempt. This attack can affect you even if you use a secure connection (https).

BITB attacks can bypass many security measures that are designed to prevent phishing. That is why they are very dangerous. For example:

  • BITB attacks do not involve malicious links or domains. Anti-phishing software may fail to detect them because of that.
  • BITB attacks do not intercept your verification codes or tokens. Two-factor authentication may not protect you from them because of that.
  • Password managers may autofill your credentials on the fake window. They may not protect you from BITB attacks because of that.

Therefore, BITB attacks can allow hackers to access your accounts, steal your data, or even take over your identity. They pose a serious threat to your online security and privacy because of that.

How do BITB attacks work?

Two features of modern web development enable BITB attacks: single sign-on (SSO) options and iFrames.

Many websites embed SSO options that allow you to sign in using an existing account from another service, such as Google, Facebook, Apple, or Microsoft. This option is convenient because you do not need to create a new account or remember a new password for each website you visit.

iFrames are elements that can load content from another URL within a web page. They are often used for embedding videos, maps, ads, or widgets on websites.

The attackers do the following steps:

  • They make a phishing website with SSO options.
  • On their phishing website, they embed an iFrame of redirection that leads to their own server with a fake SSO window.
  • Using HTML and CSS code, they design their fake SSO window to imitate a browser window inside the browser.
  • They make their fake SSO window appear when you click on an SSO option on their phishing website.
  • With JavaScript code, they show a legitimate URL in the address bar of their fake SSO window.
  • Using OAuth methods, they request you to enter your credentials on their fake SSO window.
  • To their server, they send your credentials and then redirect you to the real website.

As you can see, BITB attacks are very deceptive and convincing. They can fool even savvy users who check the URL before entering their credentials.

What are the risks and consequences of BITB attacks?

BITB attacks are a serious threat. They can compromise data and identity for users and businesses. Users who fall victim to BITB attacks face these risks and consequences:

  • Their SSO account can be hijacked and all linked services accessed by the attacker.
  • Their personal and financial information can be stolen and used for identity theft, fraud or blackmail.
  • Their devices can be infected by malware or ransomware and their files damaged or encrypted.
  • Their online reputation can be tarnished by spamming or posting malicious content.

Businesses that offer SSO options are also vulnerable to BITB attacks. They can lose trust and loyalty from their customers or employees. Businesses that suffer a data breach due to BITB attacks face these risks and consequences:

  • Their customer or employee data can be exposed, exploited or sold by the attacker or the dark web.
  • Their brand image and reputation can be damaged by negative publicity and customer complaints.
  • Their legal and regulatory compliance can be violated by data protection laws and regulations.
  • Their revenue and profitability can be reduced by customer churn, lawsuits and fines.

Recent Examples of BITB Attacks

BITB attacks are not new, but they have become more sophisticated and widespread in recent years. Here are some examples of BITB attacks that targeted governmental entities:

  • In February 2020, Zscaler revealed a campaign of phishing BitB targeting users of Steam, a video game digital distribution service. The hackers created fake Counter-Strike: Global Offensive (CS: GO) websites that offered free skins or weapons for the game. These websites displayed a fake pop-up window that asked users to sign in with Steam. If users entered their credentials, they were sent to the hackers who could then access their Steam accounts and steal their items.
  • In March 2020, Bitdefender reported a campaign of phishing BitB targeting users of Office 365, a cloud-based suite of productivity applications. The hackers sent emails that pretended to be from Microsoft and asked users to update their Office 365 settings. These emails contained a link that led users to a fake Office 365 website that displayed a fake pop-up window that asked users to sign in with Office 365. If users entered their credentials, they were sent to the hackers who could then access their Office 365 accounts and steal their data.
  • In September 2020, Proofpoint uncovered a campaign of phishing BitB targeting users of Okta, a cloud-based identity and access management service. The hackers sent emails that pretended to be from various organizations and asked users to verify their Okta account. These emails contained a link that led users to a fake Okta website that displayed a fake pop-up window that asked users to sign in with Okta. If users entered their credentials, they were sent to the hackers who could then access their Okta account and compromise their other connected applications.

These examples show that BITB attacks can target any SSO provider and any website or web application that uses SSO. They also show that hackers can use various methods to lure users into clicking on malicious links or entering their credentials on fake windows.

What are some statistics on BITB attacks?

BITB attacks use iFrames to deceive users with fake SSO windows. Here are some statistics on BITB attacks:

  • According to Statista, the number of unique phishing sites detected worldwide reached 2.11 million in the third quarter of 2020, an increase of 10% from the previous quarter.
  • According to The Hacker News, BITB attacks can exploit third-party SSO options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft) to create fake browser windows within the browser and spoof legitimate domains.
  • According to Zscaler, BITB attacks have been used in the wild at least once before, in February 2020, to target Steam users by means of fake Counter-Strike: Global Offensive (CS: GO) websites.
  • According to NetSPI, the volume of successful phishing attacks on organizations worldwide in 2021 was highest in Brazil (25%), followed by India (17%), and Mexico (14%).
  • According to DZone, the most targeted industry sectors by phishing attacks as of the third quarter of 2020 were SaaS/Webmail (33%), Financial Institutions (22%), and Payment Services (14%).

How to effectively fight against BITB attacks?

BITB attacks are very hard to detect, but not impossible. There are some signs that can help you spot them and some measures that can help you prevent them. Here are some tips:

  • Always check the URL of the site before entering your credentials. Make sure it matches the domain of the site or the SSO provider that you want to use. Do not rely on the URL displayed on the pop-up window, as it can be fake.
  • Always check the SSL certificate of the site before entering your credentials. Make sure it is valid and issued by a trusted authority. Do not rely on the padlock icon displayed on the pop-up window, as it can be fake.
  • Always use an updated antivirus software and browser extension that can detect and block malicious sites and scripts. They can help you avoid landing on phishing pages or loading fake windows.
  • Always use strong and unique passwords for each site or application that you use. Do not reuse the same password for different accounts, as it can increase the risk of compromise if one of them is breached.
  • Always use two-factor authentication (2FA) for your accounts, especially those that you use for SSO. 2FA adds an extra layer of security by requiring a second factor (such as a code sent to your phone or email) to verify your identity. Having your username and password is less useful for hackers if they need your device or access to your email account too.

How to prevent and protect yourself from BITB attacks using EviBITB technology?

The best way to prevent and protect yourself from BITB attacks is to use EviBITB technology, a technology that allows you to detect and remove redirection iframes from web pages. EviBITB is integrated for free in the free and paid extensions of Freemindtronic that are compatible with NFC HSM devices that use a smartphone or an NFC HSM device. The latter stores encrypted multiple authentication information (username, password, otp) for secure authentication for any website on the internet or intranet.

EviBITB technology also has a system of automatic backup of the URL of connection to the account using a web browser to connect to an online account on the internet or intranet. This extension is paired with the NFC android phone which is itself paired with an NFC HSM where encrypted detailed authentication information such as username, password, and secret keys OTP (TOP or HOTP) are stored. Thus, before authorizing auto-filling of connection fields or auto-connection to an online account, the phone will check beforehand if the connection URL is compliant (sandbox technique). This system adds to EviBITB protection.(click here to learn more about EviBITB)

By using EviBITB technology, you can enjoy many benefits:

  • You can avoid falling victim to BITB attacks that can steal your data or compromise your identity.
  • You can reduce the risk of keylogging or malware infections that can capture your keystrokes or spy on your online activity.
  • You can save time and hassle by using your smartphone or NFC HSM card as an authentication key instead of creating or remembering passwords for each website you visit.
  • You can enjoy a seamless and user-friendly experience by accessing websites with just a tap of your smartphone or NFC HSM card on your computer screen.
  • You can protect your privacy by controlling what data you share with each website you visit, such as your name, email, or profile picture.

By using EviBITB technology, you can be sure that the web page you see is the one you want to see, and that you do not give away your data to hackers.

How can EviBITB protect you from BITB attacks?

EviBITB is a technology that enhances your online security. It is implemented in the freemindtronic extensions that allow secure end-to-end autofill and auto-login from an NFC HSM. It also detects and removes phishing iFrames from your web browser.

EviBITB works with an application installed on an NFC Android phone that is paired with an NFC HSM. The application has a sandbox that checks if the origin URLs saved automatically during the first login are compliant. If they are, it transfers encrypted authentication information to the extension.

EviBITB also analyzes the web page source code and detects any possible BITB iFrames. It looks for hidden elements, suspicious URLs, or mismatched styles that indicate a fake browser window.

When EviBITB detects a BITB iFrame, it alerts you by showing a warning window on your computer screen. This window shows you the redirection iFrame URL and asks you to check if you trust this URL before entering any sensitive information.

How EviBITB technology can improve your browsing experience?

EviBITB technology is a security, performance and privacy enhancer. It removes redirection iframes and improves your browsing experience in several ways:

  • It speeds up web page loading, by avoiding requests to third-party sites.
  • It reduces bandwidth consumption, by saving data transferred to or from iframes.
  • It limits exposure to ads and pop-ups, by blocking their sources in iframes.
  • It prevents online activity tracking, by deleting cookies and data stored by iframes.
  • It enhances readability and usability of web pages, by removing distracting elements from iframes.
  • It increases compatibility and accessibility of web pages, by avoiding conflicts or errors caused by iframes.

With EviBITB technology, you can enjoy a faster, smoother and more private browsing experience, without compromising security or convenience.

How to use EviBITB to protect yourself from BITB attacks?

EviBITB is a technology that detects and removes malicious iFrames that expose you to BITB attacks. These attacks simulate a browser window in a web page to prompt you to enter credentials on a fraudulent site.

When EviBITB detects a suspicious iFrame, it shows a warning window that informs you of the risk. This window also gives you five buttons to act on the BITB iFrame:

  • Close Warning: this button closes the warning window without acting on the BITB iFrame. You can use it if you trust the iFrame URL or want to ignore it.
  • Never Show Warnings On This Site: this button adds the website URL to a list of trusted sites. EviBITB will not alert you of BITB iFrames on these sites. You can use it if you are sure the website is safe and has no malicious iFrames.
  • Destroy: this button deletes the BITB iFrame from the web page source code. You can use it if you do not trust the iFrame URL or want to remove it.
  • Clean Storage: this button clears the data stored by the BITB iFrame in the browser. You can use it if you have been exposed to phishing by iFrame and want to erase any traces.
  • Read More: this button redirects you to a page with more information about EviBITB and its benefits. You can use it if you want to learn more about how EviBITB works and protects you from hackers.

Why you should use EviBITB to secure your online access?

EviBITB is a technology that allows you to use your smartphone or your NFC HSM card as a secure authentication key for any website. With EviBITB, you enjoy many benefits:

  • You avoid BITB attacks that can steal your data or impersonate your identity.
  • These attacks simulate a browser window in a web page to prompt you to enter your credentials on a fraudulent site.
  • You reduce the risk of keylogging or malware infections that can capture your keystrokes or spy on your online activity.
  • You save time and hassle by using your smartphone or NFC HSM card as an authentication key instead of creating or remembering passwords for each website you visit.
  • You enjoy a seamless and user-friendly experience by accessing websites with just a tap of your smartphone or NFC HSM card on your computer screen.
  • You protect your privacy by controlling what data you share with each website you visit, such as your name, email, or profile picture.

By using EviBITB, you can be sure that the web page you see is the one you want to see, and that you do not give away your data to hackers.

How EviBITB can improve your browsing experience?

EviBITB is not only a security tool, but also a performance and privacy enhancer. By removing redirection iframes, EviBITB can improve your browsing experience in several ways:

  • It can speed up the loading of web pages, by avoiding unnecessary or malicious requests to third-party sites.
  • It can reduce the bandwidth consumption, by saving the data that would otherwise be transferred to or from the iframes.
  • It can limit the exposure to ads and pop-ups, by blocking the sources that display them in the iframes.
  • It can prevent the tracking of your online activity, by deleting the cookies and other data that the iframes may store in your browser.
  • It can enhance the readability and usability of web pages, by removing distracting or irrelevant elements from the iframes.
  • It can increase the compatibility and accessibility of web pages, by avoiding potential conflicts or errors caused by the iframes.

By using EviBITB, you can enjoy a faster, smoother and more private browsing experience, without compromising your security or convenience.

How to get started with EviBITB?

Getting started with EviBITB is easy and fast. You just need to follow these steps:

  • Download the EviBITB extension for your web browser based on Chromium or Firefox from Freemindtronic’s official website: https://freemindtronic.com/evibitb-stop-bitb-phishing-attacks/
  • Install the extension on your web browser and follow the instructions to set it up.
  • Get a smartphone or an NFC HSM card compatible with the extension. You can find more information about these devices on Freemindtronic’s website: https://freemindtronic.com/how-does-evibitb-work-detailed-guide/
  • Pair your smartphone or NFC HSM card with your computer using Bluetooth or NFC technology.
  • Start browsing the web securely with EviBITB. Whenever you visit a website that offers SSO options, you will see a green icon on the address bar indicating that EviBITB is active. You can then tap your smartphone or NFC HSM card on your computer screen to authenticate yourself and access the website.

What are some videos on BITB attacks and EviBITB?

If you want to learn more about BITB attacks and EviBITB technology, you can watch some videos on these topics:

  • A video demonstration of a BITB attack by mrd0x:

In conclusion

BITB attacks are a new and sophisticated form of phishing that can steal your credentials by simulating a browser window within your browser. They can bypass many security measures that are designed to prevent phishing and compromise your online security and privacy.

EviBITB is a free technology that detects and removes phishing iFrames from your web browser. It also offers other features to enhance your online security, such as authentication via NFC HSM devices that secure your credentials without typing them on your keyboard.

If you want to benefit from EviBITB technology, you just need to download the extension corresponding to your web browser on Freemindtronic’s official website:

You will also need a smartphone or an NFC HSM card compatible with the extension. You can find more information about these devices on Freemindtronic’s website.

https://freemindtronic.com/evibitb-stop-bitb-phishing-attacks/ :

Don’t wait any longer and try EviBITB now!

Hashtags: #EviBITB #Phishing #Cybersecurity #NFC #HSM

Snake Malware: The Russian Spy Tool

Snake malware: The Russian that steals sensitive information for 20 years

Snake malware by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

Snake: The Russian malware that steals sensitive information for 20 years

Snake is a malware that allows Russian intelligence services to collect and transmit sensitive information from hundreds of infected computers across 50 countries. It is a very sophisticated espionage tool, designed and used by Center 16 of the Federal Security Service of the Russian Federation (FSB) for long-term operations on strategic targets.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

An example of technical analysis of Snake malware

To illustrate how Snake malware works in detail, we will use an example of technical analysis conducted by FortiGuard Labs on a fresh variant of Snake keylogger malware. This variant was captured in November 2021 and was delivered as an Excel file with malicious macro code. The main payload of Snake keylogger malware was an executable file named “Requests07520000652.exe”, which the macro code downloaded and executed

Snake malware’s core component

Several embedded resources were contained in the main payload, which was a .NET assembly file. Reflection loaded another .NET assembly file named “Guna.UI2.dll” into memory, which was one of theml”, which was loaded into memory by reflection. This file contained the core functionality of Snake keylogger malware, such as stealing information, taking screenshots, capturing clipboard data, and communicating with a command and control (C2) server.

How Snake malware steals sensitive data

The information stealing module was responsible for collecting various types of sensitive information from the infected system, such as:

  • System information: computer name, user name, operating system version, processor architecture, etc.
  • Saved credentials: passwords stored in browsers (Chrome, Firefox, Edge), email clients (Outlook), FTP clients (FileZilla), etc.
  • Keystrokes: keyboard input from various applications (browsers, email clients, chat programs, etc.)
  • Screenshots: images of the desktop or active window at regular intervals
  • Clipboard data: text or images copied to the clipboard

Snake stored the collected information in a temporary folder with random names and encrypted it with AES.

How Snake malware communicates with its operators

After the previous subsection, you can add this subsection:

The communication module was responsible for sending the encrypted information to a C2 server and receiving commands from it. The C2 server used a domain name that was generated by an algorithm based on the current date. The communication protocol used HTTP POST requests with custom headers and parameters. Snake encoded the data with Base64 and encrypted it with AES.

Some of the commands that the C2 server could send to the malware were:

  • GetInfo: request system information from the malware
  • GetLogs: request keystroke logs from the malware
  • GetClipboard: request clipboard data from the malware
  • GetScreen: demander des captures d’écran du malware
  • Mise à jour : téléchargez et exécutez une version mise à jour du malware
  • Désinstaller: supprimer le malware du système

ViperSoftX How to avoid the malware that steals your passwords

ViperSoftX How to avoid the malware that steals your passwords

ViperSoftX malware by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

ViperSoftX: The malware that steals your passwords and cryptocurrencies

Do you use password managers or cryptocurrency wallets to secure your online data? Beware, you could be the target of a malware named ViperSoftX, which infiltrates your computer and steals your sensitive information. Find out how it works, how to detect it and how to protect yourself from it in this article.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

ViperSoftX: The Malware that Steals Your Cryptocurrencies and Passwords

ViperSoftX is a malware that steals sensitive information from infected computers, including data related to cryptocurrencies and passwords. It was first discovered in 2020 as a JavaScript-based remote access trojan and cryptocurrency hijacker. Since then, it has evolved to become more sophisticated and stealthy, using innovative arrival and execution techniques, enhanced encryption and a malicious extension for web browsers. In this article, we will examine the features, targets and consequences of ViperSoftX malware, as well as how to protect yourself from it.

Global impact of ViperSoftX malware

This is not a regional threat, but a global one. The malware is mostly spread via torrents and software-sharing sites, which attract users from all over the world. According to Avast, the most impacted countries by ViperSoftX in 2022 were India, USA, Italy, and BrazilHowever, Trend Micro reported that the malware also affected a significant number of victims in Australia, Japan, Taiwan, Malaysia and France in 2023. Both enterprises and consumers are at risk of losing their sensitive data and cryptocurrencies to this stealthy malware. Therefore, it is important to raise awareness about the dangers of ViperSoftX and how to prevent its infection.

How to avoid ViperSoftX, the malware that steals your sensitive data

This is malware is dangerous malware that targets Chrome and other browsers, and can steal your passwords from virtual password managers like 1Password or KeePass 2 and virtual cryptocurrency wallets. In this article, you will learn how it works and how to prevent it from infecting your device.

Features of ViperSoftX malware

ViperSoftX is a malware that stands out for its innovative arrival and execution techniques, enhanced encryption and malicious extension for web browsers. VipersoftX is a malware that steals information from infected computers.

What is ViperSoftX and how does it work?

ViperSoftX is a type of malware called infostealer, which means it is designed to steal the data from a device. It was first discovered in 2020 by Fortinet1, and has since evolved to become more sophisticated and stealthy.

ViperSoftX mainly targets the users of Chrome and other browsers, such as Firefox, Opera, Brave and Microsoft Edge. It installs a malicious extension called VenomSoftX on the browser, which can access and extract sensitive information such as browser login data, cryptocurrency wallets, stored credit card information, passwords and more2.

It is a JavaScript-based Remote Access Trojan (RAT) that allows attackers to remotely control the compromised machine and execute various malicious actions. VipersoftX uses advanced obfuscation techniques to hide itself and evade detection from security software, It uses 8 layers of code obfuscation before executing its actual payload. It uses 3 types of obfuscation techniques: AES decryption, character array conversion, and UTF-81 decoding,

It establishes its persistence by copying itself to %APPDATA% and creating a shortcut in the startup directory to invoke it. It uses seemingly legitimate names to disguise itself, such as v pn_port.dll, reg.converter.sys, install.sig, and install.db

The main features of the malware

These features make ViperSoftX malware a serious threat to the security of users and organizations that use cryptocurrencies or password managers.

  • Arrival technique by cracked software: The malware usually poses as a cracked software, an activator or a key generator, which hides the malicious code in the overlay. The malware uses non-malicious files as carriers of the malicious code, such as gup.exe from Notepad++, firefox.exe from Tor or ErrorReportClient.exe from Magix. These files are accompanied by a DLL file that serves as a decryptor and loader of the malicious code. This technique aims to deceive users who are looking for illegal versions of software and to avoid detection by security solutions.
  • Enhanced encryption by byte remapping: The malware uses a sophisticated encryption method that consists of remapping the bytes of the malicious code according to a specific byte map. Without the correct byte map, the encrypted malicious code, including all components and relevant data, cannot be correctly decrypted, making the decryption and analysis of the code longer and more difficult for analysts. The malware also changes its byte map every month, which makes it even harder to track the malicious code.
  • Monthly change of command and control server: The malware communicates with a command and control (C&C) server to send the stolen information and receive instructions. The C&C server also changes every month, according to a predictable algorithm based on the current date. The C&C server uses the HTTPS protocol to encrypt the communication with the malware.
  • Ability to steal data from various cryptocurrency wallets and web browsers: The malware mainly aims to steal data related to cryptocurrencies, such as private keys, passwords and addresses of wallets. The malware targets more than 20 different cryptocurrency wallets, such as Blockchain, Binance, Coinbase, MetaMask or Ledger Live. The malware also installs a malicious extension named VenomSoftX on Chrome, Brave, Edge, Opera and Firefox web browsers. This extension can intercept and modify cryptocurrency transactions made on web browsers. The malware can also steal other sensitive data stored on web browsers, such as cookies, history, bookmarks or autofill data.
  • Detection of two password managers, KeePass 2 and 1Password: The malware checks for files associated with two popular password managers, KeePass 2 and 1Password, on the infected computer. It also tries to steal data stored in the browser extensions of these password managers. It is not clear whether the malware exploits a known vulnerability of the password managers or whether it uses another method to access the saved passwords.

Consequences of information theft by ViperSoftX malware

ViperSoftX is a malware that can cause serious damage to the users and organizations whose data it steals. The consequences of information theft by ViperSoftX malware can include:

  • Loss of money: The malware can steal data related to cryptocurrencies, such as private keys, passwords and addresses of wallets. This can result in the loss of funds stored in these wallets, or the redirection of transactions to the attacker’s accounts. The malware can also steal data related to online banking, credit cards or other payment methods, which can enable the attacker to make fraudulent purchases or transfers using the victim’s identity.
  • Loss of identity or confidentiality: The malware can steal data related to personal or professional identity, such as passport numbers, driver’s license numbers, social security numbers, medical records, online subscriptions, etc. This can result in identity theft, where the attacker can use the victim’s identity to access secure accounts, set up credit cards, apply for loans, or commit other crimes. The malware can also steal data related to confidential or proprietary information, such as software code, algorithms, processes or technologies. This can result in the loss of intellectual property, competitive advantage or trade secrets.
  • Risks for the consumer and enterprise sectors: The malware targets both individual users and organizations that use cryptocurrencies or password managers. For individual users, the malware can compromise their privacy and security, as well as expose them to financial losses or legal liabilities. For organizations, the malware can compromise their reputation and customer trust, as well as expose them to lawsuits, ransomware demands, recovery costs, regulatory fines or penalties

Victims of the ViperSoftX malware and statistics

The ViperSoftX malware has made many victims around the world, especially in France. Some users have lost large amounts of cryptocurrencies due to the theft of their wallet addresses. Others have seen their online accounts hacked due to the theft of their passwords. Here are some testimonies collected from forums or social networks:

  • “I was infected by ViperSoftX two weeks ago. I only realized it when I wanted to make a transfer of bitcoins to another wallet. The address I had copied had been replaced by another one in the clipboard. I lost 0.5 bitcoin, which is about 20,000 euros.”
  • “I got caught by ViperSoftX by downloading a cracked software from a torrent site. The malware installed a malicious extension on my Firefox browser and stole my passwords stored in KeePass. I had to change all my passwords and disinfect my computer with an antivirus.”
  • “ViperSoftX caused me a lot of problems. The malware accessed my personal and professional data by going through the extension of 1Password on Chrome. It used my Gmail account to send spam to my contacts and my PayPal account to make fraudulent purchases.”

According to TrendMicro, the ViperSoftX malware has infected more than 10,000 computers worldwide since its appearance in 2020. The number of victims could be even higher, as the malware is difficult to detect by antivirus.

How does ViperSoftX spread?

The malware also checks if the device has virtual password managers installed, such as 1Password or KeePass 2. These are applications that help users store and manage their passwords securely. ViperSoftX exploits a vulnerability called CVE-2023-24055 to access the data stored by these password managers through their browser extensions3.

ViperSoftX also steals users’ cryptocurrency by attacking wallets and exchanges. It targets the following wallets in particular: Armory, Atomic Wallet, Binance, Bitcoin, Blockstream Green, Coinomi, Delta, Electrum, Exodus, Guarda, Jaxx Liberty, Ledger Live, Trezor Bridge, Coin98, Coinbase and MetaMask.

The stolen data is then sent to a command-and-control (C2) server controlled by the attackers, who can use it for financial gain or sell it to other hackers.

How to protect yourself from ViperSoftX malware

ViperSoftX is a stealthy and dangerous malware that can cause serious damage to your computer and your data. Therefore, you should take some preventive measures to avoid being infected by this malware. Here are some tips to help you protect yourself from ViperSoftX:

  • Avoid cracked software: The malware often arrives as cracked software, an activator or a key generator, which hides the malicious code in the overlay. Avoid downloading or using illegal versions of software or games, as they may contain malware. Only download software from trusted sources and verify their authenticity.
  • Use security software: Use a robust antivirus software that can detect and remove malware from your device. Keep your security software updated and perform regular scans of your device. You can also use a firewall to block unauthorized network connections and a VPN to encrypt your online traffic.
  • Update your browsers and password managers: The malware installs a malicious extension named VenomSoftX on web browsers and steals data from them. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly. Update your browsers and password managers regularly to fix any security vulnerabilities. Also, only install extensions from trusted sources and check their permissions and reviews.
  • Backup your data: The malware can steal or encrypt your data, making it inaccessible or unusable. Backup your data regularly to an external storage device or a cloud service, so you can restore it in case of a malware attack. You can also use encryption tools to protect your data from unauthorized access.
  • Be careful with email attachments and links: The malware can also arrive through phishing emails that trick you into clicking on a link or opening an attachment. Be wary of emails that ask you to provide personal or financial information, or that seem to be from unknown or suspicious senders. Also, avoid clicking on links or attachments that look suspicious or irrelevant.
  • Use strong and unique passwords: The malware can steal your passwords for your online accounts, especially for your cryptocurrency wallets and exchange platforms. Use strong and unique passwords for each account, and avoid using the same password for multiple accounts. You can use a password generator or a password manager to create and store strong passwords.
  • Enable two-factor authentication (2FA): The malware can use your stolen passwords to access your accounts and perform fraudulent transactions. Enable two-factor authentication (2FA) whenever possible, which adds an extra layer of security to your login process. 2FA requires you to enter a code sent to your phone or email, or generated by an app, in addition to your password.
  • Avoid downloading and installing software or documents from untrusted sources: The malware often hides behind cracked versions of popular software or games, which are offered on torrent or illegal download sites.
  • Keep your browser and password manager updated: with the latest security patches, and use strong and unique passwords for each account.

How to remove ViperSoftX from your system

ViperSoftX is a malware that can infect your computer and steal your data. If you suspect or know that your computer is already infected by ViperSoftX, you should act quickly to remove it and prevent further damage. Here are some steps to help you remove ViperSoftX from your system:

  • Uninstall malicious programs from Windows: ViperSoftX may have installed some malicious programs on your computer that can interfere with your removal process. To uninstall them, go to Control Panel > Programs > Uninstall a program and look for any suspicious programs that you do not recognize or that you did not install yourself. Select them and click Uninstall.
  • Reset browsers back to default settings: ViperSoftX may have modified your browser settings and installed a malicious extension named VenomSoftX that can steal your data. To reset your browser settings, go to your browser settings and look for an option to reset your browser to its default state. This will remove any malicious extensions, cookies, history, passwords, and other data that ViperSoftX may have added or modified.
  • Use Rkill to terminate suspicious programs: ViperSoftX may have some processes running in the background that can prevent you from removing it. To stop them, use Rkill, a free tool that can terminate any suspicious processes that are running on your computer. Download Rkill from here and run it as administrator. Wait for it to finish scanning and killing any suspicious processes.
  • Use Malwarebytes to remove Trojans and unwanted programs: ViperSoftX is a Trojan malware that can hide itself from antivirus detection by using camouflage mechanisms. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly. To remove it, use Malwarebytes, a powerful anti-malware software that can detect and remove ViperSoftX and other threats from your computer. Download Malwarebytes from here and install it. Run a full scan and follow the instructions to quarantine or delete any detected threats.
  • Use HitmanPro to remove rootkits and other malware: ViperSoftX may have some hidden malware components that may have escaped Malwarebytes. To find and remove them, use HitmanPro, a second-opinion scanner that can find and remove any hidden malware that may be on your computer. Download HitmanPro from here and run it. Follow the instructions to scan your computer and remove any remaining malware.
  • Use AdwCleaner to remove malicious browser policies and adware: ViperSoftX may have changed some browser policies or installed some adware on your computer that can display unwanted ads or pop-ups. To clean your browser from them, use AdwCleaner, a free tool that can remove any unwanted policies, extensions, toolbars, ads, or pop-ups that may have been installed by ViperSoftX or other adware. Download AdwCleaner from here and run it. Click Scan Now and then Clean & Repair to remove any detected threats.
  • Perform a final check with ESET Online Scanner: To make sure that your computer is completely free of malware infections, perform a final check with ESET Online Scanner, a free online tool that can scan your computer for any remaining malware infections. It can detect and remove viruses, Trojans, spyware, phishing and other internet threats. To use ESET Online Scanner, go to this website and click Start Scan Now. Accept the terms of use and click Enable ESET LiveGrid feedback system. This will allow ESET to collect anonymous data about detected threats and improve its detection capabilities. Wait for the scan to complete and follow the instructions to delete any detected threats.”

By following these steps, you should be able to remove ViperSoftX from your computer completely. However, you should also change your passwords for your online accounts, especially for your cryptocurrency wallets and exchange platforms

ViperSoftX is a very stealthy malware that can evade antivirus detection by using various techniques. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly4.

How to secure your passwords and cryptocurrencies with modern authentication methods?

One of the best ways to protect your passwords and cryptocurrencies from ViperSoftX and other malware is to use modern authentication methods that rely on hardware devices instead of software. These devices are called hardware password managers or cold wallets.

Hardware password manager

A hardware password manager is a device that stores and manages your passwords securely. Unlike a virtual password manager, which runs on your computer or smartphone, a hardware password manager is a separate device that you can carry with you. This way, you can avoid storing your passwords on potentially compromised devices or online services.

A hardware password manager generates and stores strong passwords for your online accounts, which you can access with one master password. To log in to an online service, you can either type the password manually or use the NFC feature of the device to transmit the password to your computer or smartphone.

NFC

NFC (Near Field Communication) is a wireless technology that allows devices to communicate over short distances. You can use NFC for various purposes, such as contactless payments, smart cards, and authentication. By using NFC, you can log in to your online accounts with a simple tap of your hardware password manager on your device.

Some of the benefits of using NFC are:

  • It is fast and convenient: you do not need to type long passwords or scan QR codes.
  • It is secure: NFC uses encryption and authentication protocols to prevent eavesdropping or tampering.
  • It is compatible: NFC works with most:

Cold wallet

A cold wallet is a device that stores your cryptocurrencies offline. Unlike a hot wallet, which is connected to the internet and vulnerable to hacking, a cold wallet is isolated and protected from unauthorized access. To use a cold wallet, you need to transfer your cryptocurrencies from an online platform to the device and vice versa.

A cold wallet generates and stores private keys for your cryptocurrency accounts. A private key is a secret code that allows you to access and control your cryptocurrency funds. You should never share or lose your private key, as it is the only way to access your funds.

Some of the advantages of using a cold wallet are:

  • It is safe and reliable: you do not have to worry about hackers, malware, or phishing attacks.
  • It is easy and convenient: you can manage your funds with a simple interface and a few clicks.
  • It is versatile and compatible: you can store different types of cryptocurrencies on the same device.

One example of a cold wallet that uses NFC technology is the NFC Cold Wallet with EviVault technology from Freemindtronic Andorra. This device allows you to store and manage your cryptocurrencies securely and conveniently with your smartphone.

EviVault Cold Wallet & Hardware Wallet

EviVault is a patented technology that enhances the security and performance of NFC devices. It uses a combination of hardware and software features to protect your data from physical and logical attacks.

Some of the features of EviVault are:

  • It encrypts and authenticates your data with AES-256 and HMAC-SHA256 algorithms.
  • It prevents cloning, tampering, or replay attacks with anti-counterfeiting and anti-replay mechanisms.
  • It detects and blocks brute force attacks with auto unpairing functions traced in a black box.
  • It optimizes the speed and reliability of NFC communication with error correction and data compression techniques.

With EviVault, you can enjoy the benefits of NFC technology without compromising your security or privacy.

The impact of the ViperSoftX malware on businesses

The ViperSoftX malware does not only target individuals, but also businesses. Indeed, the malware can compromise the security of professional data by stealing the passwords of employees or customers. It can also infect the computer network of the company and spread other malware, such as ransomware or cryptominers.

To protect themselves from the ViperSoftX malware, businesses must take several measures:

  • Educate employees about the risks associated with downloading software or documents from unofficial or illegal sources.
  • Use up-to-date and effective antivirus software to detect and remove the malware.
  • Choose secure and reliable password managers, which do not store sensitive data in browser extensions.
  • Check regularly the transactions in cryptocurrencies and the addresses of the wallets.

In conclusion

ViperSoftX is a dangerous malware that can steal your passwords and cryptocurrencies from your virtual password managers and online platforms. To protect yourself from ViperSoftX, you should be careful about what you download and install on your device, keep your software updated and secure, avoid installing unknown or suspicious extensions and backup your data regularly.

To secure your passwords and cryptocurrencies with modern authentication methods, you can use hardware password managers or cold wallets that rely on hardware devices instead of software. These devices use NFC technology to offer you a high level of security and convenience for your online accounts. However, you should also follow some best practices, such as keeping your devices updated and secure, using strong passwords and two-factor authentication, and storing only small amounts of cryptocurrency on online platforms.

What is Juice Jacking and How to Avoid It?

what is juice jacking and how to avoid it

Juice Jacking by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

How to protect yourself from Juice Jacking”

Do you often use public USB chargers to recharge your smartphone or tablet? If so, you may be exposing your device to a cyberattack called Juice Jacking. In this article, we will explain what Juice Jacking is and how to protect yourself from it.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

Juice Jacking: How to Avoid This Cyberattack

Do you often use public USB chargers to recharge your smartphone or tablet? If so, you may be exposing your device to a cyberattack called Juice Jacking. This is a type of attack that can steal your data or infect your device when you use a public USB charger. In this article, we will explain what Juice Jacking is and how to protect yourself from it.

What is Juice Jacking?

Juice Jacking is an attack that hackers can perform. They put malware on the public charger’s USB port. When you plug your device into the charger, the malware can access your data or infect your device.

Juice Jacking can take two forms:

  • Data theft: the malware can copy your contacts, photos, messages, passwords or any other sensitive information stored on your device.
  • Malware installation: the malware can install a program that will do malicious things to your device.

The Lack of Awareness and Protection of Juice Jacking Among Users Worldwide

One of the reasons why juice jacking is a serious threat is that many people are unaware of it or do not take precautions when using public USB ports. According to a 2019 study by the University of Illinois at Urbana-Champaign, 64% of Americans use public USB ports to charge their devices, and 15% of them do not know what juice jacking is. The study also found that only 8% of the participants used a USB data blocker or a power-only cable to protect their devices from potential attacks. A similar situation exists in other countries, such as the United Kingdom and Australia. A 2020 study by Comparitech surveyed more than 2,000 people in the UK and found that 45% of them used public USB ports to charge their devices, and 50% of them had never heard of juice jacking. A 2019 study by Finder analyzed the behavior of more than 1,000 people in Australia and found that 41% of them used public USB ports at least once a month, and 21% of them did not know what juice jacking was. These studies show that there is a need for more education and awareness on the risks and prevention of juice jacking.

How to prevent Juice Jacking?

To prevent Juice Jacking, don’t use public USB chargers. Instead, you can use your own charger or a portable battery. However, if you have no choice but to use a public charger, you can take some precautions:

  • Use a USB data blocker. This is a device that blocks the data transfer between the charger and your device. It only allows the power to pass through.
  • Turn off your device before plugging it into the charger. This may reduce the risk of data theft or infection.
  • Use a VPN app on your device. This can encrypt your data and make it harder for hackers to access it.

How to protect yourself from Juice Jacking with EviCore NFC HSM and EviCypher Technology

Juice Jacking is a cyberattack that steals or modifies your data through malicious USB chargers. You need a secure and portable encryption solution to protect yourself from this threat. EviCore NFC HSM and EviCypher technology can help you.

EviCore NFC HSM is a contactless hardware security module (HSM). It stores your sensitive data and protects it with configurable multi-factor authentication. You can access your data with your smartphone via NFC (Near Field Communication).

EviCypher is a hardware encryption device that works with EviCore NFC HSM. It encrypts and decrypts your documents, emails and messages with your smartphone. You can use it with any messaging service and enjoy an advanced electronic signature system.

With EviCore NFC HSM and EviCypher, you can avoid hackers who use malicious USB chargers. Your data are safe and secure offline, without any server or database. To learn more about this innovative technology, visit the website EviCore NFC HSM by Freemindtronic.

EviCore NFC HSM and EviCypher are products and services from Freemindtronic. Freemindtronic is a company specialized in NFC security solutions. It offers the best encryption products on the market.

A more technical explanation by ethical hackers

The Juice Jacking is a cyberattack that exploits the vulnerability of the USB ports that are used for both charging and data transfer. Ethical hackers, who are security professionals who use their skills for good, have demonstrated how this attack works and how to prevent it.

One of the first demonstrations of Juice Jacking was made by researchers from the University of Michigan in 2011 at the DEF CON hacker convention. They set up an informative kiosk on Juice Jacking to raise awareness among visitors about the danger of plugging their devices into public charging stations. When a visitor plugged in their phone, the screen turned red and displayed a warning message: “You should not trust public kiosks with your smart phoneYou should not trust public kiosks with your smart phoneYou should not trust public kiosks with your smart phone”.

The researchers also showed how malicious actors could use the kiosk to steal data, track devices, or compromise them. They also provided information on how to compromise charging kiosks.

Another demonstration was made by security researchersecurity researcher Kyle Osborn in 2012. He published an attack framework called P2P-ADB that uses a USB On-The-Go cable to connect an attacker’s phone to a victim’s device. The framework includes examples and proofs of concept that would allow hackers to unlock locked phones, steal data from a phone, including authentication keys that would allow the attacker to access the owner’s Google account.

In 2013, security researchers from Georgia Tech published a proof of concept of a malicious tool called Mactans that uses the USB charging port of an Apple mobile device. They used low-cost hardware components to build a small malicious wall charger that can inject malware into an iPhone running

In 2014, security researchers Karsten Nohl and Jakob Lell from srlabs published their research on the BadUSB attack at the Black Hat USA conference . They showed how hackers can reprogram USB devices such as flash drives or cables to act as keyboards or network cards and send commands or data to a connected device.

These demonstrations show how Juice Jacking can be performed by skilled hackers who have access to the USB ports or cables in public places. They also show how users can protect themselves by using their own chargers or batteries, using data blockers, turning off their devices, or using VPN apps.

Some examples and testimonials

Juice Jacking is a serious threat for users of public USB chargers. It can compromise your data and your device’s security. Here are some examples and testimonials that illustrate the risks of Juice Jacking:

  • In 2011, at the DEF CON hacker convention, an informative kiosk on Juice Jacking was set up to raise awareness among visitors about the danger of plugging their devices into public charging stations . When a visitor plugged in their phone, the screen turned red and displayed a warning message: “You should not trust public kiosks with your smart phone” .
  • In 2013, security researchers from Georgia Tech presented a proof of concept of a malicious wall charger that could inject malware into an iPhone running the latest version of iOS while it was being charged. The malware bypasses all the built-in security measures in iOS and hides itself in the same way that Apple hides background processes in iOS .
  • In 2019, the Los Angeles County District Attorney warned travelers about Juice Jacking in airports. He advised travelers to use electrical outlets rather than USB ports to charge their devices.
  • In 2020, a French journalist testified that she was a victim of Juice Jacking during a trip to India. She said that her phone was infected by malware after plugging it into a USB port in a hotel. The malware sent her messages asking her to pay a ransom to get her data back.

To illustrate the phenomenon of Juice Jacking further, you can also check out these videos:

  • A video explanation from ZDNet that presents Juice Jacking and its consequences.
  • A video demonstration from ETX Studio that shows how to protect yourself from Juice Jacking with a USB data blocker.
  • A video information from Slate that explains why you should not be afraid of Juice Jacking and how it is unlikely to happen.

Some scientific and statistical sources

Juice Jacking is a topic that interests security researchers and public authorities. Here are some scientific and statistical sources that address Juice Jacking:

  • An academic paper published in 2011 by researchers from the University of Michigan that analyzes the risks associated with using public USB ports and proposes solutions to reduce them.
  • A technical report published in 2014 by researchers from Johns Hopkins University that describes a method to detect and prevent Juice Jacking on Android devices.
  • A study conducted in 2017 by Kaspersky Lab that reveals that 25% of French users have already used a public USB charger and that 12% of them have already suffered a loss or theft of data as a result of such use.

Conclusion

Juice Jacking is a cyberattack that targets users of public USB chargers. It can compromise your data and your device’s security. To avoid it, you should use your own charger or battery whenever possible. If you have to use a public charger, you should use a USB data blocker, turn off your device, or use a VPN app.

We hope this article helped you understand what Juice Jacking is and how to protect yourself from it.

Strong Passwords in the Quantum Computing Era

Strong Passwords in the Quantum Computing

Strong Passwords by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

How to Protect Your Passwords from Quantum Computers Introduction

Do you know that quantum computers could break your passwords in seconds? This could expose your personal and financial data to hackers. To prevent this, you need to create strong passwords that can resist quantum attacks. In this article, you will learn how to do it easily and effectively.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

How to create strong passwords in the era of quantum computing?

Quantum computing is a technology that promises to revolutionize the field of computation by exploiting the properties of subatomic particles. It offers unprecedented possibilities for scientific research, artificial intelligence or cryptography. But it also represents a risk for the security of data and online communications. Indeed, quantum computers could be able to crack the secret codes that protect our passwords, our bank accounts or our private messages.

What is quantum computing? What is encryption? What is a brute force attack?How to protect ourselves from this threat? The answer is simple: create strong passwords and resist quantum attacks. But what is a strong password? And how to choose it? Here are some tips to help you strengthen your digital security in the era of quantum computing.

What is quantum computing and how does it work in video?

What is a strong password?

A strong password is a password that is hard to guess or crack by a hacker. It must be composed of at least 12 characters, mix uppercase and lowercase letters, numbers and symbols, and not contain dictionary words, proper names or personal data. For example, “P@ssw0rd123” is not a strong password, because it is too short, too simple and too common. On the other hand, “Qx7!tZ9#rGm4” is a strong password, because it is long, complex and random.

Why is a strong password important?

A strong password is important because it reduces the risk that your account will be hacked by a brute force attack. A brute force attack consists of testing all possible combinations of characters until finding the right password. The longer and more complex the password, the more possible combinations there are, and the more time and resources it takes to crack it.

For example, a password of 8 characters composed only of lowercase letters has about 200 billion (26^8) possible combinations. A classical computer can crack it in a few minutes. But a password of 20 characters composed of letters, numbers and symbols has about 10^39 (95^20) possible combinations. A classical computer would need 766 trillion years to crack it.

But what about quantum computers?

Quantum computers are able to perform calculations much faster and more powerful than classical computers thanks to their ability to manipulate qubits instead of bits. A qubit can take two states simultaneously (0 and 1), which allows it to explore multiple solutions at the same time. Thus, a quantum computer could theoretically crack a password by testing all possible combinations in parallel.

However, there are technical and practical limits to this ability. First, you need to have a quantum computer powerful and stable enough to perform this type of operation. However, current quantum computers are still very rudimentary and only have a limited number of qubits. Second, you need to know the type of encryption used to protect the password. However, there are encryption algorithms that are resistant to quantum attacks, such as symmetric encryption or elliptic curve encryption. Third, you need to have access to the system that stores the password. However, there are security measures that prevent unauthorized access, such as two-factor authentication or account locking after several unsuccessful attempts.

Thus, even if quantum computers represent a potential threat for the security of passwords, they are not yet able to crack them easily. Nevertheless, it is prudent to prepare for the advent of this technology by creating strong passwords and changing them regularly.

How to choose a strong password?

To choose a strong password, there are several methods. Here are some examples:

  • The Diceware method: it consists of randomly choosing several words from a predefined list and separating them by spaces or symbols. For example, “piano cat star 7 &”. This method allows you to create passwords that are easy to remember and hard to crack.
  • The XKCD method: it consists of choosing four random words and assembling them without space. For example, “correcthorsebatterystaple”. This method is inspired by a comic from the XKCD site that shows that this type of password is safer than a complex but short password.

The random generator method: it consists of using an online tool that creates a random password composed of letters, numbers and symbols. For example, “Qx7!tZ9#rGm4”. This is the method implemented in the evicore nfc and evicore hsm technology from Freemindtronic, which features a random password generator with Shannon entropy control. This technology also automatically calculates the number of bits of the generated password based on the type of printable ASCII 95 characters used. This method allows you to create very secure passwords but difficult or impossible to remember, which requires the use of a hardware or virtual password manager. Whatever the method chosen, it is important to follow some rules:

  • Do not use the same password for multiple accounts or services.
  • Do not write the password on a paper or store it on an insecure device.
  • Do not share the password with other people or communicate it by email or phone.
  • Do not use obvious clues or security questions to recover the password in case of forgetfulness.
  • Use a password manager to store and manage your passwords securely.

Tools for creating and protecting strong passwords

If you want to create and protect strong passwords in the age of quantum computing, you can use some of these online tools to help you:

  • Online password generator: A tool that creates a random and strong password composed of letters, numbers and symbols. For example, Mot de passe.xyz is a free and secure online password generator that lets you choose the length and types of characters for your password.
  • Password strength calculator: A tool that calculates the entropy (the number of bits) of a password based on its length and the number of possible characters. For example, Password Entropy Calculator is a free online tool that shows you how strong your password is and how long it would take to crack it.
  • Data breach checker: A tool that checks if your email or phone number has been exposed in a data breach. For example, Have I Been Pwned? is a free online service that lets you check if your personal information has been compromised by hackers.

Using these tools can help you create and protect strong passwords that are resistant to quantum attacks. However, you should also remember to use different passwords for different accounts, change them regularly, and use a password manager to store them safely.

In conclusion

Passwords are essential to protect our privacy and our data online. Faced with the potential threat of quantum computers, it is important to create strong passwords and resist quantum attacks. To do this, we need to choose passwords that are long and complex, change them regularly and manage them with caution. Thus, we will be able to enjoy the benefits of quantum computing without fearing for our digital security.

Protect Your Data from AMOS Malware

AMOS malware protection with Keepser NFC Cold Xallet


AMOS Malware Protection by Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Related topic :
CryptBot malware

Protect Your Mac from AMOS Malware

Are you worried about the threat of AMOS malware on your Mac? Keep your data safe with Keepser Cold Wallet. Learn how this technology can protect your sensitive information from this dangerous malware.

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Articles Cyberculture legal Legal information News

End-to-End Messaging Encryption Regulation – A European Issue

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

AMOS Malware Protection with Keepser Cold Wallet

The Threat of AMOS Malware on macOS

AMOS malware is a growing threat to macOS users. Hackers are marketing a new malware for the macOS operating system. Named Atomic Macos Stealer or AMOS, this malicious software is designed to steal user data for $1,000 per month. It extracts passwords from the keychain, steals files on disks, cookies, as well as cards and identification information stored in the browser and tries to extract data from 50 different cryptocurrency wallets. Buyers also benefit from a complete web dashboard to brute force MetaMask.

How AMOS Malware Works

AMOS is capable of accessing iCloud keychain passwords, system information, files from the desktop and documents folder, as well as the Mac password. It is able to infiltrate applications such as Chrome and Firefox and extract autofill information, passwords, cookies, wallets and credit card information. Cryptocurrency wallets such as Electrum, Binance and Atomic are specific targets.

The malware is being propagated using an unsigned disk image file called Setup.dmg. Once executed, the file prompts the victim to enter their system password on a bogus prompt. This allows the malware to escalate privileges and carry out its malicious activities. This technique is similar to that used by other macOS malware, such as MacStealer.

How to Protect Against AMOS Malware

The increase in the deployment of macOS stealer malware by non-state actors highlights the need for users to be cautious when downloading and installing software. The cybersecurity industry recommends that users only download and install software from trustworthy sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via email or SMS messages.

The Solution: Keepser Cold Wallet with EviVault Technology

However, there is a solution to protect your sensitive data against AMOS malware. For only €387, you can purchase two NFC Cold Wallet Keepser from Keepser Group with EviVault technology from Freemindtronic SL. These wallets allow you to store offline and physically externalized from macOS and/or PC computers the private keys and/or seed phrases of cryptocurrency wallets as well as identifier and password pairs. Thus, it will simply be impossible to extract sensitive data from a computer that is not physically present in these computers, even for this AMOS malware.

By using EviVault NFC Cold Wallet technologies from Freemindtronic embedded in Keepser products, you can protect your sensitive data against malware attacks such as AMOS or Cryptbot. These wallets also work on macOS, providing additional protection to Mac users.

The Benefits of EviVault Technology

Thanks to EviVault technology developed by Freemindtronic, the Keepser Cold Wallet is a unique ultra-secure cold storage solution for cryptocurrency wallets, offering anonymous, offline and contactless use via NFC technology, as well as compatibility with NFC Android phones and computer systems via a browser extension.

It’s like they say: “Why pay €1,000 per month to steal sensitive data when you can pay €387 one shot for AMOS malware protection without subscription to protect against it (and other malware like Cryptbot)!” 😉

It is important to take seriously the threats posed by malware such as AMOS and to take the necessary measures to protect your sensitive data. By using advanced technologies such as EviVault NFC Cold Wallet from Freemindtronic embedded in Keepser products, you can ensure that your data is secure.

Cryptbot malware steals data cryptocurrencies

CryptBot: the malware that targets your data and crypto on Chrome
CryptBot malware By Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Article updated on May 3, 2023
Related topic : Amos malware
 

CryptBot: A Threat to Chrome Users

Cryptbot is a malware that targets Chrome users who store or trade cryptocurrencies. It can steal your data and virtual wallets. Google says it infected 670,000 people in 2022. This article tells you how Cryptbot works, how to detect and remove it, and how to prevent future attacks.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

2023 Digital Security Phishing

BITB Attacks: How to Avoid Phishing by iFrame

Articles Digital Security Phishing

Snake Malware: The Russian Spy Tool

Articles Cryptocurrency Digital Security Phishing

ViperSoftX How to avoid the malware that steals your passwords

Articles Phishing

Protect Your Data from AMOS Malware

Articles EviVault Technology Phishing

Cryptbot malware steals data cryptocurrencies

Understanding Cryptbot Malware: A Comprehensive Guide to the Threats and Risks

Cryptbot malware is a serious concern for Chrome users, as it surreptitiously steals their confidential information and digital currencies by hiding in malicious extensions that are installed in the browser without their knowledge. Once installed, it can compromise sensitive information such as passwords, banking logins, private keys of cryptocurrencies and browsing history. Moreover, Cryptbot malware can add malicious code in the web pages to misappropriate cryptocurrencies from the users’ wallets or exchanges. Hence, the security threat posed by this malware is severe and requires immediate attention.

Cryptbot Malware: How it Steals Sensitive Data, Including Cryptocurrency Wallets, from Chrome Users

This type of Trojan malware was first detected in December 2019 and is known for disguising itself as authentic software such as Google Chrome or Google Earth Pro and can be downloaded from counterfeit websites. Upon download and installation, the computer gets infected with Cryptbot along with another Trojan, Vidar, both of which are created to identify and steal sensitive data of Chrome users like:

  • Username and password that are saved in Chrome browser
  • Browser cookies that may contain session or preference information
  • Cryptocurrency wallet data, like Ethereum or Bitcoin
  • Credit card information saved in the browser
  • Desktop or window screenshots

The data that is collected can often be sold to other hackers who may use it for extortion campaigns or data breaches. Moreover, this malware is capable of taking screenshots of active windows or desktop, exposing even more confidential information. Therefore, Cryptbot malware endangers your privacy and security while putting online accounts, identity, money and personal safety at risk. It may also lead to further malware infections or phishing attempts. Hence, safeguarding against Cryptbot malware is essential, and it should be removed if detected.

CryptBot Malware: How It Spreads Through Fraudulent Websites and Phishing Campaigns, and Its Command and Control Server

CryptBot mainly spreads through fraudulent websites that offer modified or pirated versions of legitimate software such as Google Chrome or Google Earth Pro. These websites encourage users to download and run malicious files, which then install CryptBot on their computer.

This malware can also be distributed through phishing campaigns, which involve sending misleading emails to users, impersonating trusted entities such as Google or Microsoft. These emails often contain links or attachments infected.

Once installed on the victim’s computer, CryptBot connects to a command and control (C&C) server, which gives it instructions on the data to collect and send. CryptBot can automatically update itself to avoid detection and stay hidden on the victim’s computer.

Removing CryptBot Malware from Chrome

If you suspect that your Chrome browser is infected with CryptBot malware, you should take immediate action to remove it. Here are some steps you can follow to detect and remove CryptBot:

  • Suspicious Extension Check: Open Chrome and click on the three dots icon on the top right corner. Go to More Tools > Extensions and look for any suspicious extensions that you do not recognize or do not remember installing. Remove them by clicking on the Remove button.
  • Anti-Malware Software Use: Download and install a reputable anti-malware software such as Malwarebytes or Norton. Run a full system scan to detect and remove CryptBot malware from your computer.
  • Chrome Settings Reset: Go to Chrome Settings > Advanced > Reset and clean up > Restore settings to their original defaults. This will reset your browser settings to their default state and remove any unwanted changes made by CryptBot.
  • Password Change: If CryptBot has stolen your passwords, you should change them immediately for all affected accounts.

Detecting CryptBot Malware on Your Computer

It is not always easy to detect the presence of CryptBot on your computer, as it is a discreet and silent malware. However, there are some signs that can alert you:

  • Your computer becomes slower or more unstable
  • Your Chrome browser displays unwanted ads or redirects you to suspicious websites
  • You receive security alerts or password reset requests from your online accounts
  • You notice unusual or unauthorized transactions on your bank accounts or cryptocurrency wallets

If you notice any of these symptoms, it is possible that you are infected by CryptBot. In this case, it is recommended to scan your computer with a reliable and up-to-date antivirus, such as Bitdefender or Malwarebytes. If the scan detects the presence of CryptBot or other threats, follow the instructions to remove them.

Tips for Avoiding CryptBot Malware on Chrome

Best Practices for Computer Security

To avoid being infected by CryptBot malware on Chrome, it is recommended to follow these tips. For this, you need to adopt some good practices of computer security:

  • Only download software from official and verified sources
  • Update your applications and operating system regularly
  • Do not open attachments or links in emails you receive, especially if they come from unknown or unsolicited senders
  • Use a firewall and security software, such as an antivirus or anti-malware. Update them regularly and run full scans of your system
  • Follow email best practices, such as not responding to messages that ask for personal or financial information, or that offer deals that are too good to be true
  • Deploy email security gateways, which filter incoming messages and block those that contain spam, phishing or malware
  • Avoid links and ads that appear on websites you visit, especially if they promise gifts, discounts or free downloads
  • Implement access control, which limits access to sensitive resources and data of your company to authorized people only
  • To enhance the security of your online accounts, enable two-factor or multi-factor authentication which adds an extra layer of protection by requiring a second factor of verification such as a code sent by SMS or a fingerprint..
  • Use the principle of least privilege, which limits the rights and permissions of users to what is strictly necessary to accomplish their tasks
  • Use strong and unique passwords: Use strong and unique passwords for each account, and avoid using the same password for multiple accounts.

Enhancing Protection Against CryptBot Malware on Chrome with EviVault’s End-to-End NFC Cold Wallet Technology

Adopting the best practices for computer security, such as downloading software only from official sources, updating applications, avoiding suspicious links and emails, and using a firewall and anti-malware, can help you avoid CryptBot malware and protect your sensitive data and cryptocurrency. In addition to these tips, you can further enhance your protection by using Freemindtronic’s EviVault technology, which provides end-to-end NFC Cold Wallet protection for your crypto assets. This patented solution adds an extra layer of security against threats like CryptBot malware on Chrome.

Google’s Legal Action Against CryptBot Malware and Its Importance in Protecting Chrome Users

Google has successfully obtained a court order to remove current and future domains linked to the distribution of CryptBot, a malware that poses a threat to Chrome users. Google believes that legal action against such security threats, which abuse legitimate software like Chrome, can be effective. The company used a similar strategy against the alleged operators of the Russian botnet Glupteba in 2021, which resulted in a 78% reduction in Glupteba infections.

However, this court order does not mean that the danger of CryptBot is completely eliminated. The malware is constantly evolving and can still infect systems if users are not careful. It is strongly recommended to follow the advice here, including updating applications and operating systems, downloading software from reliable sources, and regularly checking for the presence of CryptBot.

Click here for download US Court Decision in Google LLC vs CryptBot Case

If you want to review the court decision issued by Judge Valerie Figueredo of the Southern District Court of New York in response to Google LLC’s (“Google”) lawsuit against CryptBot infrastructure and distribution networks, which aimed to reduce the number of victims whose sensitive information, such as usernames, passwords, and cryptocurrencies, the malicious software steals, click on the following link to download the document.

Through this legal action, Google sought to reduce the number of victims who fall prey to CryptBot’s theft of sensitive information. This court decision is a crucial step in the fight against sophisticated and difficult-to-detect malware attacks such as CryptBot.

In the next section, we will delve deeper into CryptBot and its inner workings

Malware Targeting Chrome Users: Understanding the Inner Workings of CryptBot

CryptBot is a type of malware that targets Chrome users by stealing their personal data, including cryptocurrency. But how does this malware infiltrate Chrome and avoid detection by antivirus software, and how does it communicate with its command server? Below is a brief technical explanation of CryptBot for those interested in the details:

  • CryptBot is primarily spread through phishing campaigns that offer a fake Chrome update or other legitimate software that contains a hidden virus. Once installed, the virus creates four files in the %TEMP% folder and activates a disguised BAT file that injects CryptBot into Chrome’s legitimate process. This allows the malware to access and encrypt the user’s data using the AES algorithm before sending it to its command server via an HTTP POST request.
  • In addition to stealing data, CryptBot can receive instructions from the command server via a JSON and AES-based communication protocol. These instructions can include downloading additional malware, updating the configuration settings, or deleting itself as needed.
  • Although CryptBot is a dangerous form of malware, understanding how it works can help users protect themselves from future attacks.

In conclusion, the threat CryptBot poses to the security of your data and cryptocurrencies on Chrome is real, but there are steps you can take to protect yourself. By following the advice we have shared and using Freemindtronic’s EviVault technology embedded in cold wallets such as Keepser, you can strengthen the security of your computer and protect your cryptographic assets from hackers. Don’t forget to share this article with your friends and sign up for our newsletter to receive the latest news on computer security and cryptocurrencies.

The first wood transistor for green electronics


Wood transistor by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

The first wood transistor for green electronics

Wood is a natural and renewable material that can be used for many purposes, from construction to furniture. But did you know that wood can also be used to make electronic devices? In this article, we will introduce you to the first wood transistor ever created, and explain how it works and why it is a promising innovation for green electronics.

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

2024 Cyberculture

Cybercrime Treaty 2024: UN’s Historic Agreement

2024 Cyberculture

Encryption Dual-Use Regulation under EU Law

2024 Cyberculture DataShielder

Google Workspace Data Security: Legal Insights

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

What is a wood transistor?

A transistor is a device that can amplify or switch electrical signals. Transistors are the building blocks of modern electronics, such as computers, smartphones, and sensors. They are usually made of silicon, a semiconductor material that can conduct electricity under certain conditions.

However, a wood transistor is a type of transistor that uses wood as the base material instead of silicon. Wood is also a semiconductor, but with different properties than silicon. To make wood transistors, researchers coat thin slices of wood with carbon nanotubes. These are tiny tubes of carbon atoms that have excellent electrical and mechanical properties.

The carbon nanotubes act as electrodes, which are the parts of the transistor that connect to the external circuit. The wood acts as the channel, which is the part of the transistor that controls the flow of current between the electrodes.

How does a wood transistor work?

A wood transistor works by applying a voltage to one of the electrodes, called the gate. This voltage creates an electric field that affects the conductivity of the wood channel. By changing the gate voltage, the current flowing between the other two electrodes, called the source and the drain, can be modulated.

The wood transistor can operate in two modes: depletion mode and enhancement mode. In depletion mode, the wood channel is normally conductive, and the gate voltage can reduce or stop the current flow. In enhancement mode, the wood channel is normally non-conductive, and the gate voltage can increase or start the current flow.

The researchers who developed the wood transistor made an interesting discovery. They found that it can switch between depletion mode and enhancement mode by changing the polarity of the gate voltage. This means that the wood transistor can perform both n-type and p-type functions, which are essential for creating complex electronic circuits.

Why is a wood transistor important?

A wood transistor is important because it offers several advantages over conventional silicon transistors. Some of these advantages are:

  • Wood is abundant, cheap, biodegradable, and renewable, which makes it an environmentally friendly alternative to silicon. Silicon is scarce, expensive, non-biodegradable, and requires high-energy processing.
  • Wood transistors have a low operating voltage, which means they consume less power and generate less heat than silicon transistors. This can improve the energy efficiency and performance of electronic devices.
  • Wood transistors have a high sensitivity to humidity and temperature changes, which makes them suitable for applications such as environmental sensors and smart textiles.
  • Moreover, wood transistors have a flexible and transparent structure, which makes them compatible with flexible and wearable electronics.

What are the challenges and opportunities for wood transistors?

Researchers are still developing wood transistors, and they face some challenges and opportunities for further improvement. Some of these are:

  • The stability and reliability of wood transistors need to be enhanced by optimizing the fabrication process and protecting them from moisture and oxidation.
  • The scalability and integration of wood transistors need to be improved by developing methods to produce large-area and high-density arrays of wood transistors on various substrates.
  • The functionality and diversity of wood transistors need to be expanded by exploring different types of wood materials and carbon nanotube coatings with different properties.
  • The applications and markets for wood transistors need to be explored by collaborating with industry partners and end-users who can benefit from this novel technology.

Conclusion

Wood transistors are a breakthrough innovation that can revolutionize green electronics. They combine the natural advantages of wood with the exceptional properties of carbon nanotubes to create low-power, high-performance, flexible, transparent, and biodegradable electronic devices.

Source

Li, T., Zhu, H., Wang, X. et al. Wood-based fully biodegradable and flexible electronic devices. Nat Electron 4, 33–40 (2021). https://doi.org/10.1038/s41928-020-00518-9

[1] A transistor made of wood: Electrical current modulation in wood electrochemical transistor – https://www.pnas.org/content/118/17/e2026873118

Kevin Mitnick’s Password Hacking with Hashtopolis

Kevin Mitnick and his Hashtopolis: The Ultimate Password Cracking Tool


password hacking with Hashtopolis by Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Related topic : ******

How Kevin Mitnick hacked passwords with Hashtopolis

Learn about password hacking using Hashtopolis, a powerful tool that can crack any hash in minutes using multiple machines equipped with GPUs. Famous hacker Kevin Mitnick used it to demonstrate the tool’s capabilities. Discover the advantages and disadvantages of using such a tool, as well as ethical and legal implications of password hacking. Get tips on how to protect your online accounts with strong passwords. Keep reading to find out more!

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Articles Cyberculture legal Legal information News

End-to-End Messaging Encryption Regulation – A European Issue

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

Password hacking tool: how it works and how to protect yourself

Password hacking is a practice that consists of finding the secret code that protects access to an account or a file. There are specialized tools to perform this operation, such as the one used by Mitnick Security Consulting. In this article, we will present the features of this tool, its advantages and disadvantages, as well as the ways to protect yourself from password hacking.

Introduction

Password hacking is a practice that consists of finding the secret code that protects access to an account or a file. It can be done for various purposes, such as testing the security of a system, recovering a forgotten password, or stealing personal or professional data.

There are specialized tools to perform password hacking, such as the one used by Mitnick Security Consulting. This company is led by Kevin Mitnick, a famous hacker who was arrested in 1995 for hacking dozens of computer systems, including those of the Pentagon, NASA and FBI. Today he has become a security expert and consultant who helps companies protect themselves from cyberattacks.

The main purpose of this article is to present the features, advantages and disadvantages of the password hacking tool used by Mitnick Security Consulting, as well as the ways to protect yourself from password hacking. We will first explain how the tool uses a large number of GPUs to speed up the hacking process. Then we will discuss the benefits and drawbacks of using such a tool in terms of energy consumption and privacy concerns. Next we will address the ethical and legal implications of password hacking. After that we will summarize some user reactions to password hacking. Finally we will provide some tips on how to protect your online accounts with strong passwords.

Features of the password hacking tool

The password hacking tool used by Mitnick Security Consulting uses a large number of GPUs to speed up the hacking process. According to the information shared by Mitnick, the tool uses 24 GPU 4090s and 6 GPU 2080s, all clustered and running with Hashtopolis. This allows the tool to hack passwords at an impressive speed, reaching 6.2 trillion per second for NTLM (New Technology LAN Manager).

Hashtopolis is an open source software that allows to distribute the password hacking work across multiple machines equipped with GPUs. It uses a web interface to manage the agents, tasks and passwords found. It supports several types of hashes, such as NTLM, MD5, SHA1, SHA256, SHA512, WPA/WPA2 and even BitLocker.

A hash is a mathematical function that transforms a password into a random string of characters. For example, the password “password” hashed with MD5 would be “5f4dcc3b5aa765d61d8327deb882cf99”. Hashing is used to store passwords securely without revealing them in plain text.

To crack a password, one has to find the original password that corresponds to a given hash. This can be done by using different methods, such as bruteforce, dictionary or mask.

Bruteforce is a method that tries all possible combinations of characters until finding the right one. For example, if the password is four digits long, it would try 0000, 0001, 0002… until 9999.

Dictionary is a method that tries words from a predefined list or a common language dictionary. For example, if the password is a word in English, it would try apple, banana, carrot… until finding the right one.

Mask is a method that tries combinations based on a known pattern or structure. For example, if the password is composed of two words separated by an underscore (_), it would try word_word, name_name… until finding the right one.

Advantages and disadvantages of the password hacking tool

The use of such a tool has advantages and disadvantages. On one hand, it allows the company to quickly test the security of the passwords used by its clients and detect vulnerabilities. This can help prevent unauthorized access and data breaches. It can also help users improve their password habits and choose stronger passwords.

On the other hand, it consumes a considerable amount of energy and generates heat. This can have a negative impact on the environment and increase the carbon footprint of the company. It can also raise privacy concerns, as the tool can be used for malicious purposes, such as hacking online accounts or sensitive data. This can result in identity theft, industrial espionage or sabotage.

It is important to note that even with such a powerful tool, there are limits to what can be achieved in terms of password hacking. Long and complex passwords, stored using secure hashing algorithms such as bcrypt or PBKDF2, can be very difficult to hack even with powerful tools. These algorithms use a large number of iterations to significantly slow down the hashing process, making brute force hacking much more difficult.

In addition to the number of iterations, these algorithms have other features that make them more resistant to GPU or specialized hardware attacks. Bcrypt uses an encryption function based on Blowfish, which is designed to be costly in memory and random access. This makes it difficult to parallelize bcrypt on multiple GPUs. PBKDF2 uses an internal hash function, such as SHA-256 or SHA-512, which can be optimized for GPUs, but which also requires a lot of calculations. This makes the cost of the attack proportional to the number of iterations. According to a 2015 study, it would take about 4 days to crack an 8-character alphanumeric password with bcrypt and 10 iterations, compared to about 5 hours with PBKDF2 and 10,000 iterations.

Ethical and legal implications of password hacking

The use of such a powerful password hacking tool raises ethical and legal questions. On one hand, it can serve to strengthen the security of computer systems by demonstrating their vulnerability and encouraging users to choose stronger passwords. This can be seen as a form of ethical hacking or penetration testing, which aims to improve the security of a system by finding and reporting its weaknesses.

On the other hand, it can be used for malicious purposes, such as hacking online accounts or sensitive data. This can be seen as a form of illegal hacking or cybercrime, which aims to harm or exploit a system by exploiting its weaknesses.

Therefore, some ethical and legal rules must be respected when using a password hacking tool. For example:

  • The tool should only be used with the consent and authorization of the owner or administrator of the system.
  • The tool should only be used for legitimate purposes, such as testing the security of passwords or recovering a forgotten password.
  • The tool should not be used to access or disclose confidential or personal information without permission.
  • The tool should not be used to cause damage or disruption to the system or its users.

To give you an idea of how long it would take to crack a password using high-performance GPUs, a machine equipped with eight RTX 4090 GPUs, the most powerful on the market today and very popular among gamers and creators, could go through all possible combinations of an 8-character password in just 48 minutes using brute force methods. For comparison, it would take about 3 hours and 20 minutes with eight RTX 3090 Ti GPUs.

User reactions to password hacking

Kevin Mitnick’s post sparked many positive comments from computer security experts, who praised the power and speed of his password hacking tool. Some even asked for technical details on how Hashtopolis works and what types of hashes it can crack.

For example, one comment said: “This is amazing! I would love to see how Hashtopolis works and what kind of hashes it can crack. Can you share some screenshots or videos of the tool in action?”

Another comment said: “Wow, this is impressive! I wonder how long it would take to crack a password with bcrypt or PBKDF2 using this tool. Do you have any benchmarks or comparisons?”

However, some negative comments from Internet users also expressed concerns about the environmental impact and privacy issues of password hacking.

For example, one comment said: “This is terrible! Do you realize how much electricity and heat this tool consumes? You are contributing to global warming and climate change with your irresponsible hacking. You should plant some trees or use renewable energy to offset your carbon footprint.”

Another comment said: “This is scary! How can we trust you with our passwords and data? You could hack into our accounts or steal our information without our consent. You are violating our privacy and security with your unethical hacking. You should respect the law and the rights of others.”

In conclusion

The new password hacking tool used by Mitnick Security Consulting is impressive in terms of power and speed. It can crack passwords at an astonishing rate, reaching 6.2 trillion per second for NTML. It uses Hashtopolis, an open source software that allows to distribute the password hacking work across multiple machines equipped with GPUs. It supports several types of hashes and methods to crack them.

However, the use of such a tool also raises concerns about energy and privacy. It consumes a considerable amount of electricity and generates heat, which can have a negative impact on the environment. It can also be used for malicious purposes, such as hacking online accounts or sensitive data, which can result in identity theft, industrial espionage or sabotage.

As Internet users, it is important to be aware of the risks associated with weak passwords and use secure methods to protect our online accounts. Some tips to do so are:

  • Use long and complex passwords that contain letters, numbers and symbols.
  • Use a password manager to store and generate secure passwords.
  • Use a random password generator or a secret phrase that is easy to remember but hard to guess.
  • Use multi-factor authentication that requires a code sent by SMS or email to access an account.

Password hacking is a practice that can have positive or negative consequences depending on how it is used. It is therefore necessary to be vigilant and adopt good practices to protect ourselves from hackers like Kevin Mitnick.

I hope this article has helped you understand how password hacking works and how to protect yourself from it. If you want to learn more about password hacking, you can check out these sources:

  • Cracking Passwords at 7.25 TRILLION Hashes per second?
  • How Secure Is My Password?
  • How To Create A Strong Password

Sources :

(1) hash – What is the specific reason to prefer bcrypt or PBKDF2 over …. https://security.stackexchange.com/questions/133239/what-is-the-specific-reason-to-prefer-bcrypt-or-pbkdf2-over-sha256-crypt-in-pass.

(2) Password Storage – OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html.

(3) Do any security experts recommend bcrypt for password storage?. https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage.

(4) Password Hashing: PBKDF2 (using sha512 x 1000) vs Bcrypt. https://stackoverflow.com/questions/4433216/password-hashing-pbkdf2-using-sha512-x-1000-vs-bcrypt.

KingsPawn A Spyware Targeting Civil Society

KingsPawn A Spyware

 

KingsPawn from QuaDream Spyware Threat

KingsPawn, a spyware developed and sold by QuaDream based on digital offensive technology to governments. Its spyware, named Reign, uses zero-click exploits to infiltrate the mobile devices of civil society victims. In this article you will learn how QuaDream works, who its Cyber victims and customers have been, and how to protect yourself from this type of dangerous spyware

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

To learn more about the potential dangers of KingsPawn spyware, read “QuaDream: Spyware That Targets Civil Society.” Stay informed by browsing our constantly updated topics

How to Secure Your Data from QuaDream’s KingsPawn Spyware,” written by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides priceless knowledge on the topic of data encryption and decryption. Are you prepared to enhance your comprehension of data protection?

QuaDream: KingsPawn spyware vendor shutting down in may 2023

QuaDream was a company that sold digital offensive technologies to governments. Its main product, Reign, was a spyware that used zero-click exploits to hack mobile devices. A few months after Pegasus, a similar spyware by NSO Group, Microsoft and Citizen Lab found QuaDream’s Reign / KingsPawn spyware and its victims worldwide.

However, in May 2023, QuaDream stopped its activitiesMay 2023, QuaDream stopped its activities, due to the Israeli government’s restrictions on its spyware export. QuaDream had developed other espionage technologies, such as ENDOFDAYS, that it sold to foreign governments, like Morocco, Saudi Arabia, Mexico, Ghana, Indonesia and Singapor.

QuaDream tried to sell its assets to other players, but the Israeli government blocked them It is unknown if the spyware KingsPawn is still active and used, or who controls it. Therefore, it is advised to be vigilant and protect your data with reliable security solutions.

How QuaDream’s Exploits KingsPawn her Spyware Work

According to Microsoft, QuaDream has an arsenal of exploits and malware that it calls KingsPawn. It includes a suspected exploit for iOS 14, named ENDOFDAYS, that seems to use invisible iCloud calendar invitations sent by the spyware operator to the victims. This exploit was deployed as a zero-day against iOS 14.4 and 14.4.2 versions, and maybe others.

The KingsPawn spyware is designed to exfiltrate data from the infected devices, such as contacts, messages, photos, videos, audio recordings, location data, browser information and app data. The malware communicates with command and control (C2) servers via encrypted protocols and uses evasion techniques to avoid detection.

How the KingsPawn spyware infects phones

The main infection vector of KingsPawn is the ENDOFDAYS exploit, which does not require any user interaction to execute. The spyware operator sends an invisible iCloud calendar invitation to the target’s phone number or email address. The invitation contains a malicious link that triggers the exploit when the phone processes the notification. The exploit then downloads and installs the KingsPawn malware on the device, without the user’s knowledge or consent.

The spyware operator can also use other methods to deliver the malicious link, such as phishing emails, SMS, social media messages, or fake websites. However, these methods require the user to click on the link, which reduces the chances of success.

KingsPawn Datasheet

The following table summarizes the main features and characteristics of the KingsPawn malware:

Feature Description
Name KingsPawn
Developer QuaDream
Platform iOS
Version 1.0
Size 2.5 MB
Permissions Full access to device data and functions
Capabilities Data exfiltration, audio recording, camera capture, location tracking, file search, keychain access, iCloud password generation, self-deletion
Communication Encrypted TCP and UDP protocols
C2 servers Multiple domains and IP addresses, some located in Israel, Bulgaria, Czech Republic, Hungary, Ghana, Mexico, Romania, Singapore, UAE, and Uzbekistan
Victims At least five civil society actors, including journalists, political opponents, and an NGO worker, in North America, Central Asia, Southeast Asia, Europe, and the Middle East
Customers Several governments, some with poor human rights records, such as Singapore, Saudi Arabia, Mexico, Ghana, Indonesia, and Morocco

How to Detect KingsPawn

KingsPawn is a stealthy and sophisticated malware that can evade most antivirus and security software. However, there are some signs and symptoms that can indicate a possible infection, such as:

  • Unusual battery drain or overheating of the device
  • Increased data usage or network activity
  • Unexpected pop-ups or notifications
  • Changes in device settings or behavior
  • Presence of unknown apps or files

If you notice any of these signs, you should scan your device with a reliable antivirus or security app, such as Malwarebytes or Norton. These apps can detect and remove KingsPawn and other malicious software from your device.

How to Protect Against KingsPawn

If you suspect that your device is infected by KingsPawn, you should take the following steps to remove it and protect your data:

  • Disconnect your device from the internet and any other networks
  • Backup your important data to a secure external storage
  • Perform a factory reset of your device to erase all data and settings
  • Restore your device from a clean backup or set it up as a new device
  • Update your device to the latest version of iOS and install security patches
  • Change your passwords and enable two-factor authentication for your online accounts
  • Avoid clicking on suspicious links or opening attachments from unknown sources
  • Use a reputable antivirus or security app to scan your device regularly

These steps will help you to get rid of KingsPawn and prevent it from infecting your device again. However, you should also be aware of the risks of using unsecured email services, such as iCloud web mail, which can be compromised by hackers or spyware. To protect your emails and other sensitive data, you should use a technology that encrypts your data with a hardware security module (HSM), such as EviCypher NFC HSM or DataShielder HSM PGP.

Who Are the Victims and Customers of QuaDream?

Citizen Lab, a research lab at the University of Toronto, identified at least five civil society victims of the spyware and exploits of QuaDream in North America, Central Asia, Southeast Asia, Europe and the Middle East. The victims include journalists, political opponents and a worker of a non-governmental organization (NGO). Citizen Lab did not reveal the names of the victims for security reasons, but one of them agreed to share his testimony anonymously:

I was shocked when I learned that my phone was infected by QuaDream. I had no idea tat they were targeting me. I work for a human rights NGO and I have been involved in several campaigns to denounce the abuses of authoritarian regimes. I fear that they have accessed my personal and professional data, and that they have compromised my contacts and sources.

Citizen Lab also detected QuaDream servers operated from Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE) and Uzbekistan. These countries could be potential or current customers of QuaDream, which sells its Reign platform to governments for law enforcement purposes. Media reports indicate that QuaDream sold its products to Singapore, Saudi Arabia, Mexico and Ghana, and offered its services to Indonesia and Morocco.

What Is the Link Between QuaDream and InReach?

QuaDream had a partnership with a Cypriot company called InReach, with which it is currently in legal dispute. The two companies accused each other of fraud, theft of intellectual property and breach of contract. Several key people associated with both companies have previous links with another surveillance provider, Verint, as well as with Israeli intelligence agencies.

Microsoft and Citizen Lab shared information about QuaDream with their customers, industry partners and the public, to improve the collective knowledge of how PSOAs (private sector offensive actors) operate and how they facilitate the targeting and exploitation of civil society. Microsoft calls for stricter regulation of PSOAs and increased protection of human rights in cyberspace.

Conclusion

QuaDream is a new spyware vendor that poses a serious threat to civil society. Its spyware, named Reign, uses zero-click exploits to infiltrate the mobile devices of civil society victims. QuaDream has sold its products to several governments, some of which have a poor record of human rights. QuaDream is also involved in a legal dispute with another company, InReach, over the ownership of the spyware technology. The international community should be aware of the dangers of QuaDream and other PSOAs, and take action to prevent their abuse.

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.